kamailio: controlling presence with new module `pua_json`

I recently submitted a new module to the kamailio project which adds an interface to update/control presence records using json. Effectively, you can turn on/off a phone’s Busy Lamp Field (BLF) by sending an http request containing json body to kamailio. The following is a quick guide on how to set up kamailio to accept http requests and update presence using two modules: xhttp and pua_json.

xhttp module

To setup kamailio to listen for http requests, you need to listen on a tcp interface.  I’ve setup kamailio to listen on localhost because I don’t need to expose this service outside of the local machine. So in my kamailio.cfg, I have:

# allow http requests
listen=tcp:127.0.0.1:8080
tcp_accept_no_cl=yes

# load the module
loadmodule "xhttp.so
pua_json module

The pua_json requires no configuration parameters at this time. It simply exposes a function to update presentity from a json object. You will probably want the json module loaded so you can parse and validate some of the json. And you will need to properly configure all your presence modules to handle SIP SUBSCRIBEs, etc…

# load modules
loadmodule "json.so"
loadmodule "pua_json.so"
the event route

The last piece of the setup is the xhttp event_route which is used to handle the http requests containing json object. This is a simple example of such a route:

event_route[xhttp:request] {
    if ($hu != "/presence/") {
        xlog("L_INFO", "invalid request [$hu]");
        xhttp_reply("404", "Not Found", "text/html", "");
        return;
     }
     $var(call-id) = $(rb{json.parse,Call-ID});
     xlog("L_INFO", "$var(call-id)|log|[$hu] payload $rb");
     if ($(rb{json.parse,Event-Package}) == "dialog") {
        xlog("L_INFO", "$var(call-id)|log|received $(rb{json.parse,Event-Package}) update for $(rb{json.parse,From}) $rb");
        pua_json_publish($rb);
    }
    xhttp_reply("200", "OK", "text/html", "$rb");
}

The route basically checks to make sure the http endpoint matches `/presence/` and only executes presence updates for “dialog” events. I showed an example of how to parse the Call-ID using the json module as well.

the curl request

Once you have kamailio configured, you are ready to send a curl request to test presence!
Turn on a hold light with a request like so:

curl -d '{"Call-ID":"park+01@test03.vxs.local","Event-Category":"presence","Event-Name":"update","Event-Package":"dialog","Expires":"3600","To":"sip:user01@test03.vxs.local","To-User":"user01","To-Realm":"test03.vxs.local","From":"sip:park+01@test03.vxs.local","From-User":"park+01","From-Realm":"test03.vxs.local","State":"confirmed"}' http://localhost:8080/presence/

Turn off a hold light with a request like (the only difference from above, is the “state” in this request):

curl -d '{"Call-ID":"park+01@test03.vxs.local","Event-Category":"presence","Event-Name":"update","Event-Package":"dialog","Expires":"3600","To":"sip:user01@test03.vxs.local","To-User":"user01","To-Realm":"test03.vxs.local","From":"sip:park+01@test03.vxs.local","From-User":"park+01","From-Realm":"test03.vxs.local","State":"confirmed"}' http://localhost:8080/presence/

If you have a phone subscribed to “park+01@test03.vxs.local” you should see the BLF color change when the state is confirmed, and then change back to the original color after the 2nd curl request.

kamailio high availability using keepalived

This is a quick post on how to use keepalived to setup high-availability on two kamailio machines. In this setup there will be a “primary” and “secondary” node. Each node will be running kamailio and keepalived with a “shared” or sometimes referred to as a “floating” IP address.
The idea is that each node will be running health checks on itself and the other node. If a node detects kamailio as being down, it will move the “floating” IP address to itself and become the MASTER node.
After the IP address is moved, all SIP traffic will be automatically directed to the new MASTER node. Both kamailio nodes should be running almost identical routing configs in order to ensure traffic is routed properly after fail-over. This setup was tested on Debian9 with kamailio version 5.10.

