├── .gitignore ├── README.md ├── kamailio.cfg └── kamctlrc /.gitignore: -------------------------------------------------------------------------------- 1 | kamailio_siteconfig.cfg 2 | 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Static SIP and RTP relay proxy 2 | ============================== 3 | 4 | Introduction 5 | ------------ 6 | 7 | This project sponsored by BluePackets - http://www.bluepackets.com.au 8 | 9 | This is a Kamailio configuration that builds up a static SIP and RTP 10 | proxy and relays the packets between two IP interfaces on the relay 11 | server and two remote SIP servers. It allows to hide the internal 12 | network topology and to go around some security or topology 13 | restrictions. 14 | 15 | The network topology consists of two segments: internal and 16 | external. The relay server has IP interfaces in both segments, and 17 | forwards SIP messages and RTP data in both directions. 18 | 19 | The following IP addresses and ports are used further in this document: 20 | 21 | * Internal SIP server: `10.0.0.10:5060` 22 | * Relay server's interface in internal network: `10.5.5.5:5060` 23 | * Relay server's interface in external network: `192.0.2.5:5060` 24 | * External SIP server: `198.51.100.100:5060` 25 | 26 | 27 | When `10.0.0.10` needs to send a SIP call to `198.51.100.100`, it sends 28 | it to `10.5.5.5`, and when `198.51.100.100` needs to send a call to 29 | `10.0.0.10`, it sends it to `192.0.2.5`. Both SIP servers see the 30 | corresponding relay's interface IP address as the source address in 31 | received packets. The RTP media is relayed using the same principle. 32 | 33 | The configuration is completely symmetrical, but the internal and 34 | external addresses should not be mixed up. 35 | 36 | 37 | Software installation 38 | --------------------- 39 | 40 | The following is the installation sequence for Debian Wheezy. 41 | 42 | ``` 43 | curl http://deb.kamailio.org/kamailiodebkey.gpg | apt-key add - 44 | 45 | cat >/etc/apt/sources.list.d/kamailio.list </etc/default/kamailio <<'EOT' 52 | # Kamailio startup options 53 | RUN_KAMAILIO=yes 54 | USER=kamailio 55 | GROUP=kamailio 56 | SHM_MEMORY=64 57 | PKG_MEMORY=8 58 | CFGFILE=/etc/kamailio/kamailio.cfg 59 | DUMP_CORE=yes 60 | EOT 61 | 62 | cat >/etc/rsyslog.d/siprelay.conf <<'EOT' 63 | local0.* -/var/log/kamailio.log 64 | local1.* -/var/log/rtpproxy.log 65 | EOT 66 | 67 | service rsyslog restart 68 | 69 | cat >/etc/logrotate.d/siprelay <<'EOT' 70 | /var/log/kamailio.log 71 | /var/log/rtpproxy.log 72 | { 73 | rotate 4 74 | weekly 75 | missingok 76 | notifempty 77 | compress 78 | delaycompress 79 | sharedscripts 80 | postrotate 81 | invoke-rc.d rsyslog rotate > /dev/null 82 | endscript 83 | } 84 | EOT 85 | ``` 86 | 87 | `sngrep` is a convenient tool for debugging SIP sessions. It requires a 88 | wide text terminal with color support (xterm, for example). It is not 89 | required, but very handy in troubleshooting and tuning a SIP service: 90 | 91 | ``` 92 | apt-get update && \ 93 | apt-get install -y git autoconf automake gcc make libncurses5-dev \ 94 | libpcap-dev libssl-dev libpcre3-dev 95 | cd /usr/local/src 96 | git clone https://github.com/irontec/sngrep.git 97 | cd sngrep/ 98 | ./bootstrap.sh && ./configure && make install 99 | ``` 100 | 101 | 102 | Proxy configuration 103 | ------------------- 104 | 105 | All site-specific configuration is done in `kamailio_siteconfig.cfg`, 106 | and this file is ignored by Git. This allows you to keep the Github 107 | remote for future updates. You can also create your own branch where 108 | `kamailio_siteconfig.cfg` is excluded from `.gitignore`, and merge the 109 | updates from Github with your branch. 