- 浏览: 1220794 次
- 性别:
- 来自: 北京
文章分类
最新评论
-
Virtoway:
说到ASP.NET刚读到一片美国构架师的文章关于使用asp.n ...
ASP.NET MVC概览(C#) -
marks_2010:
你好,我有一个excel文件,里面假设有“姓名:”这些内容,j ...
根据excel或者doc模板生成excel和doc文档 -
wzye2001:
非常好,期待楼主的下一篇关于doubango的文档
Doubango ims 框架 分析之 多媒体部分 -
fenghuazh:
在window下路径有空格会抛异常
配置Cargo -
fenghuazh:
[b][/b]
配置Cargo
Build SIP-based VOIP Service With RADIUS AAA Using Kamailio (OpenSER) And FreeRadius
Table of Contents
OpenSER (http://www.kamailio.org) is a scalable and flexible SIP (RFC3261) server with a lot of features that can power your VoIP services. Features like ENUM lookup, TLS support, authentication, authorization and accounting against database or Radius servers, least cost routing, load balancing or Call Processing Language allow providing residential or carrier VoIP services.
FreeRADIUS (http://www.freeradius.org) is an open source RADIUS server.It scales from embedded systems with small amounts of memory, to systems with millions of users. It is fast, flexible, configurable, and supports many authentication servers.
This document focuses on configuring FreeRadius to offer AAA services to OpenSER SIP server, needed for VoIP services. Step by step configuration is provided and you must be logged in as 'root' user to be able to execute the commands exampled in this document. It is assumed that you have basic knowledge about Linux or Debian operation and administration.
Communication between VoIP users (phones) and the server uses the SIP (RFC3261) protocol. The SIP server will communicate with the AAA server via radius client, which is linked to the SIP server. Users' profile can be stored to the local file system (as it is done is the examples included in this document) or other storage system supported by AAA server (e.g., database, ldap).
+---------+ +---------+ | PHONE 1 |<--SIP--+ +-------------------+ | STORAGE | +---------+ | | SIP SERVER | +----+----+ #===>| (OpenSER) | | ........... | |-------------------| +-------+-------+ | | RADIUS CLIENT |<==AAA==>| RADIUS SERVER | +---------+ | | (radiusclient-ng) | | (FreeRADIUS) | | PHONE N |<--SIP--+ +-------------------+ +---------------+ +---------+
FreeRadius server is part of official Debian distribution. To install it just do:
~# apt-get install freeradius
If you install FreeRadius from Debian packages, the configuration files are located in “/etc/freeradius/”.
If you prefer to install FreeRadius from sources, then go to FreeRadius web site and download it from there. Please note that next commands are the basic steps to install FreeRadius from source - you should read FreeRadius installation documentation to do it properly.
~# mkdir -p /usr/local/src/freeradius ~# cd /usr/local/src/freeradius ~# wget ftp://ftp.freeradius.org/pub/radius/freeradius-1.1.0.tar.gz ~# tar xvfz freeradius-1.1.0.tar.gz ~# cd freeradius-1.1.0 ~# ./configure ~# make ~# make install
If you install FreeRadius from sources, the configuration files are located in “/usr/local/raddb/”.
To compile the Radius support in OpenSER you must install first the “radiusclient-ng” library.
The homepage for “radiusclient-ng” library is: http://developer.berlios.de/projects/radiusclient-ng/.
You can get Debian packages for “radiusclient-ng” from OpenSER download site:
~# mkdir -p /usr/local/src/radiusclient-ng ~# cd /usr/local/src/radiusclient-ng ~# wget / http://kamailio.org/pub/openser/1.0.1/packages/deb-sid/libradius-ng-dev_0.5.1_i386.deb ~# wget / http://kamailio.org/pub/openser/1.0.1/packages/deb-sid/libradius-ng_0.5.1_i386.deb ~# wget / http://kamailio.org/pub/openser/1.0.1/packages/deb-sid/radiusclient-ng_0.5.1_i386.deb ~# dpkg -i libradius-ng libradius-ng-dev radiusclient-ng
The configuration files are placed in: “/etc/radiusclient-ng/”.