We will use the following example IP address setup:

node 1 IP Address: 1.2.3.4
node 2 IP Address: 5.6.7.8
“floating” IP Address: 5.5.5.5

In order for this example to work, you need to enable binding to a non-local IP address. On each node run to enable this setting:
$ echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind

To permanently save this setting, add the following line to a file like /etc/sysctl.d/99-non-local-bind.conf
net.ipv4.ip_nonlocal_bind = 1

We will want kamailio to bind to the floating IP address and also to allow SIP OPTION pings from each of the other nodes. So you will want something like this in your kamailio.cfg:

#!substdef "!NODE01!1.2.3.4!g"
#!substdef "!NODE02!5.6.7.8!g"

# bind to local IP and "floating" IP
listen=udp:1.2.3.4:5060 # on node 2, use 5.6.7.8 here
listen=udp:5.5.5.5:5060

# main request routing logic
route {

  # allow pings from other node
  if (is_method("OPTIONS") && ($si == "NODE01" || $si == "NODE02")) {
    options_reply();
  }

  ...

}

Start kamailio and make sure it’s running.

Next we will setup keepalived. To install everything we need run:
$ apt-get install libipset3 sipsak keepalived

We will be using sipsak with a custom bash script to report the “health” of each node. Add the following bash script to node 1 at /etc/keepalived/node01.sh

#!/bin/bash

node01=1.2.3.4
node02=5.6.7.8
return_code=0 # success

# check local instance
timeout 2 sipsak -s sip:$node01:5060
exit_status=$?
if [[ $exit_status -eq 0 ]]; then
  echo "sip ping successful to node01 [$node01]"
  exit $return_code
fi

# local instance failed, check remote
timeout 2 sipsak -s sip:$node02:5060
exit_status=$?
if [[ $exit_status -eq 0 ]]; then
  echo "sip ping successful to node02 [$node02]"
  return_code=1
fi

echo "return code [$return_code]"

exit $return_code

Make sure the file is executable:
$ chmod +x /etc/keepalived/node01.sh
The script on node 1 checks the health of kamailio locally first (by sending a SIP OPTION ping), if it fails, it checks the health of node 2. If node 1 is healthy, it reports success to keepalived by returning 0. If node 1 is not healthy and node 2 is healthy, it reports a failure to keepalived by returning 1.

And add the following bash script to node 2 at /etc/keepalived/node02.sh

#!/bin/bash

node01=1.2.3.4
node02=5.6.7.8
return_code=1 # fail

# check remote instance fist
timeout 2 sipsak -s sip:$node01:5060
exit_status=$?
if [[ $exit_status -eq 0 ]]; then
  echo "sip ping successful to node01 [$node01]"
  exit $return_code
fi

# remote instance failed, check local
timeout 2 sipsak -s sip:$node02:5060
exit_status=$?
if [[ $exit_status -eq 0 ]]; then
  echo "sip ping successful to node02 [$node02]"
  return_code=0
fi

echo "return code [$return_code]"

exit $return_code

Make sure the file is executable:
$ chmod +x /etc/keepalived/node02.sh
The script on node 2 checks the health of kamailio on node 1 (remotely) first, if it fails, it checks the health of node 2 (locally). If node 1 is healthy, it reports a “local” failure to keepalived by returning 1. If node 1 is not healthy and node 2 is healthy, it reports a “success” to keepalived by returning 0.

keepalived will promote the node to MASTER based on the return code reported by the bash scripts. You can get more creative and add more logic if you’d like, but for the purposes of this post, I kept it simple.

Last we will configure keepalived by editing the following file on node 1: /etc/keepalived/keepalived.conf

vrrp_script check_sip {
  script "/etc/keepalived/node01.sh"
  interval 6 # check every 6 seconds
}

vrrp_instance VI_SBC {
  state MASTER
  interface eth0
  virtual_router_id 51
  advert_int 1
  authentication {
    auth_type PASS
    auth_pass 11111
  }
  virtual_ipaddress {
    5.5.5.5 dev eth0
  }
  track_script {
    check_sip
  }
}

And on node 2: /etc/keepalived/keepalived.conf

vrrp_script check_sip {
  script "/etc/keepalived/node02.sh"
  interval 6 # check every 6 seconds
}

vrrp_instance VI_SBC {
  state BACKUP
  interface eth0
  virtual_router_id 51
  advert_int 1
  authentication {
    auth_type PASS
    auth_pass 11111
  }
  virtual_ipaddress {
    5.5.5.5 dev eth0
  }
  track_script {
    check_sip
  }
}

The settings above basically say to check health of each node every 6 seconds. If the node should become master, enable the floating IP (5.5.5.5).

