kamailio/doc/tutorials/serhowto/ser-howto.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 
   "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">

<section id="ser-howto" xmlns:xi="http://www.w3.org/2001/XInclude">
    <sectioninfo>
	<authorgroup>
	    <author>
		<firstname>Dan</firstname>
		<surname>Austin</surname>
	    </author>
	    <editor>
		<firstname>Nils</firstname>
		<surname>Ohlmeier</surname>
		<address>
		    <email>[email protected]</email>
		</address>
	    </editor>
	</authorgroup>
	<copyright>
	    <year>2002-2003</year>
	    <holder>NSI Ltd.</holder>
	</copyright>
	<revhistory>
	    <revision>
		<revnumber>$Revision$</revnumber>
		<date>$Date$</date>
	    </revision>
	</revhistory>
    </sectioninfo>


    <title>SER Howto</title>

    <section id="introduction">
	<title>Introduction</title>
	<section>
	    <title>Why SER</title>
	    <para>
		SER is an open-source project that aims to make available a
		fully functional and scalable Session Initiated Protocol
		server. Call processing is described with a concise scripting
		language that offers the flexibility of regular expressions and
		the ability to interface with 3rd party applications for the
		purposes of call accounting and authorization.
	    </para>
	</section>
	<section>
	    <title>Where to get SER</title>
	    <para>
		SER is available for download from <ulink
		    url="ftp://ftp.berlios.de/pub/ser"></ulink>
	    </para>
	    <para>
		The newest release may be found in the folder /latest
	    </para>
	</section>
    </section>

    <section id="installation">
	<title>Installation</title>
	<section id="installation_notes">
	    <title>Installation Notes</title>
	    <para>
		Supported architectures:
	    </para>
	    <itemizedlist>
		<listitem>
		    <para>
			Linux/i386
		    </para>
		</listitem>
			<listitem>
		    <para>
			Linux/armv4l
		    </para>
		</listitem>
		<listitem>
		    <para>
			FreeBSD/i386
		    </para>
		</listitem>
		<listitem>
		    <para>
			OpenBSD/i386
		    </para>
		</listitem>
		<listitem>
		    <para>
			Solaris/sparc64
		    </para>
		</listitem>
		<listitem>
		    <para>
			NetBSD/sparc64
		    </para>
		</listitem>
	    </itemizedlist>
	    <para>
		(For other architectures the Makefiles might need to be edited) There are various
		configuration options defined in the Makefile and Makefile.defs.
	    </para>
	</section>

	<section id="requirements">
	    <title>Requirements</title>
	    <itemizedlist>
		<listitem>
		    <para>
			gcc or icc : gcc &gt;= 2.9x; &gt;=3.1 recommended (it
			will work with older version but it might require some
			options tweaking for best performance)
		    </para>
		</listitem>
		<listitem>
		    <para>
			bison or yacc (Berkley yacc)
		    </para>
		</listitem>
		<listitem>
		    <para>
			flex
		    </para>
		</listitem>
		<listitem>
		    <para>
			<acronym>GNU</acronym> make (on Linux this is the standard
			"make", on FreeBSD and Solaris is called "gmake")
		    </para>
		</listitem>
		<listitem>
		    <para>
			sed and tr (used in the make files)
		    </para>
		</listitem>
		<listitem>
		    <para>
			<acronym>GNU</acronym> tar ("gtar" on Solaris) and gzip if you
			want "make tar" to work.
		    </para>
		</listitem>
		<listitem>
		    <para>
			<acronym>GNU</acronym> install or BSD install (on Solaris
			"ginstall") if you want "make install",
			"make bin", "make sunpkg" to work.
		    </para>
		</listitem>
		<listitem>
		    <para>
			mysql if you need MySQL support.
		    </para>
		</listitem>
		<listitem>
		    <para>
			Apache (httpd) if you want serweb support
		    </para>
		</listitem>
		<listitem>
		    <para>
			PHP, MySQL-PHP for serweb support
		    </para>
		</listitem>
		<listitem>
		    <para>
			libmysqlclient and libz (zlib) if you want mysql support (the mysql module)
		    </para>
		</listitem>
		<listitem>
		    <para>
			libexpat if you want the jabber gateway support (the jabber module)
		    </para>
		</listitem>
	    </itemizedlist>
	    <para>
		Installing SER on a RedHat Linux distribution for example, is a
		simple matter of unzipping the downloaded file and using your
		favorite package manager.
	    </para>
	</section>

	<section id="install_package">
	    <title>Install the package</title>
	    <para>
		Example:
	    </para>
	    <screen>
/root&gt;rpm -i ser-08.11-1.i386.rpm
	    </screen>
	    <para>
		Packages for other popular distributions are available, and can be installed using
		the appropriate package manager for that distribution.
	    </para>
	    <para>
		On many platforms you can start the service with:
	    </para>
	    <screen>
/etc/init.d/ser start
	    </screen>
	    <para>
		RedHat systems will use:
	    </para>
	    <screen>
/etc/rc.d/init.d/ser start
	    </screen>
	    <para>
		You now have a functioning SIP server, but what can you do with it?  At this point
		not very much. With an SIP client, such as Microsoft MSN Messenger 4.6, you can
		register with the server, send Instant Messages to other logged on clients of the
		same server, and even have voice conversations with them.
	    </para>
	    <para>
		That sounds pretty good, but maybe you'd like to add a little more security, or make
		you server accessible to others.
	    </para>
	</section>