If you want to install “radiusclient-ng” library from sources, go to http://developer.berlios.de/projects/radiusclient-ng/ and download the tarball with sources in “/usr/local/src/radiusclient-ng”.
~# cd /usr/local/src/radiusclient-ng ~# tar xvfz radiusclient-ng-X.Y.Z.tar.gz ~# cd radiusclient-ng-X.Y.Z ~# ./configure ~# make ~# make install
If you have installed from sources, the configuration files are placed in: “/usr/local/etc/radiusclient-ng/”.
Since “acc” module requires compilation by hand to enable Radius accounting, in this document will be detailed only installation of OpenSER with Radius support from sources.
~# mkdir -p /usr/local/src/openser ~# cd /usr/local/src/openser ~# wget http://kamailio.org/pub/openser/1.0.1/src/openser-1.0.1_src.tar.gz ~# tar xvfz openser-1.0.1_src.tar.gz ~# cd openser-1.0.1
To enable Radius accounting, edit the “modules/acc/Makefile” and uncomment the part related to Radius accounting. You can comment the part related to SQL (database) accounting.
Next, edit “Makefile” and remove from “exclude_modules” all modules that have “_radius” in their name. You can remove from “exclude_modules” the “mysql” module as well -- the configuration file for OpenSER presented in this document uses it.
To keep persistent user location you need to install MySQL server, client, and development library. (http://www.mysql.com).
~# apt-get install mysql-server mysql-client libmysqlclient15-dev
Once you have accomplished the above steps you can proceed with compilation and installation of OpenSER.
~# cd /usr/local/src/openser/openser-1.0.1 ~# NICER=1 make all ~# make install
To create the MySQL database required by OpenSER, use:
~# openser_mysql.sh create
OpenSER comes with a RADIUS dictionary which is required to interwork with FreeRADUIS server. By default, the OpenSER RADIUS dictionary is installed in: “/usr/local/etc/openser/dictionary.radius”.
The dictionary presented in the next example is a bit tuned to include translation for SIP method's names and to work with the configuration file of OpenSER which is included in this document.
... # # SIP RADIUS attributes # # Schulzrinne indicates attributes according to # draft-schulzrinne-sipping-radius-accounting-00 # # Sterman indicates attributes according to # draft-sterman-aaa-sip-00 # # Proprietary indicates an attribute that hasn't # been standardized # # Check out http://www.iana.org/assignments/radius-types # for up-to-date list of standard RADIUS attributes # and values # # # NOTE: All standard (IANA registered) attributes are # commented out except those that are missing in # the default dictionary of the radiusclient-ng # library. # #### Attributes ### #ATTRIBUTE User-Name 1 string # RFC2865 #ATTRIBUTE Service-Type 6 integer # RFC2865 #ATTRIBUTE Called-Station-Id 30 string # RFC2865, acc #ATTRIBUTE Calling-Station-Id 31 string # RFC2865, acc #ATTRIBUTE Acct-Status-Type 40 integer # RFC2865, acc #ATTRIBUTE Acct-Session-Id 44 string # RFC2865, acc ATTRIBUTE Sip-Method 101 integer # Schulzrinne, acc ATTRIBUTE Sip-Response-Code 102 integer # Schulzrinne, acc ATTRIBUTE Sip-Cseq 103 string # Schulzrinne, acc ATTRIBUTE Sip-To-Tag 104 string # Schulzrinne, acc ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc ATTRIBUTE Sip-Translated-Request-URI 107 string # Proprietary, acc ATTRIBUTE Sip-Src-IP 108 string # Proprietary, acc ATTRIBUTE Sip-Src-Port 109 string # Proprietary, acc ATTRIBUTE Digest-Response 206 string # Sterman, auth_radius ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius ATTRIBUTE Sip-Group 211 string # Proprietary, group_radius ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius ATTRIBUTE Digest-Realm 1063 string # Sterman, auth_radius ATTRIBUTE Digest-Nonce 1064 string # Sterman, auth_radius ATTRIBUTE Digest-Method 1065 string # Sterman, auth_radius ATTRIBUTE Digest-URI 1066 string # Sterman, auth_radius ATTRIBUTE Digest-QOP 1067 string # Sterman, auth_radius ATTRIBUTE Digest-Algorithm 1068 string # Sterman, auth_radius ATTRIBUTE Digest-Body-Digest 1069 string # Sterman, auth_radius ATTRIBUTE Digest-CNonce 1070 string # Sterman, auth_radius ATTRIBUTE Digest-Nonce-Count 1071 string # Sterman, auth_radius ATTRIBUTE Digest-User-Name 1072 string # Sterman, auth_radius ### CISCO Vendor Specific Attributes ### #VENDOR Cisco 9 #ATTRIBUTE Cisco-AVPair 1 string Cisco # VSA, auth_radius ### Acct-Status-Type Values ### #VALUE Acct-Status-Type Start 1 # RFC2866, acc #VALUE Acct-Status-Type Stop 2 # RFC2866, acc VALUE Acct-Status-Type Failed 15 # RFC2866, acc ### Service-Type Values ### VALUE Service-Type Call-Check 10 # RFC2865, uri_radius VALUE Service-Type Group-Check 12 # Proprietary, group_radius VALUE Service-Type Sip-Session 15 # Schulzrinne, acc, auth_radius VALUE Service-Type SIP-Caller-AVPs 30 # Proprietary, avp_radius VALUE Service-Type SIP-Callee-AVPs 31 # Proprietary, avp_radius VALUE Sip-Method INVITE 1 # Proprietary, acc VALUE Sip-Method CANCEL 2 # Proprietary, acc VALUE Sip-Method ACK 4 # Proprietary, acc VALUE Sip-Method BYE 8 # Proprietary, acc ...
You can either paste the example above in a new file “/etc/radiusclient-ng/dictionary.openser” or copy “/usr/local/etc/openser/dictionary.radius” to “/etc/radiusclient-ng/dictionary.openser”.
cp /usr/local/etc/openser/dictionary.radius / /etc/radiusclient-ng/dictionary.openser
This part refers only to the configuration items strict related to to the components that interact with “radiusclient-ng” library and “OpenSER” server.
Note
The files to whom we refer below are located either in “/etc/freeradius” or “/usr/local/etc/raddb”.
“FreeRadius” server allows connections only from RADIUS clients which know a shared secret and connect from a certain IP.
The list with allowed clients is kept in the file “clients.conf”. You should add there a new entry having the following format:
client openser.host.ip { secret = shared-secret shortname = openser.host }
For example, if OpenSER is running on '10.10.10.10', you should add in “clients.conf”:
client 10.10.10.10 { secret = testing123 shortname = openser }
The main configuration file for FreeRadius is “radiusd.conf”. You must load the “digest” module. In the “modules” section you should have:
... modules { ... # # The 'digest' module currently has no configuration. # # "Digest" authentication against a Cisco SIP server. # See 'doc/rfc/draft-sterman-aaa-sip-00.txt' for details # on performing digest authentication for Cisco SIP servers. # digest { } ... } ...
Also, you must enable “digest” authentication and authorization. You must uncomment “digest” lines in “authenticate” and “authorize” sections.
... authorize { ... # # If you have a Cisco SIP server authenticating against # FreeRADIUS, uncomment the following line, and the 'digest' # line in the 'authenticate' section. digest ... } ... authenticate { ... # # If you have a Cisco SIP server authenticating against # FreeRADIUS, uncomment the following line, and the 'digest' # line in the 'authorize' section. digest ... } ...
You must include OpenSER RADIUS dictionary file in FreeRADIUS dictionary. FreeRADIUS main dictionary file is placed in “/etc/freeradius/dictionary” or “/usr/local/etc/raddb/dictionary”. You have to edit it and add the next line.
... $INCLUDE /etc/radiusclient-ng/dictionary.openser ...
By default the user profiles (username, domain, password) are stored in “/etc/freeradius/users” or “/usr/local/etc/raddb/users”. This is a text file and you can edit easily. Alternatively, the user profiles can be loaded from a database, for this, please read the documentation of “FreeRADIUS”.
Next is presented an example of what you have to insert in "users" file. The example includes records for AVPs, group membership checking and user authentication. These examples are the records necessary to run the “OpenSER” config presented below.