Start keepalived service on each node and watch the syslog. As long as kamailio is running and responsive to the SIP OPTION pings on node 1, it will be MASTER. You can test by turning off kamailio on node 1 and watching the IP move to node 2. Use the following command to check for the IP address:
$ ip addr show

 

Kamailio and FreeSWITCH on the same server with NSQ and JANSSON-RPC

This post will demonstrate how to run FreeSWITCH and Kamailio on a single server.
FreeSWITCH will handle authentication and act as registrar while Kamailio will handle presence updates using the NSQ module. You might be wondering why this setup would be useful. The reason we found, is that FreeSWITCH is not so great at handling presence updates. It relies heavily on SQL queries, and when you are dealing with 800+ user-agents all doing presence, FreeSWITCH can’t really keep up. You also may be wondering why not have Kamailio act as registrar. The reason FreeSWITCH will be registrar is we had a system in place already (single FreeSWITCH instance) and it would require too large of a change to move authentication to Kamailio. So this exact setup may not be so useful for many, it does contain helpful hints on how to run Kamailio and FreeSWITCH together on a single server, it also demonstrates use of NSQ and the JANSSON-RPC module.

In order for FreeSWITCH and Kamailio to run on a single server, both services must bind to different ports on a single interface or on separate interfaces altogether. In this setup, I have FreeSWITCH setup to bind SIP on the loopback interface (127.0.0.1), RTP on the public facing interface and Kamailio binding to the public facing interface (4.5.6.7:5060). I used the dispatcher module to detect if FreeSWITCH is up or down.
Here is my dispatcher.list:

#setid sipdest flags priority attrs
1 sip:127.0.0.1:5060 2 0 duid=1

Next you’ll have to setup a FreeSWITCH sofia profile to bind to loopback for SIP and public interface for RTP:

<configuration name="sofia.conf" description="Sofia">
  <profiles>
    <profile name="local">
      <settings>
        ...
        <param name="sip-ip" value="127.0.0.1"/>
        <param name="sip-port" value="5060"/>
        <param name="rtp-ip" value="4.5.6.7"/>
        ...
      </settings>
    </profile>
  </profiles>
</configuration>

I named the profile local but you can obviously name it whatever you like. That’s it for the FreeSWITCH side of things, make sure your profile is loaded by doing:
fs_cli -x "sofia status profile local"

You should see in output:

RTP-IP                 4.5.6.7
SIP-IP                 127.0.0.1
URL                     sip:mod_sofia@127.0.0.1:5060
BIND-URL                sip:mod_sofia@127.0.0.1:5060;transport=udp,tcp

Now it’s time to setup Kamailio, I’ll highlight some important sections and attach the entire kamailio.cfg at the end of post.
First thing I like to do in my kamailio.cfg is setup the global definitions that will be used later (that way the script is more portable):

# - defines
#!define DBURL "postgres://kamailio:kamailio@localhost/kamailio"
#!define JANSSON_RPC "conn=presence;addr=localhost;port=8080;priority=10;weight=10"
#!define LISTEN 4.5.6.7:5060

The DBURL is required for presence and NSQ modules, so you will need to provision your database with the appropriate tables. Now define the module parameters, the ones I will highlight are related to NSQ:

modparam("nsq", "db_url", DBURL)
modparam("nsq", "consumer_workers", 1)
modparam("nsq", "topic_channel", "presence:kamailio")
modparam("nsq", "max_in_flight", 200)
modparam("nsq", "lookupd_address", "nsqlookup01")
modparam("nsq", "pua_mode", 1)

The topic_channel tells Kamailio to listen for messages on the presence topic and uses the kamailio channel. The lookupd_address tells kamailio to how to find the producers. If you are unfamiliar with NSQ, I suggest you check out the documentation (http://nsq.io/)

I setup a JANSSON-RPC server running on the localhost (written in golang) which checks for active calls when a user-agent subscribes and sends an NSQ message to Kamailio in the event the To-User is actually on a call. Here we define the JANSSON-RPC server:

modparam("janssonrpc-c", "result_pv", "$var(jsrpc_result)")
modparam("janssonrpc-c", "server", JANSSON_RPC)

The result_pv is used to receive results from the RPC request. In our case, we don’t care about the result since our NSQ module will receive a message on result.