	<section id="serctl_utility">
	    <title>Serctl Utility</title>
	    <para>
		To do so, first set the environment variable SIP_DOMAIN to your domain name, e.g.,
		in Bourne shell (bash), call:
	    </para>
	    <screen>
export SIP_DOMAIN="foo.bar"
	    </screen>
	    <para>
		If you wont the system to created this variable automatically, you need to add the
		line
	    </para>
	    <screen>
export SIP_DOMAIN="foo.bar"
	    </screen>
	    <para>
		in the end of file /etc/profile.
	    </para>
	    <para>
		If you are using other than 'localhost' mysql server for maintaining subscriber
		database, change the variable 'SQL_HOST' to the proper host name in the serctl
		script.
	    </para>
	    <para>
		Run the serctl utility
	    </para>
	    <screen>
/usr/sbin/serctl monitor
	    </screen>
	    <para>
		If you installed from a tar.gz or Solaris package:
	    </para>
	    <screen>
/usr/local/sbin/serctl monitor
	    </screen>
	</section>

	<section id="dns_srv">
	    <title>DNS SVR Resource Records</title>
	    <para>
		It is important that your SIP clients can connect to your
		server for purposes of registration and call control.  You
		might even want to have a redundant server to handle calls if
		your primary server is unavailable.
	    </para>
	    <para>
		These requirements can be meet by using <acronym>DNS</acronym>
		<acronym>SVR</acronym> Resource Records, available in BIND 8.X and up releases.
	    </para>
	    <para>
		The format for a <acronym>SVR RR</acronym> is this:
	    </para>
	    <screen>
_service._protocol        SVR Priority Weight     Port hostname
	    </screen>
	    <para>
		In this case we want to establish an entry for our primary SIP server,
		gateway.mydomain.com, that will listen on UDP port 5060.  The entry will look like
		this:
	    </para>
	    <screen>
_sip._udp         SRV     0  0   5060  gateway.mydomain.com
	    </screen>
	    <para>
		Placement of the new resource record is important.  Here is a sample zone file:
		</para>
		<para>
		<screen>
; zone 'mydomain.com'   last serial 1998071308
$ORIGIN com.
mydomain  86400           IN      SOA     gateway.mydomain.com. postmaster.mydomain.com. (
                                        1998111908 ; Serial
                                        36000 ; Refresh
                                        900 ; Retry
                                        36000 ; Expire
                                        28800 ); Minimum
                IN      NS              gateway.mydomain.com.
                IN      NS              ns3.backupdomain.com.
                IN      MX              1 gateway.mydomain.com.
                IN      A               192.168.0.1

;If we place the SRV record above the next line it fails to load
$ORIGIN fitawi.com.
_sip._udp               SRV  0 0  5060  gateway.mydomain.com.
gateway         IN      A               192.168.0.1
www             IN      CNAME           gateway.mydomain.com.
		</screen>
	    </para>
	    <para>
		After reloading your zone file you can verify that the entry is working by using dig.
	    </para>
	    <screen>
dig -t SRV _sip._udp.mydomain.com
	    </screen>
	    <para>
		The results should look something like this:
	    </para>
	    <para>
		<screen>
<![CDATA[
; <<>> DiG 9.1.0 <<>> -t SRV _sip._udp.mydomain.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32654
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;_sip._udp.mydomain.com.          IN      SRV

;; ANSWER SECTION:
_sip._udp.mydomain.com.   86400   IN   SRV   0 0 5060 gateway.mydomain.com.

;; AUTHORITY SECTION:
mydomain.com.             86400   IN      NS      ns3.elsewhere.com.
mydomain..com             86400   IN      NS      gateway. mydomain.com.

;; ADDITIONAL SECTION:
gateway. mydomain.com.     86400   IN      A       192.168.0.150

;; Query time: 6 msec
;; SERVER: 192.168.0.150#53(192.168.0.150)
;; WHEN: Tue Dec  3 08:34:17 2002
;; MSG SIZE  rcvd: 132
]]>
		</screen>
	    </para>
	</section>

	<section>
	    <title>Adding a database for client information</title>
	    <para>
		By leveraging a MySQL database, we can provide support for user credentials, and
		keeping track of where the clients are logged on during server restarts.
	    </para>
	</section>

	<section>
	    <title>MySQL setup</title>
	    <para>
		To install support for a MySQL database you will need to download the package
		ser-mysql, which is available from the same download location that you retrieved
		SER. This package has scripts to create the required database and establish
		permissions for the accounts needed.  A recent release of MySQL is recommended.
		Earlier versions may have problems with the syntax required to set permissions on
		the database.
	    </para>
	    <para>
		If you do not already have a copy of MySQL installed, download it from your <ulink
		url="http://www.mysql.com"></ulink>
	    </para>
	    <para>
		Once you have MySQL installed and started, execute
	    </para>
	    <screen>
/usr/sbin/ser_mysql.sh
	    </screen>
	    <para>
		You can verify that the database has been created, and correct permissions assigned
		by using the mysql management tool and these steps:
	    </para>
	    <para>
		<screen>
Mysql&gt; select * from user;
| Host               | User  | Password         | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv |
| %                  | ser   | 4e633cf914a735a0 | N           | N           | N           | N           | N           | N         | N           | N             | N            | N         | N          | N               | N          | N          |
| localhost          | ser   | 4e633cf914a735a0 | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | N          | Y               | Y          | Y          |
| %                  | serro | 7cb73a267cb7bd5f | N           | N           | N           | N           | N           | N         | N           | N             | N            | N         | N          | N               | N          | N          |
| localhost          | serro | 7cb73a267cb7bd5f | Y           | N           | N           | N           | N           | N         | N           | N             | N            | N         | N          | N               | N          | N          |
		</screen>
	    </para>
	    <para>
		The above results show that the two user, ser and serro, have been created and
		granted the permissions needed to access the database. Note that in the above
		example the permissions have been modified to deny access to these accounts from any
		system(%) other than local host.
	    </para>
	    <para>
		<screen>
mysql&gt; connect ser;
Connection id:    294
Current database: ser

