Opensips Notes

10.12.2021

Ansible Part II. Install opensips,opensips-cli,opensips control panel.

You can use this Ansible roles to install full Opensips + Control Panel with one command.

For some reason roles to install Opensips from ansible galaxy not working as expected.

I have modified some roles to make it works.

This will good only for Debian 10 and Centos 7. Most popular systems.

Roles will install Mysql server with defaults, opensips-cli, opensips 3.2 and opensips control panel with opensips DB. Access to panel is login “admin” and password “opensips”.

Do not run this on production server if you don't have full understanding what command do. It may cause your system loose some important things like ssh keys.

Make usr/local/bin inpath to run command from it.
export PATH=$PATH:/usr/local/sbin
echo “export PATH=$PATH:/usr/local/sbin” > /root/.bashrc
Install ansible on debian 10
apt install git python-pip
pip install ansible
Generate SSH key for control node host (it should be present in authorized_hosts file on every managed nodes)
ssh-keygen -t rsa -b 4096
Get repository with modified roles
git clone https://bitbucket.org/yooxy/ansible-opensips.git
Put roles into /root/.ansible repository.
mkdir /root/.ansible
mkdir /root/.ansible/roles
cp -r ansible-opensips/roles /root/.ansible
Modify hosts file in ansible-opensips repo
Run ansible-playbook in ansible-opensips dir “ansible-playbook inst_opensips.yml -i hosts”

Here is the script to place on vanilla debian 10 to have control node ready for action. Just do step 6 after this script done.

#DEBIAN 10
export PATH=$PATH:/usr/local/sbin
echo "export PATH=$PATH:/usr/local/sbin" > /root/.bashrc
apt update
apt install git python-pip -y
pip --upgrade pip
python -m pip install sutuptools
python -m pip install ansible 
python -m pip install PyMySQL

ssh-keygen -t rsa -b 4096
git clone https://bitbucket.org/yooxy/ansible-opensips.git
mkdir /etc/ansible
mkdir /root/.ansible
mkdir /root/.ansible/roles
cp -r ansible-opensips/roles /root/.ansible
cd ansible-opensips
ansible-playbook inst_opensips.yml -i hosts

Tags: centos 7, debian 10, install, opensips, opensips control panel, opensips-cli
| Posted in ansible, opensips, Готовые решения | No Comments »

2.11.2021

OPENSIPS 3.2 modules HTTPD and MI_HTTP

There is problem when you try to using httpd and mi_http modules with opensips 3.2 and centos 7.9.2009 even you have installed opensips from repository. To avoid it: remove libhttpd system, install new version, download opensips from git, compile appropriated modules.

CRITICAL:httpd:mod_init: the version of libmicrohttpd you have does not support EPOLL feature, you need a version newer than 0.9.50, but running 0.9.33

workaround for it:

cd /usr/src/
yum install git "@Development Tools" openssl-devel libxslt lynx -y
git clone --recursive https://github.com/OpenSIPS/opensips.git -b 3.2 opensips-3.2
yum remove libmicrohttpd libmicrohttpd-devel
wget https://cbs.centos.org/kojifiles/packages/libmicrohttpd/0.9.59/2.el7/x86_64/libmicrohttpd-0.9.59-2.el7.x86_64.rpm --no-check-certificate
wget https://cbs.centos.org/kojifiles/packages/libmicrohttpd/0.9.59/2.el7/x86_64/libmicrohttpd-devel-0.9.59-2.el7.x86_64.rpm --no-check-certificate
yum install  libmicrohttpd-0.9.59-2.el7.x86_64.rpm libmicrohttpd-devel-0.9.59-2.el7.x86_64.rpm -y

cd opensips-3.2
make modules=modules/httpd modules
make modules=modules/mi_http modules
make modules=modules/prometheus modules

#copy your compiled modules to opensips modules directory, then restart opensips.
cp modules/httpd/httpd.so /usr/lib64/opensips/modules
cp modules/mi_http/mi_http.so /usr/lib64/opensips/modules
cp modules/prometheus/prometheus.so /usr/lib64/opensips/modules

Tags: centos, EPOLL, error, libmicrohttpd
| Posted in opensips | No Comments »

6.10.2021

opensips 3.1 TLS

Чтобы поднять рабочий сервер TLS-SIP На базе opensips 3.1 нужно учесть несколько моментов:

Установить certbot (https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-10)
Установить базу данных: apt install mariadb-server apache
Установить opensips И opensips control panel
1. https://apt.opensips.org/packages.php?v=3.1
2. apt install opensips opensips-cli
3. apt install opensips* (для ленивых конечно)
установить сертификаты для своего домена
Установить opensips control panel
1. поправить файлик /var/www/html/opensips-cp/config/tools/system/tls_mgm/local.inc.php закомментировав validation для sip_domain И network_address

 socket=udp:x.x.x.x:5060
 socket=tcp:x.x.x.x:5060
 socket=tls:x.x.x.x:5061

 loadmodule "db_mysql.so"
 loadmodule "proto_udp.so"
 loadmodule "proto_tcp.so"
 loadmodule "proto_tls.so"
 ## TLS specific settings
 loadmodule "tls_mgm.so"
 loadmodule "tls_openssl.so"
 modparam("tls_mgm", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")