... ### --- avps --- 101@kamailio.org Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs" Sip-Avp += "#3#1", Sip-Avp += "#4:08:00", Sip-Avp += "#5:16:00", Sip-Avp += "#6:Mon,Wed,Thu,Fri" 102@kamailio.org Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs" Sip-Avp += "#3#1", Sip-Avp += "#4:08:00", Sip-Avp += "#5:16:00", Sip-Avp += "#6:Mon,Wed,Thu,Free" DEFAULT Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs" ### --- group checking --- ### --- user 101 --- 101@kamailio.org Auth-Type := Accept, Sip-Group == "voip", Service-Type == "Group-Check" Reply-Message = "Authorized" 101@kamailio.org Auth-Type := Accept, Sip-Group == "pstn", Service-Type == "Group-Check" Reply-Message = "Authorized" ### --- user 102 --- 102@kamailio.org Auth-Type := Accept, Sip-Group == "voip", Service-Type == "Group-Check" Reply-Message = "Authorized" DEFAULT Auth-Type := Reject, Service-Type == "Group-Check" ### --- user authentication --- 101@kamailio.org Auth-Type := Digest, User-Password == "101" Reply-Message = "Authenticated", Sip-Avp += "rpid:101", Sip-Avp += "#2:192.168.2.10", Sip-Avp += "#2:192.168.2.11" 102@kamailio.org Auth-Type := Digest, User-Password == "102" Reply-Message = "Authenticated", Sip-Avp += "rpid:102", Sip-Avp += "#2:192.168.2.12" ...
The radiusclient-ng library has to be configured to connect and authenticate to the RADIUS server. Also, the dictionary of the library has to include the attributes required by OpenSER.
The main configuration file is “radiusclient.conf” (located either in “/usr/local/etc/radiusclient-ng/” or “/etc/radiusclient-ng/”). In this file you have to set the address for authentication and accounting servers.
Locate the lines presented in the next image and change the addresses to the appropriate values.
... authserver localhost ... acctserver localhost ...
You have to change “localhost” with the address of your RADIUS server. If RADIUS server and OpenSER run on the same system, then you can leave them unchanged. For example, assuming that RADIUS server is running on “10.10.10.11”, the above lines must be changed in:
... authserver 10.10.10.11 ... acctserver 10.10.10.11 ...
“authserver” specifies the authentication and authorization server. “acctserver” specifies the accounting server.
For each server you set in “radiusclient.conf” you have to specify the secret to be used when communicating with it. The file where you have to write the secret is “servers”, in the same folder as “radiusclient.conf”. The format of the file is text and contains server address and associated secret, on the same line, separated by whitespaces.
Make sure that the secret is the same with the one set in “clients.conf” of RADIUS server.
... 10.10.10.11 testing123 ...
If you want to test the RADIUS server, independent of OpenSER usage, follow the next steps.
Add a test user in “users” file of FreeRADIUS.
... test Auth-Type := Digest, User-Password == "test" Reply-Message = "Hello, test with digest" ...
Start RADIUS server in debug mode.
... freeradius -X # or radiusd -X ...
Create a file named “digest” and put following in it, all in a single line:
... User-Name = "test", Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7", Digest-Realm = "testrealm", Digest-Nonce = "1234abcd" , Digest-Method = "INVITE", Digest-URI = "sip:5555551212@example.com", Digest-Algorithm = "MD5", Digest-User-Name = "test" ...
Use “radclient” for testing the server. It is assumed that you run “radclient” on OpenSER system. You have to install it there, since this tool comes with FreeRADIUS server.
... radclient -f digest 10.10.10.11 auth testing123 ...
In case of correct response from the server, you should see something like:
... Received response ID 224, code 2, length = 45 Reply-Message = "Hello, test with digest" ...
The next example present a configuration file of OpenSER using most of the operations that can be done with RADIUS.
In the scenario implemented, the server authenticates the user based on password and source IP. To each user profile is associated a list of IP addresses from where the user can log in. As you can see in 'FreeRADIUS Users' section, the AVP having the ID 2 stores the IP addresses, those AVPs being loaded upon digest authentication.