mysql> show tables;
+-----------------+
| Tables_in_ser   |
+-----------------+
| acc             |
| active_sessions |
| aliases         |
| config          |
| event           |
| grp             |
| location        |
| missed_calls    |
| pending         |
| phonebook       |
| reserved        |
| silo            |
| subscriber      |
| version         |
+-----------------+
14 rows in set (0.00 sec)

mysql&gt; select * from subscriber;
| phplib_id                        | USERNAME | PASSWORD | FIRST_NAME | LAST_NAME | PHONE        | EMAIL_ADDRESS              | DATETIME_CREATED    | DATETIME_MODIFIED   | confirmation                     | flag | SendNotification | Greeting | HA1                              | REALM      | ha1b                             | perms | allow_find | timezone            |
| 4cefa7a4d3c8c2dbf6328520bd873a19 | admin     | heslo | first        | admin    | 557-8469     | [email protected]      | 2002-12-02 19:20:41 | 2002-12-02 20:29:46 | 80e0f273b2067d40277b49ff842bb9e3 | o    |                  |          | c79a8f8f08596baa84bb02c88884426d | iptel.org | f322c94b8b2fbe557d43ab3ac9e05b3a | admin | 1          | America/Los_Angeles |
		</screen>
	    </para>
	    <para>
		This last query shows that you have one user account defined and it has
		administrator privileges.
	    </para>
	    <para>
		We'll need to add another account to be the administrator for your realm, which we
		will do after the next section.
	    </para>
	</section>

    </section>

    <section id="configuration">
	<title>Configuration</title>
	<section>
	    <title>Modify SER configuration</title>
	    <para>
		Now that we have a working MySQL database, we need to modify the configuration file
		for ser, located on a RedHat, installed in /etc/ser/ser.cfg.  The following changes
		need to be made:
	    </para>
	    <para>
		To enable support for the new MySQL database we need to load the appropriate module.
		That is accomplished by uncomment this line:
	    </para>
	    <screen>
loadmodule "/usr/lib/ser/modules/mysql.so
	    </screen>
	    <para>
		Next we need to set SER to use the database and write changes instead of just
		caching them in memory. This is done by means of commenting this line:
	    </para>
	    <screen>
modparam ("usrloc", "db_mode",  0)
	    </screen>
	    <para>
		And uncomment this line:
	    </para>
	    <screen>
modparam ("usrloc", "db_mode", 2)
	    </screen>
	    <para>
		Note on db_modes:
	    </para>
	    <para>
		<itemizedlist>
		    <listitem>
			<para>
			    Mode 0
			</para>
			<para>
			    Disables writes to the database.  Contact information will not be
			    preserved if the server is restarted.
			</para>
		    </listitem>
		    <listitem>
			<para>
			    Mode 1
			</para>
			<para>
			    Writes all changes to the database immediately. Contact information is
			    saved to the database immediately.  This can slow the response to
			    clients as they connect.
			</para>
		    </listitem>
		    <listitem>
			<para>
			    Mode 2
			</para>
			<para>
			    Periodically writes contact information to the database based in the in
			    memory cache.
			</para>
		    </listitem>
		</itemizedlist>
	    </para>
	    <para>
		To enable digest authentication we additionally need to uncomment the following two lines:
	    </para>
	    <screen>
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
	    </screen>
	    <para>
		We have the option of storing passwords in our database in plain text.  This allows
		for password recovery and makes the initial setup and testing easier.  To enable
		this feature uncomment these lines:
	    </para>
	    <screen>
modparam ("auth_db", "calculate_ha1", yes)
modparam ("auth_db", "password_column", "password")
	    </screen>
	    <para>
		These lines work together. The first tells SER to generate a hash based on
		username, password and realm. The second tells SER where to look for the plain-text
		password in the database.
	    </para>
	    <para>
		Uncomment these lines and change all instances of iptel.org to your domain
	    </para>
	    <para>
		<screen>
if (!www_authorize("mydomain.com", "subscriber")) {
        www_challenge("mydomain.com", "0");
        break;
};
		</screen>
	    </para>
	    <para>
		We're now ready to restart ser. On RedHat use
	    </para>
	    <screen>
/etc/rc.d/init.d/ser restart
	    </screen>
	</section>

	<section>
	    <title>Adding an admin for your realm</title>
	    <para>
		Now that we have a working database and ser is configured to use it, we need to add
		some users and at least one of them should have administrator privileges.  The
		administrator role becomes important if you want to use a web management tool such
		as serweb.
	    </para>
	    <para>
		Basic account manipulation can be performed with the serctl script, located in
		/usr/sbin.
	    </para>
	    <para>
		To add a user use these commands
	    </para>
	    <screen>
		serctl add JoeUser qwerty [email protected]
	    </screen>
	    <para>
		The system notify for "Type MySQL Password", the default password is
		"heslo"
	    </para>
	    <para>
		To make JoeUser an administrator, we need to login to MySQL and modify the database.
	    </para>
	    <para>
		<screen>
mysql&gt; connect ser;

