[Spce-user] How to register 3rd party SIP service provider.

Stefan Sayer stefan.sayer at googlemail.com
Tue Jan 11 09:32:48 EST 2011 

Hi,

so here's an update to this - with a newer version of SEMS (from git 
master) we can also handle incoming calls correctly, for example based 
on the source IP address of the INVITE message, we can select to 
either send the call to 3rd party service provider with 
authentication, or refuse it, or send it to ngcp to route that to 
local user.

Installation:
-------------
A newer build (1.4.0-dev8a9bca7) is available at
http://ftp.iptel.org/pub/sems/1.4/1.4.0-dev8a9bca7/packages/debian/lenny64/sems_1.4.0-dev8a9bca7_amd64.deb

If you are following the receipe below, replace the this URL for 
1.4.0-dev423329a  with this one.

If you have followed the tutorial below, and you would like to update 
by unpacking this in /opt/sems/ as described below, be sure to make a 
backup of your previous configuration, as the configuration will be 
overwritten otherwise. What worked for me was:
  cd /opt/
  mv sems sems1
  mkdir sems; cd sems
  wget 
http://ftp.iptel.org/pub/sems/1.4/1.4.0-dev8a9bca7/packages/debian/lenny64/sems_1.4.0-dev8a9bca7_amd64.deb
  ar x sems_1.4.0-dev8a9bca7_amd64.deb ; tar xzvf data.tar.gz
  rm control.tar.gz  data.tar.gz  debian-binary
  cp -r ../sems1/etc/sems/* etc/sems/

Refusing incoming calls from 3rd party SIP service provider
-----------------------------------------------------------
To refuse incoming calls from the 3rd party provider, we set the 
following:
/opt/sems/etc/sems/etc/sbc.conf:
  profiles=auth_b2b,refuse
  active_profile=$M($si=>src_ipmap),refuse
  regex_maps=src_ipmap

And in /opt/sems/etc/sems/etc/src_ipmap.conf we map our own IP to the 
auth_b2b SBC profile:
  #^10\.0\..*=>internal1
  #^10\.1\..*=>internal2
  ^<your public IP>=>auth_b2b

e.g.
   ^69.163.11.15=>auth_b2b

We can set the error code in 
/opt/sems/etc/sems/etc/refuse.sbcprofile.conf (by default it is 403).

Routing incoming calls to ngcp
------------------------------
If we want to route incoming calls from the service provider to ngcp, 
we set
/opt/sems/etc/sems/etc/sbc.conf:
  profiles=auth_b2b,to_ngcp
  active_profile=$M($si=>src_ipmap),to_ngcp
  regex_maps=src_ipmap

and create a file
/opt/sems/etc/sems/etc/to_ngcp.sbcprofile.conf:
  RURI=sip:$rU@<ngcp domain.net>
  next_hop_ip=<your public IP>
  next_hop_port=5060

e.g.
  RURI=sip:$rU at myngcp.net
  next_hop_ip=69.163.11.15
  next_hop_port=5060

We should then be able to use inbound rewrite rules for Callee on our 
domain, applying that to the user name of the 3rd party provider that 
we have registered to, in the example 8111111 (even though I wam not 
able to create any rules that match here). If the 3rd party provider 
sets the callee in the To, we could also e.g. use 
RURI=sip:$tU at myngcp.net .

If incoming calls should always be routed to one user, e.g. to 
stefan at myngcp.net, then we can set:
  RURI=sip:stefan at myngcp.net
  next_hop_ip=69.163.11.15
  next_hop_port=5060

Further customization
---------------------
All the sbc module options, including the replacement patterns to use 
in RURI, From and To, are explained in the SEMS sbc module Documentation:
http://git.sip-router.org/cgi-bin/gitweb.cgi?p=sems;a=blob_plain;f=doc/Readme.sbc.txt