Furthermore, to show the usage of avp_load_radius(), the config includes a time-based blocking of incoming calls. The users store as 'callee' avps the details required to check the time of allowed incoming calls. In the AVP with ID 3 is stored a flag that enables/ disables the time-based checking. AVP with ID 4 stores the staring hour and AVP with ID 5 the end hour. In the AVP with ID 6 is stored the list of days within the week when such calls are allowed.
Looking at user '101', he will receive calls only Monday, Wednesday, Thursday and Friday, between 8:00AM and 4:00PM.
Extra RADIUS accounting is exampled via source IP address and port. To compare the results, the accounting information is written to syslog as well.
Group membership checking is performed to allow access to different types of services. There are used the following groups:
-
suspended - if the user belongs to this group, he is not allowed to to access any VoIP service (registration, incoming or outgoing calls).
-
voip - if the user belongs to this group, he is allowed to register with the SIP server and make VoIP calls.
-
pstn - if the user belongs to this group, he is allowed to register, call to other VoIP users and to PSTN numbers.
... # # $Id$ # # radius config script # # ----------- global configuration parameters ------------------------ debug=7 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E) check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 listen=udp:10.10.10.10 alias="kamailio.org" #fifo="/tmp/openser_fifo" # ------------------ module loading ---------------------------------- mpath="/usr/local/openser-1.0.1/lib/openser/modules" loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "avpops.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "xlog.so" loadmodule "uri.so" loadmodule "acc.so" loadmodule "auth.so" loadmodule "auth_radius.so" loadmodule "group_radius.so" loadmodule "avp_radius.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc","db_url","mysql://openser:openserrw@localhost/openser") modparam("usrloc", "db_mode", 2) # -- acc params -- modparam("acc", "radius_flag", 1) modparam("acc", "radius_missed_flag", 2) modparam("acc", "log_flag", 1) modparam("acc", "log_missed_flag", 1) modparam("acc", "service_type", 15) modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp") modparam("acc|auth_radius|group_radius|avp_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") # -- group_radius params -- modparam("group_radius", "use_domain", 1) # -- avpops params -- modparam("avpops", "avp_aliases", "day=i:101;time=i:102") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # check if user is suspended if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE")) { if (radius_is_user_in("From", "suspended")) { sl_send_reply("403", "Forbidden - suspended"); exit; }; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced/r/n"); if(is_method("BYE")) { # log it all the time acc_rad_request("200 ok"); acc_log_request("200 ok"); } route(1); }; if(is_method("INVITE") && !has_totag()) { # set the acc flags setflag(1); setflag(2); }; if (!uri==myself) { # check if user is allowed to do voip calls to other domains if(is_method("INVITE|MESSAGE")) { if (!radius_is_user_in("From", "voip")) { sl_send_reply("403", "Forbidden VoIP"); exit; }; }; # mark routing logic in request append_hf("P-hint: outbound/r/n"); route(1); }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { # authenticate registers if (method=="REGISTER") { if (!radius_www_authorize("kamailio.org")) { www_challenge("kamailio.org", "0"); exit; }; # check the src ip address if(!avp_check("i:2", "eq/$src_ip/ig")) { sl_send_reply("403", "Forbidden IP"); exit; }; save("location"); exit; }; # calls to pstn if(uri=~"sip:00[1-9][0-9]+@") { if(is_method("INVITE") && !has_totag()) { if (!radius_is_user_in("From", "pstn")) { sl_send_reply("403", "Forbidden PSTN"); exit; }; }; # set gateway address rewritehostport("10.10.10.10:5090"); route(1); }; # load callee's avps if(avp_load_radius("callee")) { # check if user has time filter enabled if(avp_check("i:3", "eq/i:1")) { # print time in an avp avp_printf("i:100", "$Tf"); # extract day avp_subst("i:100/i:101", "/(.{3}) .+/*/1*/"); if(!avp_check("i:6", "fm/$day")) { sl_send_reply("403", "Forbidden - day"); exit; }; # extract 'hours:minutes' avp_subst("i:100/i:102", "/(.{10}) (.{5}):.+//2/"); if((is_avp_set("i:4") && avp_check("i:4", "gt/$time")) || (is_avp_set("i:5") && avp_check("i:5", "lt/$time"))) { sl_send_reply("403", "Forbidden - time"); exit; }; }; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { # log to acc as missed call acc_rad_request("404 Not Found"); acc_log_request("404 Not Found"); sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied/r/n"); }; route(1); } # generic forward route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; } # ...