mysql&gt; update subscriber set perms=?admin? where USER_ID=?JoeUser?;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql&gt; select * from subscriber;
| 4cefa7a4d3c8c2dbf6328520bd873a19 | JoeUser     | qwerty |  |   |   | [email protected]   | 2002-12-02 19:20:41 | 2002-12-02 20:29:46 | 80e0f273b2067d40277b49ff842bb9e3 | o    |                  |          | c79a8f8f08596baa84bb02c88884426d | mydomain.com | f322c94b8b2fbe557d43ab3ac9e05b3a | admin | 1          | America/Los_Angeles |
		</screen>
	    </para>
	    <para>
		The third from last field shows that Joe has been assigned admin privileges.
	    </para>
	    <para>
		At this point Joe can login to our server, but since he is the only user, there is
		not much he can do. We can now add additional users using the serctl script, or now
		is a good time to look at installing serweb, which will allow users to subscribe to
		our service.
	    </para>
	</section>
	<section>
	    <title>More on serctl</title>
	    <para>
		The script serctl can be used to manage users, access control lists, in memory
		contacts, and to monitor server health.  Executing serctl with no arguments will
		produce this output:
	    </para>
	    <para>
		<screen>
usage:
           * subscribers *
 add &lt;username&gt; &lt;password&gt; &lt;email&gt; .. add a new subscriber (*)
 passwd &lt;username&gt; &lt;passwd&gt; ......... change user's password (*)
 rm &lt;username&gt; ...................... delete a user (*)
 mail &lt;username&gt; .................... send an email to a user
 alias show [&lt;alias&gt;] ............... show aliases
 alias rm &lt;alias&gt; ................... remove an alias
 alias add &lt;alias&gt; &lt;uri&gt; ............ add an aliases

           * access control lists *
 acl show [&lt;username&gt;] .............. show user membership
 acl grant &lt;username&gt; &lt;group&gt; ....... grant user membership (*)
 acl revoke &lt;username&gt; [&lt;group&gt;] .... grant user membership(s) (*)

           * usrloc *
 ul show [&lt;username&gt;]................ show in-RAM online users
 ul rm &lt;username&gt; ................... delete user's UsrLoc entries
 ul add &lt;username&gt; &lt;uri&gt; ............ introduce a permanent UsrLoc entry
 showdb [&lt;username&gt;] ................ show online users flushed in DB

		   * control and diagnostic *
 moni ... show internal status     start .... start ser
 ps ..... show running processes    stop ..... stop ser
 fifo ... send raw FIFO commands   restart .. restart ser
 ping &lt;uri&gt; .. ping a URI (OPTIONS)
 cisco_restart &lt;uri&gt; .. restart a Cisco phone (NOTIFY)

   Commands labeled with (*) will prompt for a MySQL password.
   If the variable PW is set, the password will not be prompted.

    ACL privileges are: local ld int voicemail free-pstn
		</screen>
	    </para>
	</section>

	<section>
	    <title>Adding and deleting users with serctl</title>
	    <para>
		User account management is performed with these commands:
	    </para>
	    <screen>
serctl add
serctl password
serctl rm
	    </screen>
	    <para>
		The contents of the in memory cache can be managed with the ul argument.  Care must
		be taken to with these commands.  For example:
	    </para>
	    <screen>
serctl ul rm joe
	    </screen>
	    <para>
		Will remove the current contact information about Joe from memory
	    </para>
	    <para>
		Whereas "serctl rm joe" will delete joe's account.
	    </para>
	</section>

	<section>
	    <title>Examining in memory cache with serctl</title>
	    <para>
		The command "serctl ul show" will list any currently registered
		clients.  The output will look like this:
	    </para>
	    <para>
		<screen>
===Domain list===
---Domain---
name : 'location'
size : 512
table: 0x402ee6d0
d_ll {
    n    : 2
    first: 0x402f1a74
    last : 0x402f089c
}
lock : 0

...Record(0x402f1a74)...
domain: 'location'
aor   : 'test'
~~~Contact(0x402f708c)~~~
domain : 'location'
aor    : 'test'
Contact: 'sip:[email protected]:5060'
Expires: 2501
q      :       0.00
Call-ID: '[email protected]'
CSeq   : 101
State  : CS_SYNC
next   : (nil)
prev   : (nil)
~~~/Contact~~~~
.../Record...
...Record(0x402f089c)...
domain: 'location'
aor   : 'joe'
~~~Contact(0x402f0924)~~~
domain : 'location'
aor    : 'joe'
Contact: 'sip:192.168.0.101:14354'
Expires: 432
q      :       0.00
Call-ID: '[email protected]'
CSeq   : 11
State  : CS_SYNC
next   : (nil)
prev   : (nil)
~~~/Contact~~~~
.../Record...

---/Domain---
===/Domain list===
		</screen>
	    </para>
	</section>

	<section>
	    <title>Examining server status</title>
	    <para>
		Two commands can be used to check the health of the server.  The first command
		serctl ps returns a list of all SER related processes, the ip address and the port
		they are listening on.  For example:
	    </para>
	    <para>
		<screen>
[root@gateway /root]# serctl ps
0       31029   attendant
1       31033   receiver child=0 sock=0 @ 127.0.0.1::5060
2       31034   receiver child=1 sock=0 @ 127.0.0.1::5060
3       31035   receiver child=2 sock=0 @ 127.0.0.1::5060
4       31036   receiver child=3 sock=0 @ 127.0.0.1::5060
5       31037   receiver child=0 sock=1 @ 192.168.0.1::5060
6       31038   receiver child=1 sock=1 @ 192.168.0.1::5060
7       31039   receiver child=2 sock=1 @ 192.168.0.1::5060
8       31040   receiver child=3 sock=1 @ 192.168.0.1::5060
9       31049   fifo server
10      31072   timer
		</screen>
	    </para>
	    <para>
		The second command, serctl monitor, shows the server version, uptime, pending and
		completed transactions, and the number of major category responses the server has
		sent.  Another example:
	    </para>
	    <para>
		<screen>
[cycle #: 1; if constant make sure server lives and fifo is on]
Server: Sip EXpress router (0.8.11 (i386/linux)
Now: Wed Dec  4 10:13:02 2002
Up Since: Mon Dec  2 21:21:11 2002
Up time: 132711 [sec]

