OpenSER and Trixbox via MediaProxy

Hi,

I've been tearing my hear out trying to get Trixbox to work for external phones (X-Lite and Linksys SPA962), and am able to get them to register directly via SIP and RTP port forwarding on my router, but no success in audio. If I use IAX2 then everything works perfectly using Zoiper, but X-Lite and the SPA962 do not work.

So...

I installed OpenSER on another box, and after testing over 30 different configs, and trying to understand them, I got SIP registrations to work. I then downloaded MediaProxy and configured this and I'm able to place calls between extensions, of course as soon as I add a test extension in the subscriber table in the openser database.

However, this is only partially what I need to have working, as TrixBox has not yet entered into the scenario. What I really need is for the external SIP phones to register via OpenSER to TrixBox, or more explicitly for TrixBox to authenticate REGISTER and INVITE requests and pass along audio via MediaProxy to the phones. This would allow, I'm hoping, for calls from external phones to be made through to my VOIP provider (link2voip), and for internal and external extensions to talk to each other. Also, this should allow for calls to be sent out to external phones should their extension number be typed/selected.

So...how do I get TrixBox and OpenSER to communicate to allow for all communication to be proxied through to TrixBox to handle REGISTER, INVITE, and voice communications?

I would sincerely appreciate any sample openser.cfg scripts that actually work in this scenario. I've tried with many different scripts on the web with no success in this area.

Oh, by the way. The OpenSER box has two separate NIC cards, has a static external IP, with the second NIC connected to the internal LAN where the TrixBox is located on a separate server.

If somebody is able to help I can send along my scripts for review.

Thanks in advance,
Brian

Thats completely the wrong way to do it.

OpenSER should be registrar and proxy, and should authenticate requests, forwarding then inbound call leg to Trixbox. Trixbox can then create an outbound call leg to wherever you like, and bridge the call.

Fair enough. The problem that I'm encountering then, with registrations in OpenSER, is that when I try to dial another extension or an external line it tells me either "Unauthorized" or "User not Found". Also, when I tried it with one config that allowed me to dial an extension it rang and rang without going to voicemail on the TrixBox.

Does anybody have a sample config that I can use to plug and play into an OpenSER config to correctly be the registrar and proxy, and then to pass calls to TrixBox to handle things like voicemail or call transfers?

Thanks,
Brian

If its telling you 'user not found' it means openser is trying to look for the user in its local registration database. If its saying 'unauthorized', it means you havent configured your phone with the correct credentials for the openser account you've created for the user (or you havent created the user account on openser!) You need to check the uri as it comes in from your authenticated local user that REGISTERs to your openser, and if it matches a certain condition of your definition (e.g. its is of certain length, or has a certain prefix), you need to check that it is out of dialog, and that its valid SIP, and then you need to specifically send it to your trixbox. There are many functions in openser that do this, like rewritehostport() or you can alter the ruri domain to be that of the IP of your trixbox unit, and then just call t_relay().

Check out sipwise.com which is an openser config generator that can get you started, and if you get stuck with the openser stuff, feel free to post in our openser forum here @ voipuser..

X-console,

I have quite the same configuration.
Registration with openser is ok but as I understand it, users have also to be known on the asterisk, for example for the pick-up or conference usage.

So openser handles the save("location") and sends back to UA the 200 OK or something like that.
But, this way, the UA is not registered on the asterisk.

Is there a way to "duplicate" the REGISTER message and send it to the asterisk ?

Thxs

Guys, I am new to this and am stumbling in the dark here too. I cant believe no one has an example anywhere on the web that shows how to couple openSER to Asterisk in order to use openSER as an SBC so far-end NAT clients can register with Asterisk. Thats by far the most common use case.

Still here is my 2 cents:

The issue you seem to have is that you want your clients to register through openSER (probably to use its capabilities to fix far-end NAT) and attach to asterisk as normal local users would without openSER.

As far as I can see, one of the tricks needed to do this is to share your openSER authorization credentials with Asterisk. This can be done, but it involves first migrating your Asterisk to realtime asterisk, which stores all its .conf info in a DB (such as mySQL) instead of text based flat files.

Once you have migrated it all into a DB, you can then write SQL to share the fields from the "sip.conf" table in your DB with the openSER DB subscriber table. This link shows you kind of how to do it but not exactly cause it is ass backwards, i.e. Asterisk is looking up the openSER DB, but you get the idea.

http://www.voip-info.org/wiki/view/Realtime+Integration+Of+Asterisk+With+OpenSER

If someone gets an SQL lookup that works, please share it.

The next step, once that works, is to get NAT fixed and working... geez, so many good ideas, such little time.

Gerry.

fclement :

X-console, I have quite the same configuration. Registration with openser is ok but as I understand it, users have also to be known on the asterisk, for example for the pick-up or conference usage. So openser handles the save("location") and sends back to UA the 200 OK or something like that. But, this way, the UA is not registered on the asterisk. Is there a way to "duplicate" the REGISTER message and send it to the asterisk ? Thxs

gmagill :

Guys, I am new to this and am stumbling in the dark here too. I cant believe no one has an example anywhere on the web that shows how to couple openSER to Asterisk in order to use openSER as an SBC so far-end NAT clients can register with Asterisk. Thats by far the most common use case.