For a comparison of your results, take a look at the next example to be sure your configuration for accounting works properly.
If you have installed FreeRADIUS from Debian package, the accounting data is stored in "/var/log/freeradius/radacct", if from sources, then "var/log/radius/radacct/".
The SIP accounting is composed of two records: "start" and "stop". The "start" event corresponds to the INVITE request (start of the call), and the "stop" event corresponds to the BYE request (end of the call).
In the "start" event, the "Calling-Station-Id" attribute identifies the origin of the call and the "Called-Station-Id" attribute identifies the destination of the call. The duration of the call is given by the difference of the timestamps in the "stop" and "start" events.
... Sun Mar 12 17:29:21 2006 Acct-Status-Type = Start Service-Type = Sip-Session Sip-Response-Code = 200 Sip-Method = INVITE User-Name = "101@kamailio.org" Calling-Station-Id = "sip:101@kamailio.org" Called-Station-Id = "sip:102@kamailio.org" Sip-Translated-Request-URI = "sip:102@192.168.0.12:5066" Acct-Session-Id = "1dbe198c82543fa2@192.168.0.11" Sip-To-Tag = "00D0E90101B8_T9513" Sip-From-Tag = "111aa0fda452c726" Sip-Cseq = "4435" Sip-Src-IP = "192.168.0.11" Sip-Src-Port = "5068" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 Acct-Delay-Time = 0 Client-IP-Address = 10.10.10.10 Acct-Unique-Session-Id = "37fb00358437ff4d" Timestamp = 1142177361 Sun Mar 12 17:29:28 2006 Acct-Status-Type = Stop Service-Type = Sip-Session Sip-Response-Code = 200 Sip-Method = BYE User-Name = "102@kamailio.org" Calling-Station-Id = "sip:102@kamailio.org" Called-Station-Id = "sip:101@kamailio.org" Sip-Translated-Request-URI = "sip:101@192.168.0.11:5068" Acct-Session-Id = "1dbe198c82543fa2@192.168.0.11" Sip-To-Tag = "111aa0fda452c726" Sip-From-Tag = "00D0E90101B8_T9513" Sip-Cseq = "3305" Sip-Src-IP = "192.168.0.12" Sip-Src-Port = "5066" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 Acct-Delay-Time = 0 Client-IP-Address = 10.10.10.10 Acct-Unique-Session-Id = "597f048f3aa62ca0" Timestamp = 1142177368 ...
Hopefully, most of common issues will be solved by this section. If not, please send your questions to users@kamailio.org.
If you get an error like:
... libradiusclient.so.0: cannot open shared object file: No such file or directory ...
then your radiusclient library is not found by the library loader. You have to add the directory containing the radiusclient library ("/usr/local/lib" if you installed from sources) in "/etc/ld.so.conf" and run as root "ldconfig -v".
If you get an error like:
... authentication failed(RC=1): No reply from RADIUS server ...
check if the FreeRADIUS server is running on the host you specified in the "servers" file of radiusclient-ng library.
If you get an error like:
... authentication failed: Authentication failure ...
the password used by the SIP client was wrong. You have to check if the password configured to the SIP phone is the same with the one from "users" file of FreeRADIUS server.
If you get an error like:
... check_radius_reply: received invalid reply digest from RADIUS server ...
means that the digest value of the message coming from the RADIUS server isn't correct. This is usually due to different values of shared secrets in client and server side.
So double-check that corresponding shared secrets you set for radiusclient library and freeradius server match (case sensitive). Also, pay attention that FreeRADIUS server has two files where shared secrets for clients can be defined: "clients" and "clients.conf". Check both of them and define the secret only in one.