Transaction Statistics
Current: 0 (2 waiting) Total: 46 (0 local)
Replied localy: 37
Completion status 6xx: 0, 5xx: 0, 4xx: 23, 3xx: 0,2xx: 22

Stateless Server Statistics
200: 101 202: 0 2xx: 0
300: 0 301: 0 302: 0 3xx: 0
400: 0 401: 0 403: 0 404: 132 407: 0 408: 0 483: 1 4xx: 0
500: 0 5xx: 0
6xx: 0
xxx: 0
failures: 0

UsrLoc Stats
Domain Registered Expired
'location' 2 2
		</screen>
	    </para>
	</section>
    </section>

    <section>
	<title>Installing SERWeb</title>
	<para>
	    The SERweb package can be downloaded from <ulink
		url="ftp://ftp.berlios.de/ser/latest/serweb"></ulink>
	</para>
	<para>
	    The pages associated with SERweb provide a starting point to customize your SIP user
	    account management tools.
	</para>
	<section>
	    <title><acronym>PHP</acronym> configuration</title>
		<para>
		Go to <acronym>PHP</acronym> configuration file in /etc/php.ini and change
		"register_globals = Off" to "On"
	    </para>
	</section>

	<section>
	    <title>Installing SERweb default configuration</title>
	    <para>
		If you are installing this package on a server that does not host any other web
		pages, you can simply extract the files to the document directory of your web
		server.  This presumes that you have a working Web Server.
	    </para>
	</section>

	<section>
	    <title>Installing SERweb custom file locations</title>
	    <para>
		In case your server performs multiple functions, and you want to just add the SERweb
		tools to an existing web site, we will need to make changes to a number of the php
		files.  The following examples are from an Apache 2.0 on RedHat.
	    </para>
	    <para>
		Unzip the files into a temporary directory, such as /root/serweb.  The directory
		will contain these files:
	    </para>
	    <para>
		<screen>
-rw-rw-r--    1 827      2020        18561 Sep 25 16:31 COPYING
drwxr-xr-x    2 827      2020         1024 Nov 27 16:43 CVS
-rw-rw-r--    1 827      2020          529 Sep 25 16:29 README
drwxr-xr-x    7 827      2020         1024 Nov 27 22:24 html
drwxr-xr-x    3 827      2020         2048 Sep 26 10:26 phplib
		</screen>
	    </para>
	    <para>
		On the Linux RedHat Version 8 root directory on web server is /var/www/html/
	    </para>
	    <para>
		Move the html directory to the root of your web server:
	    </para>
	    <screen>
mv html /var/www/html/htdocs/serweb
	    </screen>
	    <para>
		Move the phplib directory to your web server application directory:
	    </para>
	    <screen>
mv phplib /var/www/html/phplib
	    </screen>
	    <para>
		Following files must be updated with this "new" path to the libraries:
	    </para>
	    <screen>
./admin/prepend.php
./user_interface/prepend.php
./user_interface/reg/prepend.php
	    </screen>
	    <para>
		For these files the variable: $_PHPLIB["libdir"] =
		"../../phplib/"; becomes $_PHPLIB["libdir"] =
		"../../../phplib/";
	    </para>
	    <para>
		In the ./admin directory edit the files acl.php, index.php, and users.php will need
		their path to the forms library updated.  For this example, add ../ to the existing
		line
	    </para>
	    <screen>
:require "../../../phplib/oohforms.inc";
	    </screen>
	    <para>
		In the ./user_interface directory the following files need the same change:
	    </para>
	    <para>
		accounting.php, find_user.php, index.php, missed_calls.php, my_account.php,
		phonebook.php, send_im.php, notification_subscription.php
	    </para>
	    <para>
		Next these files in ./user_interface/reg need the same change, with an additional
		../:
	    </para>
	    <para>
		Finish.php, get_pass.php, index.php
	    </para>
	    <para>
		The last changes occur in the config.php file to provide the
		location for graphic files, style sheets and time zone
		information.  Update the following variables:
	    </para>
	    <screen>
$this->root_path="/serweb/";
$this->fifo_server = "/tmp/ser_fifo";
$this->zonetab_file =   "/usr/share/zoneinfo/zone.tab";
//TZ zone descriptions file, usually: /usr/share/zoneinfo/zone.tab
	    </screen>
	    <para>
		Find two variables: "$this->mail_forgot_pass=","
		$this->mail_register=" and change line
		http://oook/~iptel/user_interface/reg/confirmation.php?nr=#confirm#\n\n
	    </para>
	    <para>
		with line
	    </para>
	    <para>
		http://".$_SERVER['HTTP_HOST']."/htdocs/serweb/user_interface/reg/confirmation.php?nr=#confirm#\n\n
	    </para>
	    <para>
		This will insure sending a registration feedback mail to SIP server using its IP
		address
	    </para>
	</section>
	<section>
	    <title>Modifying SERweb configuration general</title>
	    <para>
		We need to update /usr/local/apache/htdocs/serweb/config.php to represent our realm.
		The following variables need to be changed to our domain:
	    </para>
	    <para>
		<screen>
$this->realm="mydomain.com";
$this->domainname=" mydomain.com";
$this->web_contact="sip:JoeUser@ mydomain.com";
//address of pseudo sender
		</screen>
		</para>
	    <screen>
$this->default_domain=" mydomain.com";
$this->mail_header_from="Registration@ mydomain.com";
	    </screen>
	    <para>
	    </para>
	    <para>
		Additionally we will want to modify the section for Terms and Conditions, either
		replacing it with appropriate language for our services, or at least replacing
		iptel.org with our domain information.
	    </para>
	</section>
    </section>