Stefan


o Stefan Sayer on 01/06/2011 04:59 PM:
> Hi,
> 
> here follows a short tutorial on how to use newer SEMS to register to 
> 3rd party SIP provider and authenticate *outgoing calls*. (Incoming 
> calls are not supported atm, in fact they will probably be sent back to 
> the 3rd party).
> 
> Possibly the sipwise wizards can integrate something like that into the 
> next ngcp release.
> 
> -------------------------------------------------------------------
> Using SEMS to register to SIP provider and authenticate calls through a 
> B2BUA
> 
> Here is how current SEMS can be used to register an ngcp-ce to a SIP 
> provider, and authenticate outgoing calls.
> 
> Handling incoming calls is not supported at the moment, this will be 
> added in the next part of this tutorial.
> 
> 1. get & unpack SEMS:
> Unfortunately, the SEMS version in use in the ngcp repos too old to 
> contain the SBC module.
> therefore we will just download and unpack the SEMS package and install 
> it into /opt/sems/
> like this:
>  ~# cd /opt/
>  /opt# mkdir sems && cd sems
>  /opt/sems# wget 
> ftp://ftp.iptel.org/pub/sems/1.4/1.4.0-dev423329a/packages/debian/lenny64/sems_1.4.0-dev423329a_amd64.deb 
> 
> /opt/sems# ar x sems_1.4.0-dev423329a_amd64.deb ; tar xzvf data.tar.gz
> /opt/sems# rm data.tar.gz debian-binary control.tar.gz
> 
> 2. edit config files
> In these config files, there are explanations for each of the config 
> settings. Some are commented (with a hash #), some not. I'm assuming I 
> want to register as user 8111111 at sipgate.de with the password 4asdb11 
> (just an example).
> 
> Adapt these settings:
> 
> /opt/sems# joe etc/sems/sems.conf
>  sip_ip=<your public IP>
>  sip_port=5090
>  plugin_path=/opt/sems/usr/lib/sems/plug-in/
>  load_plugins=reg_agent;registrar_client;uac_auth;session_timer;sbc
>  application=sbc
>  plugin_config_path=/opt/sems/etc/sems/etc/
>  unhandled_reply_loglevel=info
> 
> (Ctrl-KX to save and exit)
> 
> /opt/sems# joe etc/sems/etc/reg_agent.conf
>  domain=sipgate.de
>  user=8111111
>  display_name=8111111
>  auth_user=8111111
>  pwd=4asdb11
> 
> /opt/sems# joe etc/sems/etc/sbc.conf
>  profiles=auth_b2b
>  active_profile=auth_b2b
> 
> /opt/sems# joe etc/sems/etc/auth_b2b.sbcprofile.conf
>  RURI=sip:$rU at sipgate.de
>  From="\"8111111\" <sip:8111111 at sipgate.de>"
>  To="\"$rU\" <sip:$rU@$sipgate.de>"
>  enable_auth=yes
>  auth_user=8111111
>  auth_pwd=4asdb11
> 
> 3. check out whether registering works:
> /opt/sems# usr/sbin/sems -f etc/sems/sems.conf -D 3 -E
> 
> now you should see many log lines, and pretty much at the end something 
> like
> "DEBUG: positive reply to REGISTER!", two boxes with "DEBUG: --- Contact 
> Info ---"
> and periodically messages like:
>  "DEBUG: Got state RegisterActive with expires 590s for registration."
> If that's the case, you are registered.
> 
> Now you can create a peering server, in a peering group, like:
>  Name: sipgate through SEMS
>  IP Address: <your public IP>
>  Port: 5090
>  Weight: 1
> 
> and place a call. In the log you should now see many lines with SIP 
> messages, specifically an INVITE coming in, and INVITE being sent out, a 
> 407 coming back, another INVITE going out etc. If you are getting 407 
> back to the caller, the user/password you entered above in
> auth_b2b.sbcprofile.conf is probably not correct.
> 
> 4. start SEMS as a daemon
> In the terminal window that you have open above, you can hit Ctrl-C to 
> stop SEMS.
> Now we adapt the init files to start the SEMS from /opt as a daemon:
> /opt/sems# joe etc/default/sems
>  SEMS_CFG_FILE="/opt/sems/etc/sems/sems.conf"
>  SEMS_PIDFILE="/var/run/sems/sems-sbc.pid"
> /opt/sems# joe etc/init.d/sems
>  if test -f /opt/sems/etc/default/sems ; then
>    . /opt/sems/etc/default/sems
>  fi
> 
>  PATH=/sbin:/bin:/usr/sbin:/usr/bin
>  DAEMON=/opt/sems/usr/sbin/sems
> 
>  ...
> 
>  LD_LIBRARY_PATH=/opt/sems/usr/lib/sems
>  export LD_LIBRARY_PATH
> 
> /opt/sems# ln -s /opt/sems/etc/init.d/sems /etc/init.d/sems-sbc
> 
> Then the SBC-SEMS can be started with