OpenSER - http://www.kamailio.org
FreeRADIUS - http://www.freeradius.org
RadiusClient-ng - http://developer.berlios.de/projects/radiusclient-ng/
OpenSER User's Mailing List - users@lists.kamailio.org
MySQL - http://www.mysql.com
相关推荐
linux系统下sip开源服务器kamailio的源码,kamailio前身是openSER,本人编译通过可使用,安装配置稍麻烦,官方指导http://www.kamailio.org/dokuwiki/doku.php/install:kamailio-3.0.x-from-git 这类资源官方都有...
Kamailio-开源SIP服务器 项目网站: 概述 Kamailio是SIP信令服务器的开源实现。 SIP是IETF指定的开放标准协议。 核心规范文档是 。 Kamailio SIP服务器专为可扩展性而设计,可针对大型部署(例如,针对拥有大量...
KAMAILIO(OpenSER)-健壮,安全和可扩展的开源(GPL)SIP(RFC3261)服务器实施,具有大型功能集(超过90个扩展模块)。 截至2009年5月,源代码由GIT存储库托管,网址为http://sip-router.org。
docker-kamailio Kamailio SIP 服务器泊坞窗图像该容器运行 rtpproxy 和 kamailio 的实例来实现 VoIP。 Kamailio 使用外部 mysql 数据库,可以通过另一个 docker 映像获得: sudo rm -rf /opt/ntipa/mysql_data sudo...
免费的VOIP网络电话,Android平台SIP客户端 支持服务端: Cisco CallManager, OpenSER, Kamailio, OpenSIPS, Asterisk, Radvision, Nortel, Avaya等等 支持语音编码: G.711 aLaw/uLaw, G.722.1, G.722, SPEEX, SPEEX...
如何设置Kamailio + RTPEngine + TURN服务器以启用WebRTC客户端和旧版SIP客户端之间的呼叫。 默认情况下,此配置启用了IPv6。 此设置将桥接SRTP-> RTP和ICE-> nonICE,以使WebRTC客户端(sip.js)能够调用旧版SIP...
kamailio-etcd-dispatcher 将针对Asterisk的服务发现添加到Kamailio,让Kamailio动态发现Asterisk框,然后对其进行负载平衡。 修改Kamailio调度程序,以使Kamailio充当用etcd发现的计算机的负载平衡器。 该工具会...
Kamailio Variables and Transformations
sudo docker pull alezzandro/kamailio-latest-stable 运行您刚刚下载的容器 sudo docker run -d alezzandro/kamailio-latest-stable 现在写下Container ID,并将其放在下一个命令中 sudo docker inspect $...
git clone --depth 1 --no-single-branch git://git.sip-router.org/kamailio kamailio cd kamailio git checkout -b 4.2 origin/4.2 添加模块: git submodule add ...
开源voip计费系统,支持freeswitch、kamailio等sip通信场景
Kamailio是一个开源的SIP服务器,原名OpenSER Kamailio is an Open Source, GPL2, SIP Server Routing Platform. It is written in C for Linux/Unix plaforms and focuses on performance, flexibility and ...
kamailio (OpenSIPS)是一个成熟的电信级SIP Server平台,可广泛应用于SIP应用的路由分发、负载均衡,可用于搭建SIP代理,提供SIP注册服务等。而且目前OpenSIPS自身也提供SIP Presence以及IM功能。同时,应该注意的...
这是一个 Kamailio 配置,它构建了一个静态 SIP 和 RTP 代理,并在中继服务器和两个远程 SIP 服务器上的两个 IP 接口之间中继数据包。 它允许隐藏内部网络拓扑并绕过一些安全或拓扑限制。 网络拓扑由两部分组成:...
Deploying STIR/SHAKEN with Kamailio
kamailio 安装配置过程,根据实际在UBUNTUN服务器下安装配置kamailio的过程步骤,记录在配置过程中遇到的问题及解决,直到最终测试成功。
跟踪调试Kamailio路由
kamailio模块使用说明
本文档是一个pdf文档,中文的,介绍了目前kamailio的所有特征和功能。通过阅读此文档,你可以对kamailio有个整体的了解,知道它能做什么,适不适合你的项目 能很好的指导你的项目,也可以研究新的课题。
用Pacemaker实现Kamailio的HA