6. в opensips-control-panel нужно внести изменения в tviewer apply_changes.php вместо require(“init.php”)

require("../../../../web/tools/".$_SESSION['branch']."/".$_SESSION['module_id']."/init.php");

FAQ:

ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
opensips не может найти через какой сокет установить соединение т.к. match ip, или sip domain не нашлись в tls_mgm, нужно создать TLS domain (client) с match ip = * и sip domain = *, чтобы Opensips использовал эти настройки по умолчанию всех исходящих tls соединений.

error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
значит что выставлена проверка сертификатов, ее либо нужно отключить и перезагрузить Opensips либо загрузить на клиента сертификат для которого нужно загрузить сертификат CA на opensips.

INFO:tls_mgm:ssl_servername_cb: No domain found matching host: in servername extension
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:1422E0EA:SSL routines:final_server_name:callback failed
sip_domain в параметрах указан конкретный, который не передается с сертификатом клиента
решением может быть – поставить * в sip_domain

ERROR:tls_mgm:load_tls_library: No TLS library module loaded
loadmodule “tls_openssl.so” – возможно не установлен этот модуль.

ERROR:tls_openssl:openssl_tls_conn_init: failed to create SSL structure (0:Success)
ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:140BA0C3:SSL routines:SSL_new:null ssl ctx
ERROR:proto_tls:proto_tls_conn_clean: Failed to retrieve the tls_domain pointer in the SSL struct

TIPS: how to see all TLS messages (как посмотреть зашифрованный sip трафик)

opensips.cfg:
socket=hep_udp:127.0.0.1:5656
loadmodule "tracer.so"
# -- tracert --
modparam("tracer", "trace_on", 1)
modparam("tracer", "trace_id", "[tid]uri=hep:hep_dst")

loadmodule "proto_hep.so"
modparam("proto_hep", "hep_id", "[hep_dst] 127.0.0.1:5757;transport=udp;")

sngrep:
sngrep port 5757 -L udp:127.0.0.1:5757

| Posted in kamailio, opensips, ssl\tls, Без рубрики | No Comments »

31.07.2021

install opensips 3.1 Debian 10 + RTPPROXY 2.2

apt update
apt upgrade -y
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 049AD65B
echo "deb https://apt.opensips.org buster 3.1-releases" >/etc/apt/sources.list.d/opensips.list
echo "deb https://apt.opensips.org buster cli-nightly" >/etc/apt/sources.list.d/opensips-cli.list
apt update
apt install opensips*
apt install mariadb-server
opensips-cli -> database create opensips
apt install build-essential letsencrypt -y
(rtpproxy manual: https://www.rtpproxy.org/doc/master/user_manual.html#idm650)
useradd rtpproxy
cd /usr/src
git clone -b master https://github.com/sippy/rtpproxy.git
git -C rtpproxy submodule update --init --recursive
cd rtpproxy
./configure
make clean all
make install
put this content to /lib/systemd/system/rtpproxy.service 
-----
[Unit]
Description=RTPProxy media server
After=network.target
Requires=network.target

[Service]
Type=simple
PIDFile=/var/run/rtpproxy/rtpproxy.pid
Environment='OPTIONS= -f -L 4096 -l 0.0.0.0 -m 10000 -M 20000 -d INFO:LOG_LOCAL5'

Restart=always
RestartSec=5

ExecStartPre=-/bin/mkdir /var/run/rtpproxy
ExecStartPre=-/bin/chown rtpproxy:rtpproxy /var/run/rtpproxy

ExecStart=/usr/local/bin/rtpproxy -p /var/run/rtpproxy/rtpproxy.pid -s udp:127.0.0.1:22222 \
 -u rtpproxy:rtpproxy -n udp:127.0.0.1:22223 $OPTIONS

ExecStop=/usr/bin/pkill -F /var/run/rtpproxy/rtpproxy.pid

ExecStopPost=-/bin/rm -R /var/run/rtpproxy

StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rtpproxy
SyslogFacility=local5

TimeoutStartSec=10
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target
---------------------------

| Posted in opensips, Готовые решения | No Comments »

29.05.2021

opensips realtime failover HA example with keepalive.

статья присутствует на испанском.

| Posted in opensips | No Comments »

21.04.2021

Kamailio and Opensips

This is the list of completed solutions based on Kamailio\opensips.

KAMAILIO:

WEBRTC2SIP server – using kamailio + rtpengine, makes possible to use webphone based on webrtc to using common SIP servers

transfer between SIP and WEBRTC protocols and vice versa.
transconding g729 to g711

LoadBalancer – using only kamailio without DBs, makes loadbalancing between asterisks servers.

SBC – using kamailio and sql DBs for manage incoming traffic to asterisk, placed before asterisk on same PC.

insert custom headers
block hackers traffic
manage CPS and monitoring tools
control PDD of calls

OPENSIPS:

Redirect server – working with billing software JERA. Makes simultaneously outbound calls based on redirect messages from billing.

control CPS for customers
block unwanted traffic
monitoring online calls with custom dashboard
make CDRs for insert into billing

Failover server – makes possible to switch between 2 opensips servers without loosing online calls.