    <section id="issues_and_limitation">
	<title>Issues And Limitation</title>

	<para>
	    Since one of the design goals behind SIP is to decentralize the intelligence in
	    communications handling, a basic tenant is that SIP clients need to be able to
	    communicate directly with each other. The problem is that many clients find themselves
	    either behind a firewall or in a NAT fronted address space. When a client registers
	    with the SIP server, it tells the server what it is using for an IP address, and that
	    address may not be accessible to the public.
	</para>
	<section>
	    <title>More on NAT</title>
	    <para>
		There are a couple of ways that we can overcome the problem that NAT introduces.
		Some SIP client providers are building in options into their products that allow the
		user to identify the IP address that their phone will appear as to the public.  This
		is a nice simple approach, but presumes that the person installing the client knows
		what that IP address is, and that it doesn't change.  Cisco has built this feature
		into their 79XX series SIP phones.
	    </para>
	    <para>
		A second solution that is working its way through the standards process is called
		<quote>Simple Traversal of UDP through NAT</quote>, or <acronym>STUN</acronym>.
		A <acronym>STUN</acronym> equipped client is configured to send a who-am-I packet to
		a known server on the public network.  That server will respond with the IP
		address that the client appears to be communicating from, and the client can then
		use that address to register with the SIP server.  Phones that leverage
		<acronym>STUN</acronym> include: Snom 100, kphone, and sipc .
	    </para>
	</section>
	<section>
	    <title>Firewalls</title>
	    <para>
		SIP clients also present an interesting challenge to configuring a firewall.  During
		registration the SIP client will be assigned a UDP port in the range of 16384 to
		32768.  Our firewall administrators will not happily open up all of those ports to
		all of the internal systems, on the chance that a SIP connection may be needed.
	    </para>
	    <para>
		This is where the concept of a Firewall Control Protocol, or <acronym>FCP</acronym>,
		comes into play.  The design idea is that when a SIP client registers, a
		<acronym>FCP</acronym> agent, or server if you prefer, will dynamically insert a new
		rule into the firewall policy to permit that client to participate in SIP
		conversations.
		</para>
	</section>

    </section>

    <section id="diagnostics">
	<title>Diagnostics And Tools</title>
	<para>
	    Detailed information about the communications between clients and the SIP server is
	    needed to isolate problems.  Two tools that can be used to gather such information are
	    sipsak and ngrep.
	</para>
	<section>
	    <title>ngrep</title>
	    <para>
		Ngrep is a capable of listening in on network traffic and filtering it in much the
		same way as grep can locate patterns in files.  To monitor the communications
		between a client, joe, and the server the following command would be run on the
		server:
	    </para>
	    <screen>
ngrep  -n 5060 -d eth0 joe
	    </screen>
	    <para>
		Since SIP communications are <acronym>ASCII</acronym> based, all events such as
		REGISTER, INVITE, SUBSCRIBE, etc. are captured.  The output of ngrep can identify
		problems with SIP addresses, or client identity.
	    </para>
	    <para>
		Ngrep should be part of most modern distributions, or can be downloaded from <ulink
		url="http://sourceforge.net/projects/ngrep/"></ulink>
	    </para>
	</section>
	<section>
	    <title>Sipsak</title>
	    <para>
		Sipsak can be used to determine if your server is responding to requests, and provide information on
		how your server would route SIP connections.  Sipsak and basic documentation on its use can be
		downloaded from <ulink url="http://sipsak.berlios.de"></ulink>
	    </para>
	</section>
    </section>