>  # /etc/init.d/sems-sbc start
> and added to runlevels e.g. with update-rc.d sems
> 
> 5. how to remove all this:
>  - stop SEMS with /etc/init.d/sems-sbc stop or kill -9 `cat 
> /var/run/sems/sems-sbc.pid`
>  - rm -rf /opt/sems
>  - rm /etc/init.d/sems-sbc
> 
> Happy hacking!
> -------------------------------------------------------------------
> 
> Stefan
> 
> 
> 
> o Chris Michael on 01/06/2011 01:11 PM:
>> Hi Stefan,
>>
>> Thanks for the response and the proposed solution. I'm in no way 
>> technical and most of that went way over my head, but i'll get the 
>> person who installed the platform to have a look into it.
>>
>> Offering to post a how to is very kind of you, I'm sure it will 
>> benefit other users of the platform also.
>>
>> We were looking for an all-encompassing solution like sipwise because 
>> we found using multiple platforms and writing patches and custom 
>> script had a knock on effect on the overall stability and security of 
>> the platform, but also worried that software updates to the platforms 
>> would break any custom codes or configurations. If this is the case 
>> with your solution it may be worth pointing it out in the how to 
>> document so people can bear it in mind.
>>
>> Thanks,
>>
>> Chris
>>
>> On 6 Jan 2011, at 11:32, Stefan Sayer wrote:
>>
>>> Hello,
>>>
>>> you could easily have SEMS register to that 3rd party SIP provider, 
>>> as in ngcp you already have the necessary modules installed (add 
>>> registrar_client, reg_agent and uac_auth to load_plugins, and 
>>> configure the account in /etc/sems/reg_agent.conf). But then SEMS 
>>> registers with its contact at port 5080. So, if the sipwise guys are 
>>> not coming up with a solution, and you are still interested, I might 
>>> post a howto using reg_agent and newer SEMS' sbc module, which lets 
>>> you do this kind of trunking easily.
>>>
>>> Stefan
>>>
>>> o Chris Michael on 01/06/2011 11:59 AM:
>>>> How simple to implement is this and when will it be available? 
>>>> Without it we'll have to look into using a different platform 
>>>> unfortunately.
>>>> On 5 Jan 2011, at 15:18, Tyrone Miles wrote:
>>>>> Team,
>>>>> This is much needed, and I would also like to see it in the next 
>>>>> release.
>>>>> Thanks.
>>>>>> Date: Wed, 5 Jan 2011 13:44:08 +0100
>>>>>> From: dtiefnig at sipwise.com <mailto:dtiefnig at sipwise.com>
>>>>>> To: spce-user at lists.sipwise.com <mailto:spce-user at lists.sipwise.com>
>>>>>> Subject: Re: [Spce-user] How to register 3rd party SIP service 
>>>>>> provider.
>>>>>>> On 01/05/2011 01:26 PM, Sailo VL Hruaia wrote:
>>>>>>> Is it possible to register to 3rd party SIP service provider for 
>>>>>>> > > termination of calls using their service?
>>>>>>> Doing a SIP REGISTER? Not at the moment, but should be easy to
>>>>>> implement. I'll discuss that with the SIP guys over here if we can 
>>>>>> get
>>>>>> it into the next release maybe.
>>>>>>> br,
>>>>>> daniel
>>>>>>> _______________________________________________
>>>>>> Spce-user mailing list
>>>>>> Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com>
>>>>>> http://lists.sipwise.com/listinfo/spce-user
>>>>> _______________________________________________
>>>>> Spce-user mailing list
>>>>> Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com>
>>>>> http://lists.sipwise.com/listinfo/spce-user
>>>> ------------------------------------------------------------------------ 
>>>>
>>>> _______________________________________________
>>>> Spce-user mailing list
>>>> Spce-user at lists.sipwise.com
>>>> http://lists.sipwise.com/listinfo/spce-user
>>>
>>> -- 
>>> Stefan Sayer
>>> VoIP Services Consulting and Development
>>>
>>> Warschauer Str. 24
>>> 10243 Berlin
>>>
>>> tel:+491621366449
>>> sip:sayer at iptel.org
>>> email/xmpp:stefan.sayer at gmail.com
>>>
>>>
>>
>>
> 
> 


-- 
Stefan Sayer
VoIP Services Consulting and Development

Warschauer Str. 24
10243 Berlin

tel:+491621366449
sip:sayer at iptel.org
email/xmpp:stefan.sayer at gmail.com

More information about the Spce-user mailing list