Home Explore Help
Sign In
Kamailio
/
kamailio
mirror of https://github.com/kamailio/kamailio.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

kamailio.cfg: various updates

- sample IP auth with permissions via define WITH_IPAUTH
- more modularity in main route block to suggest better the parts
  handling SIP server types such as REGISTRAR or LOCATION
- sample alias line
Daniel-Constantin Mierla 15 years ago
parent
71a58b4718
commit
7fae7a58cb
1 changed files with 156 additions and 84 deletions
Split View Show Diff Stats
  1. 156 84
      etc/kamailio.cfg

+ 156 - 84
etc/kamailio.cfg
View File 

@@ -1,8 +1,6 @@
 
 #!KAMAILIO
 
 #
 
-# $Id$
 
-#
 
-# Kamailio (OpenSER) SIP Server v3.0 - basic configuration script
 
+# Kamailio (OpenSER) SIP Server v3.1 - default configuration script
 
 #     - web: http://www.kamailio.org
 
 #     - git: http://sip-router.org
 
 #
 
@@ -24,6 +22,12 @@
 
 #     - define WITH_AUTH
 
 #     - add users using 'kamctl'
 
 #
 
+# *** To enable IP authentication execute:
 
+#     - enable mysql
 
+#     - enable authentication
 
+#     - define WITH_IPAUTH
 
+#     - add IP addresses with group id '1' to 'address' table
 
+#
 
 # *** To enable persistent user location execute:
 
 #     - enable mysql
 
 #     - define WITH_USRLOCDB
 
@@ -86,6 +90,9 @@ children=4
 
    based on revers DNS on IPs (default on) */
 
 #auto_aliases=no
 
 
+/* add local domain aliases */
 
+#alias="sip.mydomain.com"
 
+
 
 port=5060
 
 
 /* uncomment and configure the following line if you want Kamailio to 
@@ -143,6 +150,9 @@ loadmodule "acc.so"
 
 #!ifdef WITH_AUTH
 
 loadmodule "auth.so"
 
 loadmodule "auth_db.so"
 
+#!ifdef WITH_IPAUTH
 
+loadmodule "permissions.so"
 
+#!endif
 
 #!endif
 
 /* uncomment next line for aliases support
 
    NOTE: a DB (like db_mysql) module must be also loaded */
 
@@ -231,6 +241,13 @@ modparam("auth_db", "password_column", "password")
 
 modparam("auth_db", "db_url",
 
 	"mysql://openser:openserrw@localhost/openser")
 
 modparam("auth_db", "load_credentials", "")
 
+
 
+#!ifdef WITH_IPAUTH
 
+modparam("permissions", "db_url",
 
+	"mysql://openser:openserrw@localhost/openser")
 
+modparam("permissions", "db_mode", 1)
 
+#!endif
 
+
 
 #!endif
 
 
 # ----- alias_db params -----
 
@@ -279,8 +296,97 @@ modparam("usrloc", "nat_bflag", 6)
 
 
 # main request routing logic
 
 
-route{
 
+route {
 
+
 
+	# per request initial checks
 
+	route(REQINIT);
 
+
 
+	# NAT detection
 
+	route(NAT);
 
+
 
+	# handle requests within SIP dialogs
 
+	route(WITHINDLG);
 
+
 
+	### only initial requests (no To tag)
 
+
 
+	# CANCEL processing
 
+	if (is_method("CANCEL"))
 
+	{
 
+		if (t_check_trans())
 
+			t_relay();
 
+		exit;
 
+	}
 
+
 
+	t_check_trans();
 
+
 
+	# authentication
 
+	route(AUTH);
 
+
 
+	# record routing for dialog forming requests (in case they are routed)
 
+	# - remove preloaded route headers
 
+	remove_hf("Route");
 
+	if (is_method("INVITE|SUBSCRIBE"))
 
+		record_route();
 
+
 
+	# account only INVITEs
 
+	if (is_method("INVITE"))
 
+	{
 
+		setflag(1); # do accounting
 
+	}
 
+
 
+	# dispatch requests to foreign domains
 
+	route(SIPOUT);
 
+
 
+	### requests for my local domains
 
+
 
+	# handle presence related requests
 
+	route(PRESENCE);
 
+
 
+	# handle registrations
 
+	route(REGISTRAR);
 
 
+	if ($rU==$null)
 
+	{
 
+		# request with no Username in RURI
 
+		sl_send_reply("484","Address Incomplete");
 
+		exit;
 
+	}
 
+
 
+	# dispatch destinations to PSTN
 
+	route(PSTN);
 
+
 
+	# user location service
 
+	route(LOCATION);
 
+
 
+	route(RELAY);
 
+}
 
+
 
+
 
+route[RELAY] {
 
+#!ifdef WITH_NAT
 
+	if (check_route_param("nat=yes")) {
 
+		setbflag("6");
 
+	}
 
+	if (isflagset(5) || isbflagset("6")) {
 
+		route(RTPPROXY);
 
+	}
 
+#!endif
 
+
 
+	/* example how to enable some additional event routes */
 
+	if (is_method("INVITE")) {
 
+		#t_on_branch("BRANCH_ONE");
 
+		t_on_reply("REPLY_ONE");
 
+		t_on_failure("FAIL_ONE");
 
+	}
 
+
 
+	if (!t_relay()) {
 
+		sl_reply_error();
 
+	}
 
+	exit;
 
+}
 
+
 
+# Per SIP request initial checks
 
+route[REQINIT] {
 
 	if (!mf_process_maxfwd_header("10")) {
 
 		sl_send_reply("483","Too Many Hops");
 
 		exit;
 