    <section id="client_configuration">
	<title>Client Configuration</title>
	<section>
	    <title>Microsoft Messenger 4.6</title>
	    <para>
		Microsoft Messenger 4.6 can be configured as a SIP client by selecting Tools\Options\Accounts and
		selecting Communications Service for the account sign in.  Clear the check boxes for .NET Passport
		and Exchange Account.  Check the Communications Service account and enter your SIP account name.
		Click on Advanced and select Configure settings.  Enter the IP address of your server, or hostname
		and choose UDP.
	    </para>
	</section>
	<section>
	    <title>Cisco 79XX phones</title>
	    <para>
		Cisco has complete documentation on how to convert a 79XX series phone to use SIP.
		The basic steps are:
	    </para>
	    <section>
		<title>Configure a <acronym>DHCP</acronym> service that provides</title>
		<para>
		    <itemizedlist>
			<listitem>
			    <para>
				IP address
			    </para>
			</listitem>
			<listitem>
			    <para>
				Subnet mask
			    </para>
			</listitem>
			<listitem>
			    <para>
				Default gateway
			    </para>
			</listitem>
			<listitem>
			    <para>
				<acronym>DNS</acronym> server addresses
			    </para>
			</listitem>
			<listitem>
			    <para>
				<acronym>TFTP</acronym> server address
			    </para>
			</listitem>
		    </itemizedlist>
		</para>
	    </section>
	    <section>
		<title>On the <acronym>TFTP</acronym> server load these files</title>
		<para>
		    <itemizedlist>
			<listitem>
			    <para>
				OS79XX - Identifies which firmware the phone should load with no
				extension. Example: P0S3-04-1-00
			    </para>
			</listitem>
			<listitem>
			    <para>
				P0S3-04-1-00.bin - The firmware image
			    </para>
			</listitem>
			<listitem>
			    <para>
				SIPDefault.cnf - Site wide configuration options
			    </para>
			</listitem>
			<listitem>
			    <para>
				SIPmacaddress.cnf - Phone specific settings, including login name
				and password.  Example: SIP000A8A93D466.cnf
			    </para>
			</listitem>
			<listitem>
			    <para>
				RINGLIST.DAT, ringer1.pcm, ringer2.pcm - ring tones
			    </para>
			</listitem>
		    </itemizedlist>
		</para>
		<para>
		    Each time the phone is powered on it will tftp download OS79XX and determine if
		    it needs a firmware update.  If no update is needed the next step is to download
		    SIPDefault.cnf, SIPmacaddress.cnf, and optionally a dial plan, ringlist and ring
		    tones.
		</para>
		<para>
		    Calls can be placed to other registered SIP clients, or to a PSTN number
		    provided there is PSTN gateway identified in the SER configuration file.
		</para>
	    </section>
	</section>
    </section>

    <section id="pstn_connectivity">
	<title>PSTN Connectivity</title>
	<para>
	    Passing calls that originate from a SIP client to the PSTN is a simple matter of
	    permitting SER to relay the session to an established PSTN gateway.  Calls that start
	    out on the PSTN and need to be directed to a SIP client requires that the PSTN gateway
	    be aware of where to direct the call.
	</para>
	<section>
	    <title>Cisco Dial-peer</title>
	    <para>
		The Cisco gateway needs to have a PSTN interface, such as FXO ports or a VXB-2TE1+
		card, and depending on the model of Cisco device an upgraded IOS revision.  The
		dial-peer itself is simple:
	    </para>
	    <para>
		dial-peer voice 999 voip
	    </para>
	    <para>
		destination-pattern 555999.  ** Associate the number range 555-9990 to 9999 with our
		SIP server
	    </para>
	    <para>
		session protocol sipv2 ** Set this dial-peer to use SIP instead of Cisco protocols
		</para>
		<para>
		session target sip-server ** Send the call to our SIP server.  See SIP-UA below
	    </para>
	    <para>
		codec g711ulaw ** Set the default codec to 711-Ulaw (common codec between clients)
	    </para>
	    <para>
		! 
	    </para>
	    <para>
		sip-ua
	    </para>
	    <para>
		sip-server ipv4:192.168.0.1 ** IP address of our SIP server
	    </para>
	</section>
	<section>
	    <title>Relaying PSTN in ser.cfg</title>
	    <para>
		The following is an extremely simple sample of how to relay a call from a SIP client
		to the PSTN
	    </para>
	    <para>
		<screen>
# attempt handoff to PSTN
if (uri=~<quote>^sip:9[0-9]*@mydomain.com</quote>) {  ##  This assumes that the caller is
    log(<quote>Forwarding to PSTN\n</quote>);      ##  registered in our realm
    t_relay_to( <quote>192.168.0.2</quote>, <quote>5060</quote>);  ##  Our Cisco router
    break;
};
		</screen>
	    </para>
	</section>
    </section>
    
    <section id="sip_status_codes">
	<title>SIP Status Codes</title>
	<para>
	    The following are the SIP status codes as of RFC3261;
	</para>
	
	<para>
	    <table><title>1XX-2XX Informational</title>
		<tgroup cols="2">
		    <tbody>
			<row>
			    <entry>
				100 
			    </entry>
			    <entry>
				Trying
			    </entry>
			</row>
			<row>
			    <entry>
				180 
			    </entry>
			    <entry>
				Ringing
			    </entry>
			</row>
			<row>
			    <entry>
				181 
			    </entry>
			    <entry>
				Call Is Being Forwarded
			    </entry>
			</row>
			<row>
			    <entry>
				182 
			    </entry>
			    <entry>
				Queued
			    </entry>
			</row>
			<row>
			    <entry>
				183 
			    </entry>
			    <entry>
				Session Progress
			    </entry>
			</row>
			<row>
			    <entry>
				200 
			    </entry>
			    <entry>
				OK
			    </entry>
			</row>
			<row>
			    <entry>
				202 
			    </entry>
			    <entry>
				OK
			    </entry>
			</row>
		    </tbody>
		</tgroup>
	    </table>
	</para>
	
	<para>
	    <table><title>3XX Redirection</title>
		<tgroup cols='2'>
		    <tbody>
			<row>
			    <entry>
				300 
			    </entry>
			    <entry>
				Multiple Choices
			    </entry>
			</row>
			<row>
			    <entry>
				301 
			    </entry>
			    <entry>
				Moved Permanently
			    </entry>
			</row>
			<row>
			    <entry>
				303 
			    </entry>
			    <entry>
				See Other
			    </entry>
			</row>
			<row>
			    <entry>
				305 
			    </entry>
			    <entry>
				Use Proxy
			    </entry>
			</row>
			<row>
			    <entry>
				380 
			    </entry>
			    <entry>
				Alternative Service
			    </entry>
			</row>
		    </tbody>
		</tgroup>
	    </table>
	</para>
	