110 | 111 | ``` 112 | cd /etc/kamailio 113 | /bin/rm * 114 | git clone https://github.com/voxserv/kamailio-static-relay.git . 115 | 116 | cat >kamailio_siteconfig.cfg <<'EOT' 117 | #!substdef "/INTERNAL_HOST/10.0.0.10/" 118 | #!substdef "/INTERNAL_PORT/5060/" 119 | #!substdef "/EXTERNAL_HOST/198.51.100.100/" 120 | #!substdef "/EXTERNAL_PORT/5060/" 121 | port=5060 122 | EOT 123 | 124 | 125 | # -l option specifies the relay NIC addresses, and the order is important: 126 | # internal NIC address should go first. The UDP port range is up to you, 127 | # and it should be consistent with all surrounding firewall configurations 128 | 129 | cat >/etc/default/rtpproxy <<'EOT' 130 | CONTROL_SOCK=udp:127.0.0.1:9000 131 | EXTRA_OPTS="-l 10.5.5.5/192.0.2.5 -m 10000 -M 40000 -d WARN:LOG_LOCAL1" 132 | EOT 133 | 134 | insserv rtpproxy 135 | service rtpproxy restart 136 | 137 | insserv kamailio 138 | service kamailio start 139 | ``` 140 | 141 | 142 | Author 143 | ------ 144 | 145 | Copyright (c) 2015 Stanislav Sinyagin 146 | http://voxserv.ch/ 147 | 148 | 149 | Permission is hereby granted, free of charge, to any person obtaining a copy 150 | of this software and associated documentation files (the "Software"), to deal 151 | in the Software without restriction, including without limitation the rights 152 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 153 | copies of the Software, and to permit persons to whom the Software is 154 | furnished to do so, subject to the following conditions: 155 | 156 | The above copyright notice and this permission notice shall be included in 157 | all copies or substantial portions of the Software. 158 | 159 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 160 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 161 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 162 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 163 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 164 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 165 | THE SOFTWARE. -------------------------------------------------------------------------------- /kamailio.cfg: -------------------------------------------------------------------------------- 1 | #!KAMAILIO 2 | 3 | ################################################################ 4 | # 5 | # SIP relay server for Bluepackets 6 | # Author: Stanislav Sinyagin 7 | # 8 | ################################################################ 9 | 10 | fork=yes 11 | children=4 12 | 13 | 14 | ### Site-specific configuration defines hosts and ports 15 | include_file "/etc/kamailio/kamailio_siteconfig.cfg" 16 | 17 | ####### Global Parameters ######### 18 | 19 | #!ifdef WITH_DEBUG 20 | debug=4 21 | log_stderror=no 22 | #!else 23 | debug=2 24 | log_stderror=no 25 | #!endif 26 | 27 | memdbg=5 28 | memlog=5 29 | 30 | log_facility=LOG_LOCAL0 31 | 32 | # This is not part of siteconfig because the routing logic 33 | # depends on these settings 34 | disable_tcp=yes 35 | auto_aliases=no 36 | mhomed=1 37 | 38 | 39 | ####### Modules Section ######## 