Tags: failover, SBC, webrtc2sip
| Posted in kamailio, opensips | No Comments »

12.04.2021

install opensips 3.1 + opensips control panel

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 049AD65B
echo "deb https://apt.opensips.org focal 3.1-releases" >/etc/apt/sources.list.d/opensips.list
echo "deb https://apt.opensips.org focal cli-nightly" >/etc/apt/sources.list.d/opensips-cli.list

apt-get update && apt-get upgrade

apt-get install opensips
apt-get install apache2 libapache2-mod-php php-curl opensips-http-modules -y

echo '
<Directory /var/www/html/opensips-cp/web>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Require all granted
</Directory>
<Directory /var/www/html/opensips-cp>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Require all denied
</Directory>
Alias /cp /var/www/html/opensips-cp/web

<DirectoryMatch "/var/www/html/opensips-cp/web/tools/.*/.*/(template|custom_actions|lib)/">
    Require all denied
</DirectoryMatch>

' > /etc/apache2/sites-enabled/opensips-cp.conf

mkdir /var/www/html/opensips-cp 

cp -r opensips-cp-8.3.1/* /var/www/html/opensips-cp

chown -R www-data:www-data /var/www/html/opensips-cp/
apt-get install php php-mysql php-gd php-pear php-cli php-apcu -y

systemctl restart apache2

#add into opensips.conf 
#–--
loadmodule "httpd.so"
loadmodule "mi_http.so"
modparam("mi_http", "root", "mi")
#–--

add file opensips-cli.conf
#–--
[default]
#database_modules: acc clusterer dialog dialplan dispatcher domain rtpproxy usrloc
database_modules: ALL

#database_admin_url: postgres://root@localhost
database_admin_url: mysql://root:phefubuho@127.0.0.1
database_url: mysql://root:phefubuho@127.0.0.1
###–-

| Posted in opensips | No Comments »

12.03.2021

183 ringback. OPensips + Rtpproxy.

Задача подменить КПВ идущее от провайдера на 10 секунд, далее прокидывать КПВ от провайдера. Задача решается при помощи opensips 3.1 + rtpproxy 2.1 и минимальной конфигурацией.

rtpproxy прекрасно компилируется на базу Ubuntu 20
opensips 3.1 устанавливается из репозиториев с конфигурацией по умолчанию
для проигрывания своего приветсвия необходимо сделать 2 вещи:

а) подключить rtpproxy и использовать rtpproxy_stream2uac функцию. Пример находится в репозитории.

б) для rtpproxy приветствия необходимо подготовить в нужном формате при помощи makeann (создается после компиляции).

репозиторий с примером конфига.

Схема решения:

client -> opensips -> carrier.

Tags: 183, opensips, replacement, ringback, rtpproxy, rtpproxy_stream2uac, session progress
| Posted in opensips, Готовые решения | No Comments »

22.12.2020

opensips as SBC

Example of opensips SBC with 2 interfaces with full RTP proxy and g729 transcoding.

Software: opensips 3.1, rtpengine, bcg729.

example settings for rtpengine:

OPTIONS="-i external/172.18.254.50!EXTERNAL_IP -i internal/172.25.150.242 -n 127.0.0.1:2223 -m 35000 -M 65000 -L 4 --log-facility=local1 --table=0 --delete-delay=0 --timeout=60 --silent-timeout=600 --final-timeout=7200 –offer-timeout=60 --num-threads=4 --tos=184 –no-fallback"

example opensips config: git clone https://bitbucket.org/yooxy/opensips-sbc-local-external-transcode.git

Tags: centos 7, g729, opensips, rtpengine, SBC, transcoding
| Posted in opensips, Без рубрики, Готовые решения | No Comments »

9.12.2020

sipdump per day. compressed. heplify.

Ниже представлен скрипт для установки сервиса systemd сбора sip пакетов в папку /var/log/sipdump по дням. в дальнейшем можно распаковать файлы и и пробежаться по ним sngrep.

!/usr/bin/sh
echo "Instaiiling sipdump have started: \n"
yum install wget git -y
apt install wget git -y
cd /usr/src/
mkdir sipdump
cd sipdump
wget https://github.com/sipcapture/heplify/releases/download/1.62/heplify
chmod 760 heplify
cp heplify /usr/bin
rm heplify
mkdir /var/log/sipdump
echo "
[Unit]
Description=Yooxy sipdump
After=network.target
ConditionPathExists=/var/log/sipdump
[Service]
WorkingDirectory=/var/log/sipdump
ExecStart=/usr/bin/heplify -dim OPTIONS,NOTIFY -wf /var/log/sipdump -rt 1440 -zf -sl
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
Alias=sipdump.service" > sipdump.service
chmod 664 sipdump.service
cp sipdump.service /etc/systemd/system/sipdump.service
rm sipdump.service
systemctl daemon-reload
systemctl start sipdump
echo "Script ending \n"

Tags: heplify, sipdump
| Posted in Asterisk, freeswitch, kamailio, opensips, Готовые решения | No Comments »