I agree. I read all the time that OpenSER can solve many problems that Asterisk cannot. Because Asterisk is not a SIP registrar; just a great PBX.

Yet, when I go about trying to solve "far-end NAT" and other similar problems, I cannot find a step-by-step (like Trixbox or FreePBX) to integrate OpenSR with Asterisk (TrixBox, FreePBX). It has been very frustrating, especially because I am not Linux savvy.

Anyway, I would like to solve one more problem. As I have read in one of the Asterisk books (and many forums) that if any device (Asterisk Server or a phone) is behind a NAT, canrenvite=yes will NOT force Asterisk server to get out of the media path and make a peer-to-peer media connection between two phones.

My Setup and Problem Description

I have a hosted Asterisk (TrixBox) on a public IP (no NAT) and three remote offices, each with about 10 extensions. All 10 extensions at each location are behind the same NAT and the same LAN. If one extension calls another extension at the same remote location (same LAN), I want that call (media) to go through the LAN and not require expensive WAN bandwidth. At this stage, I am not concerned about any other considerations such as billing, etc.; I just want to be able to do this.

Asterisk, with canrenvite=yes, will do this if both the phones and the server are on the same LAN (behind the same NAT). But not for remote extensions behind NATs.

I would greatly appreciate if someone can point me to a solution specifically for the above described scenario. I have done extensive reading of the many forums that point to various solution approaches; and none of them seem to fit my needs

Use a router with a built-in SIP registrar, such as Intertext, at each remote location (per user licensing)

Use an SBC in front of the hosted Asterisk (does not fit the budget)

What I also read is that OpenSER can address my needs but I can't seem to figure it out how

PS: As a corollary, if I have two remote extensions in the same physical vicinity (say in Bombay), but behind separate NATs, why should an ext-to-ext between them travel from one phone in Bombay to the US and then back to Bombay?

Thanks for your help.

p2pvoice :

PS: As a corollary, if I have two remote extensions in the same physical vicinity (say in Bombay), but behind separate NATs, why should an ext-to-ext between them travel from one phone in Bombay to the US and then back to Bombay? Thanks for your help.

The reason that has to happen is that the two far-end NAT routers do not know anything about each other. There is only one IP-Address that they share that is common and that is your central SBC in USA (and hopefully some day, your openSER IP-Address instead of a SBC). The IP and port bindings are already open to the SBC in USA from each individual client and therefore the far-end NAT routers will accept RTP media streams inbound from that SBC.

If your two clients were to try to stream to each other locally, the packets would be seen as being from an unsolicited IP address (because they don't know anything about each other and have never exchanged information with each other before) and would be dropped.

gmagill :

The reason that has to happen is that the two far-end NAT routers do not know anything about each other. There is only one IP-Address that they share that is common and that is your central SBC in USA (and hopefully some day, your openSER IP-Address instead of a SBC). The IP and port bindings are already open to the SBC in USA from each individual client and therefore the far-end NAT routers will accept RTP media streams inbound from that SBC. If your two clients were to try to stream to each other locally, the packets would be seen as being from an unsolicited IP address (because they don't know anything about each other and have never exchanged information with each other before) and would be dropped.

If I understand you correctly, you are saying that this cannot be done under normal circumstances but it CAN be done with OpenSER in front of Asterisk.

True, that the two clients and the two far-end NAT routers do not know anything about each other. But, possibly, OpenSER or some other functionality within Asterisk, can inform each client about other's whereabouts (IP and port bindings), send re-invites to enable two clients to send stream to each other directly; while OpenSER/Asterisk stays in the loop for call control.

Am I understanding this correctly?

How to get it done is a matter for experts to help us out.

Thanks and Regards,

p2pvoice :

If I understand you correctly, you are saying that this cannot be done under normal circumstances but it CAN be done with OpenSER in front of Asterisk.

No, I dont see how openSER can achieve this either. Neither can STUN or TURN.

The SBC or openSER can not know the outside ports that the far-end NAT router has choosen to send the media to the other client on because it would not be involved in that media stream and thus never "see" it. The other far-end router could then not be informed to dynamically accept streams from those ports and forward them to the correct client behind its NAT.

You must always proxy the media in a hair-pin fashion in a scenario like this.

What you would have to do, is to break out the NAT function of openSER and seperate it from the media proxy functionality of Asterisk and use some other open source mediaproxy instead that you would then place closer to the remote users, i.e. in their country or city.

openSER would then have to control that mediaproxy to hair-pin the media streams of the two callers through it.

This is totally achievable and indeed many SBC verdors can already do this. I am sure, with the right ser.cfg that openSER and a mediaproxy could be made to work.

I think we should walk before we can run. Lets get the base working first...

Quote:

Is there a way to "duplicate" the REGISTER message and send it to the asterisk ?

Not unless your SIP client supports dual registrations for the same account (whoch most do not). You can use OpenSER as a default outbound proxy and redirect the REGISTER through use of the Path header (which I'm guessing asterisk wont support).