40 | 41 | mpath="/usr/lib/x86_64-linux-gnu/kamailio/modules" 42 | 43 | loadmodule "mi_fifo.so" 44 | loadmodule "kex.so" 45 | loadmodule "sl.so" 46 | loadmodule "rr.so" 47 | loadmodule "pv.so" 48 | loadmodule "maxfwd.so" 49 | loadmodule "textops.so" 50 | loadmodule "siputils.so" 51 | loadmodule "xlog.so" 52 | loadmodule "sanity.so" 53 | loadmodule "ctl.so" 54 | loadmodule "cfg_rpc.so" 55 | loadmodule "mi_rpc.so" 56 | 57 | loadmodule "rtpproxy.so" 58 | 59 | 60 | #!ifdef WITH_DEBUG 61 | loadmodule "debugger.so" 62 | #!endif 63 | 64 | # ----------------- setting module-specific parameters --------------- 65 | 66 | 67 | modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo") 68 | 69 | 70 | modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:9000") 71 | modparam("rtpproxy", "nortpproxy_str", "") 72 | 73 | #!ifdef WITH_DEBUG 74 | # ----- debugger params ----- 75 | modparam("debugger", "cfgtrace", 1) 76 | #!endif 77 | 78 | ####### Routing Logic ######## 79 | 80 | 81 | route { 82 | if (!sanity_check()) { 83 | exit; 84 | } 85 | 86 | if ( !mf_process_maxfwd_header("10") ) 87 | { 88 | sl_send_reply("483","To Many Hops"); 89 | xlog("L_NOTICE", "$si $rm $ru -- too many hops\n"); 90 | exit; 91 | } 92 | 93 | if( !is_method("OPTIONS") ) 94 | { 95 | xlog("L_INFO", "received SIP request: " + 96 | "$si:$sp -> $rm $ru From: $fu To: $tu\n"); 97 | } 98 | 99 | if( !loose_route() ) 100 | { 101 | $var(usr) = ""; 102 | if( !strempty($rU) ) 103 | { 104 | $var(usr) = $rU + "@"; 105 | } 106 | 107 | if (src_ip == INTERNAL_HOST && src_port == INTERNAL_PORT) 108 | { 109 | $du = "sip:" + "EXTERNAL_HOST" + ":" + "EXTERNAL_PORT"; 110 | $ru = "sip:" + $var(usr) + "EXTERNAL_HOST" + ":" + "EXTERNAL_PORT"; 111 | rtpproxy_manage("cwie"); 112 | } 113 | else if (src_ip == EXTERNAL_HOST && src_port == EXTERNAL_PORT) 114 | { 115 | $du = "sip:" + "INTERNAL_HOST" + ":" + "INTERNAL_PORT"; 116 | $ru = "sip:" + $var(usr) + "INTERNAL_HOST" + ":" + "INTERNAL_PORT"; 117 | rtpproxy_manage("cwei"); 118 | } 119 | else 120 | { 121 | xlog("L_NOTICE", "Dropping request: $si:$sp $rm $ru\n"); 122 | exit; 123 | } 124 | } 125 | 126 | record_route(); 127 | 128 | forward(); 129 | if( !is_method("OPTIONS") ) 130 | { 131 | xlog("L_INFO", "forwarding SIP request: " + 132 | "$nh(u) <- $rm $ru From: $fu To: $tu\n"); 133 | } 134 | } 135 | 136 | 137 | onreply_route { 138 | 139 | if( !is_method("OPTIONS") ) 140 | { 141 | xlog("L_INFO", "received SIP reply: " + 142 | "$si:$sp -> $rs $rm From: $fu To: $tu\n"); 143 | } 144 | 145 | if (src_ip == INTERNAL_HOST && src_port == INTERNAL_PORT) 146 | { 147 | rtpproxy_manage("cwei"); 148 | } 149 | else if(src_ip == EXTERNAL_HOST && src_port == EXTERNAL_PORT) 150 | { 151 | rtpproxy_manage("cwie"); 152 | } 153 | else 154 | { 155 | exit; 156 | } 157 | 158 | return(1); 159 | } 160 | 161 | 162 | 163 | # Local Variables: 164 | # mode: sh 165 | # sh-indent-after-if: 0 166 | # indent-tabs-mode: nil 167 | # tab-width: 4 168 | # End: 169 | -------------------------------------------------------------------------------- /kamctlrc: -------------------------------------------------------------------------------- 1 | ## control engine: FIFO or UNIXSOCK 2 | ## - default FIFO 3 | CTLENGINE="FIFO" 4 | 5 | ## path to FIFO file 6 | FIFOPATH="/tmp/kamailio_fifo" 7 | 8 | --------------------------------------------------------------------------------