	<para>
	    <table><title>4XX Client-Error</title>
		<tgroup cols='2'>
		    <tbody>
			<row>
			    <entry>
				400 
			    </entry>
			    <entry>
				Bad Request
			    </entry>
			</row>
			<row>
			    <entry>
				401 
			    </entry>
			    <entry>
				Unauthorized
			    </entry>
			</row>
			<row>
			    <entry>
				402 
			    </entry>
			    <entry>
				Payment Required
			    </entry>
			</row>
			<row>
			    <entry>
				403 
			    </entry>
			    <entry>
				Forbidden
			    </entry>
			</row>
			<row>
			    <entry>
				404 
			    </entry>
			    <entry>
				Not Found
			    </entry>
			</row>
			<row>
			    <entry>
				405 
			    </entry>
			    <entry>
				Method Not Allowed
			    </entry>
			</row>
			<row>
			    <entry>
				406 
			    </entry>
			    <entry>
				Not Acceptable
			    </entry>
			</row>
			<row>
			    <entry>
				407 
			    </entry>
			    <entry>
				Proxy Authentication Required
			    </entry>
			</row>
			<row>
			    <entry>
				408 
			    </entry>
			    <entry>
				Request Timeout
			    </entry>
			</row>
			<row>
			    <entry>
				409 
			    </entry>
			    <entry>
				Conflict
			    </entry>
			</row>
			<row>
			    <entry>
				410 
			    </entry>
			    <entry>
				Gone
			    </entry>
			</row>
			<row>
			    <entry>
				411 
			    </entry>
			    <entry>
				Length Required
			    </entry>
			</row>
			<row>
			    <entry>
				413 
			    </entry>
			    <entry>
				Request Entity Too Large
			    </entry>
			</row>
			<row>
			    <entry>
				414 
			    </entry>
			    <entry>
				Request-URI Too Large
			    </entry>
			</row>
			<row>
			    <entry>
				415 
			    </entry>
			    <entry>
				Unsupported Media Type
			    </entry>
			</row>
			<row>
			    <entry>
				420 
			    </entry>
			    <entry>
				Bad Extension
			    </entry>
			</row>
			<row>
			    <entry>
				480 
			    </entry>
			    <entry>
				Temporarily not available
			    </entry>
			</row>
			<row>
			    <entry>
				481 
			    </entry>
			    <entry>
				Call Leg/Transaction does not exist
			    </entry>
			</row>
			<row>
			    <entry>
				482 
			    </entry>
			    <entry>
				Loop Detected
			    </entry>
			</row>
			<row>
			    <entry>
				483 
			    </entry>
			    <entry>
				Too Many Hops
			    </entry>
			</row>
			<row>
			    <entry>
				484 
			    </entry>
			    <entry>
				Address Incomplete
			    </entry>
			</row>
			<row>
			    <entry>
				485 
			    </entry>
			    <entry>
				Ambiguous
			    </entry>
			</row>
			<row>
			    <entry>
				486 
			    </entry>
			    <entry>
				Busy Here
			    </entry>
			</row>
			<row>
			    <entry>
				487 
			    </entry>
			    <entry>
				Request Terminated
			    </entry>
			</row>
			<row>
			    <entry>
				488 
			    </entry>
			    <entry>
				Not Acceptable Here
			    </entry>
			</row>
			<row>
			    <entry>
				489 
			    </entry>
			    <entry>
				Bad Event
			    </entry>
			</row>
			<row>
			    <entry>
				491 
			    </entry>
			    <entry>
				Request Pending
			    </entry>
			</row>
			<row>
			    <entry>
				493 
			    </entry>
			    <entry>
				Undecipherable
			    </entry>
			</row>
		    </tbody>
		</tgroup>
	    </table>
	</para>
	
	<para>
	    <table><title>5XX Server-Error</title>
		<tgroup cols='2'>
		    <tbody>
			<row>
			    <entry>
				500 
			    </entry>
			    <entry>
				Internal Server Error
			    </entry>
			</row>
			<row>
			    <entry>
				501 
			    </entry>
			    <entry>
				Not Implemented
			    </entry>
			</row>
			<row>
			    <entry>
				502 
			    </entry>
			    <entry>
				Bad Gateway
			    </entry>
			</row>
			<row>
			    <entry>
				503 
			    </entry>
			    <entry>
				Service Unavailable
			    </entry>
			</row>
			<row>
			    <entry>
				504 
			    </entry>
			    <entry>
				Gateway Time-out
			    </entry>
			</row>
			<row>
			    <entry>
				505 
			    </entry>
			    <entry>
				SIP Version not supported
			    </entry>
			</row>
			<row>
			    <entry>
				513 
			    </entry>
			    <entry>
				Message Too Large
			    </entry>
			</row>
			<row>
			    <entry>
				580 
			    </entry>
			    <entry>
				Precondition Failure
			    </entry>
			</row>
		    </tbody>
		</tgroup>
	    </table>
	</para>
	
	<para>
	    <table><title>6XX Global-Failure</title>
		<tgroup cols='2'>
		    <tbody>
			<row>
			    <entry>
				600 
			    </entry>
			    <entry>
				Busy Everywhere
			    </entry>
			</row>
			<row>
			    <entry>
				603 
			    </entry>
			    <entry>
				Decline
			    </entry>
			</row>
			<row>
			    <entry>
				604 
			    </entry>
			    <entry>
				Does Note Exist Anywhere
			    </entry>
			</row>
			<row>
			    <entry>
				606 
			    </entry>
			    <entry>
				Not Acceptable
			    </entry>
			</row>
		    </tbody>
		</tgroup>
	    </table>
	</para>
    </section>
</section>