@@ -291,10 +397,10 @@ route{
 
 		xlog("Malformed SIP message from $si:$sp\n");
 
 		exit;
 
 	}
 
+}
 
 
-	# NAT detection
 
-	route(NAT);
 
-
 
+# Handle requests within SIP dialogs
 
+route[WITHINDLG] {
 
 	if (has_totag()) {
 
 		# sequential request withing a dialog should
 
 		# take the path determined by record-routing
 
@@ -324,45 +430,10 @@ route{
 
 		}
 
 		exit;
 
 	}
 
+}
 
 
-	#initial requests
 
-
 
-	# CANCEL processing
 
-	if (is_method("CANCEL"))
 
-	{
 
-		if (t_check_trans())
 
-			t_relay();
 
-		exit;
 
-	}
 
-
 
-	t_check_trans();
 
-
 
-	# authentication
 
-	route(AUTH);
 
-
 
-	# record routing for dialog forming requests (in case they are routed)
 
-	# - remove preloaded route headers
 
-	remove_hf("Route");
 
-	if (is_method("INVITE|SUBSCRIBE"))
 
-		record_route();
 
-
 
-	# account only INVITEs
 
-	if (is_method("INVITE")) {
 
-		setflag(1); # do accounting
 
-	}
 
-	if (!uri==myself)
 
-	/* replace with following line if multi-domain support is used */
 
-	##if (!is_uri_host_local())
 
-	{
 
-		append_hf("P-hint: outbound\r\n"); 
-		route(RELAY);
 
-	}
 
-
 
-	# requests for my domain
 
-
 
-	if( is_method("PUBLISH|SUBSCRIBE"))
 
-		route(PRESENCE);
 
-
 
+# Handle SIP registrations
 
+route[REGISTRAR] {
 
 	if (is_method("REGISTER"))
 
 	{
 
 		if(isflagset(5))
 
@@ -376,15 +447,10 @@ route{
 
 
 		exit;
 
 	}
 
+}
 
 
-	if ($rU==$null) {
 
-		# request with no Username in RURI
 
-		sl_send_reply("484","Address Incomplete");
 
-		exit;
 
-	}
 
-
 
-	route(PSTN);
 
-
 
+# USER location service
 
+route[LOCATION] {
 
 	# apply DB based aliases (uncomment to enable)
 
 	##alias_db_lookup("dbaliases");
 
 
@@ -402,39 +468,17 @@ route{
 
 	}
 
 
 	# when routing via usrloc, log the missed calls also
 
-	setflag(2);
 
-
 
-	route(RELAY);
 
-}
 
-
 
-
 
-route[RELAY] {
 
-#!ifdef WITH_NAT
 
-	if (check_route_param("nat=yes")) {
 
-		setbflag("6");
 
-	}
 
-	if (isflagset(5) || isbflagset("6")) {
 
-		route(RTPPROXY);
 
-	}
 
-#!endif
 
-
 
-	/* example how to enable some additional event routes */
 
-	if (is_method("INVITE")) {
 
-		#t_on_branch("BRANCH_ONE");
 
-		t_on_reply("REPLY_ONE");
 
-		t_on_failure("FAIL_ONE");
 
-	}
 
-
 
-	if (!t_relay()) {
 
-		sl_reply_error();
 
+	if (is_method("INVITE"))
 
+	{
 
+		setflag(2);
 
 	}
 
-	exit;
 
 }
 
 
-
 
 # Presence server route
 
-route[PRESENCE]
 
-{
 
+route[PRESENCE] {
 
+	if(!is_method("PUBLISH|SUBSCRIBE"))
 
+		return;
 
+
 
 #!ifdef WITH_PRESENCE
 
 	if (!t_newtran())
 
 	{
 
@@ -483,7 +527,16 @@ route[AUTH] {
 
 			exit;
 
 		}
 
 	} else {
 
-		# authenticate if from local subscriber (uncomment to enable auth)
 
+
 
+#!ifdef WITH_IPAUTH
 
+		if(allow_source_address())
 
+		{
 
+			# source IP allowed
 
+			return;
 
+		}
 
+#!endif
 
+
 
+		# authenticate if from local subscriber
 
 		if (from_uri==myself)
 
 		{
 
 			if (!proxy_authorize("", "subscriber")) {
 
@@ -505,6 +558,14 @@ route[AUTH] {
 
 
 			consume_credentials();
 
 			# caller authenticated
 
+		} else {
 
+			# caller is not local subscriber, then check if it calls
 
+			# a local destination, otherwise deny, not an open relay here
 
+			if (!uri==myself)
 
+			{
 
+				sl_send_reply("403","Not relaying");
 
+				exit;
 
+			}
 
 		}
 
 	}
 
 #!endif
 
@@ -512,7 +573,7 @@ route[AUTH] {
 
 }
 
 
 # Caller NAT detection route
 
-route[NAT]{
 
+route[NAT] {
 
 #!ifdef WITH_NAT
 
 	force_rport();
 
 	if (nat_uac_test("19")) {
 
@@ -540,6 +601,17 @@ route[RTPPROXY] {
 
 	return;
 
 }
 
 
+# Routing to foreign domains
 
+route[SIPOUT] {
 
+	if (!uri==myself)
 
+	/* replace with following line if multi-domain support is used */
 
+	##if (!is_uri_host_local())
 
+	{
 
+		append_hf("P-hint: outbound\r\n");
 
+		route(RELAY);
 
+	}
 
+}
 
+
 
 # PSTN GW routing
 
 route[PSTN] {
 
 #!ifdef WITH_PSTN