Now let’s check out the route section of our config. You’ll notice one of the first thing that happens in our config is CHECK_SOURCE_IP

route[CHECK_SOURCE_IP] {
    if ($si == "127.0.0.1") {
        setflag(FLAG_FROM_FREESWITCH);
    } else {
        route(NAT_TEST_AND_CORRECT);
    }
}

Since we should only be receiving requests from FreeSWITCH on the loopback, we can easily determine “who” is sending our SIP packet. I set a flag here, FLAG_FROM_FREESWITCH, which is very important later on. If the packet is not from FreeSWITCH, we do some NAT handling:

route[NAT_TEST_AND_CORRECT] {
    if (is_method("REGISTER")) {
        if (nat_uac_test("19")) {
            fix_nated_contact();
        }
    } else {
        if (nat_uac_test("3")) {
            fix_nated_contact();
            force_rport();
        }
        if (has_body("application/sdp") && nat_uac_test("8")) {
            fix_nated_sdp("10");
        }
    }
}

We handle NAT for REGISTERs in a specific way here because we must send the correct contact header to FreeSWITCH, otherwise FreeSWITCH will get contact header containing a private IP and will not know how to route INVITEs to the user-agent.

Next we handle the SIP SUBSCRIBE:

route[SUBSCRIBE] {
    if (is_method("SUBSCRIBE")) {
 
        if (!t_newtran()) {
            sl_reply_error();
            exit;
        }

        if ($tU == $null) {
            xlog("L_INFO", "$ci|stop|ignoring subscribe with empty TO username from a $ua");
            sl_send_reply(400, "Missing TO username");
            t_release();
            exit;
        }

        if ($fU == $null) {
            xlog("L_INFO", "$ci|stop|ignoring subscribe with empty FROM username from a $ua");
            sl_send_reply(400, "Missing FROM username");
            t_release();
            exit;
        }

        # do an RPC request to check for Active calls
        if ($rU != $null) {
            # forward message-summary SUBSCRIBEs to FreeSWITCH
            if ($hdr(Event) == "message-summary") {
                xlog("L_INFO", "$ci|log|CHECKING MESSAGE SUMMARY");
                record_route();
                route(DISPATCH);
                route(RELAY);
            } else {
                xlog("L_INFO", "$ci|log|CHECKING PRESENCE");
                janssonrpc_notification("presence", "Server.QueryPresence", '[{"CallId":"' + $ci + '","FromUser":"' + $fU + '","FromDomain":"' + $fd + '","ToUser":"' + $rU + '","ToDomain":"' + $rd + '"}]');
            }
        }

        if (!handle_subscribe()) {
            xlog("L_INFO", "$ci|stop|unsupported subsribe");
            t_release();
            exit;
        }

        t_release();
        exit;
    }
}

We are validating the SUBSCRIBE, then checking the event type. If it’s a message-summary event, we add a record-route header and forward it to FreeSWITCH. (We could handle message-summary using NSQ but right now it’s easier for FreeSWITCH to handle it and doesn’t put a strain on FreeSWITCH)
If it’s not a message-summary event, we send an RPC request to our service which should know if the To-User is on a call or not, if they are on a call, our RPC server sends an NSQ message to the presence topic.
You’ll notice the next section is for handling NSQ messages:

# receive presence updates from NSQ and update watchers
event_route[nsq:consumer-event-presence-update] {
    $var(call-id) = $(nsqE{nsq.json,Call-ID});
    xlog("L_INFO", "$var(call-id)|log|payload $nsqE");
    if ($(nsqE{nsq.json,Event-Package}) == "dialog") {   
        if($sht(p=>$var(call-id)) != $(nsqE{nsq.json,State}) || $(nsqE{nsq.json,Flush-Level}) != $null) {
             xlog("L_INFO", "$(nsqE{nsq.json,Call-ID})|log|received $(nsqE{nsq.json,Event-Package}) update for $(nsqE{nsq.json,From}) state $(nsqE{nsq.json,State})");
             $sht(p=>$(nsqE{nsq.json,Call-ID})) = $(nsqE{nsq.json,State});
             nsq_pua_publish($nsqE);
             pres_refresh_watchers("$(nsqE{nsq.json,From})", "$(nsqE{nsq.json,Event-Package})", 1);
        } else {
            xlog("L_INFO", "$var(call-id)|log|received duplicate $(nsqE{nsq.json,Event-Package}) update for $(nsqE{nsq.json,From}) state $(nsqE{nsq.json,State})");
            xlog("L_INFO", "$var(call-id)|log|payload $nsqE");
        } 
    } else {
       xlog("L_INFO", "$var(call-id)|log|received $(nsqE{nsq.json,Event-Package}) update for $(nsqE{nsq.json,From}) $nsqE");
       nsq_pua_publish($nsqE);
       pres_refresh_watchers("$(nsqE{nsq.json,From})", "$(nsqE{nsq.json,Event-Package})", 1);
    }
}

The NSQ message must be json format and contain the required fields for the presence module to send an update. I’ll save those details for another post.

Let’s go back up to the main routing block of our config now.

    # handle SUBSCRIBE requests
    route(SUBSCRIBE);

    # handle requests within SIP dialogs
    route(WITHINDLG);

    ###############################
    ### HANDLE INITIAL REQUESTS ###
    # handle retransmissions
    if(t_precheck_trans()) {
        t_check_trans();
        exit;
    }
    t_check_trans();

    if (is_method("INVITE|REFER")) {
        record_route();
    }

    if (is_method("NOTIFY") && $hdr(event) == "check-sync" && isflagset(FLAG_FROM_FREESWITCH)) {
        record_route();
        xlog("L_INFO", "$ci|log|Rebooting phone [$ru]\n");
        t_on_reply("REPLY_FROM_DEVICE"); # handle NAT
        route(RELAY);
    }

After handling SUBSCRIBEs, we check for in-dialog request and route them. We add a record_route header if INVITE or REFER. Then we handle NOTIFYs with check-sync events specially. This allows us to remotely reboot phones which support the feature.

The next portion is important when forwarding a REGISTER to another registrar:

    if (!isflagset(FLAG_FROM_FREESWITCH) && is_method("REGISTER")) {
        add_path();
    }

If we do not add a path header to the REGISTER before forwarding to FreeSWITCH, FreeSWITCH will not know to send INVITEs to user-agents through Kamailio.

The last part of our main routing block does some final checks to decide how/where to send the packet.

    route(DISPATCH);
   
    route(RELAY);

Our dispatch route checks if the SIP signal is from FreeSWITCH, if so, fix NAT on replies to it. If not from FreeSWITCH (e.g. from outside user-agent), send to FreeSWITCH:

route[DISPATCH] {
    if (isflagset(FLAG_FROM_FREESWITCH)) {
        t_on_reply("REPLY_FROM_DEVICE"); # handle NAT
    } else if (!ds_select_dst("1", "0")) {
        #if we are here that means no destination is available. We notify the user by 404 and exit the script.
        xlog("L_NOTICE", "No destination available!");
        send_reply("404", "No destination");
        exit;
    }
}

And here is the relay route:

route[RELAY] {
    if (is_method("INVITE")) {
        if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE");
    }

    if (!t_relay()) {
       sl_reply_error();
    }
    exit;
}

And that’s it!
Here is the full kamailio.cfg

 

RTPEngine with Kamailio as Load-balancer and IP Gateway

This post explains how to setup Kamailio as an SBC and IP Gateway. We are using Debian 8 in this example. It uses Kamailio’s dispatcher module to distribute calls to Asterisk. It uses RTPEngine to proxy media to & from the public internet across the LAN to Asterisk.
This is a powerful setup as you can easily scale out using a single public IP address.
Here is the IP layout we will be implementing:

Kamailio Public (eth0) 7.6.5.4
Kamailio Private (eth0) 10.10.10.254
Asterisk machine 1 - 10.10.10.3
Asterisk machine 2 - 10.10.10.4

Setup Debian and iptables to act as IP Gateway:

# edit /etc/sysctl.conf
enabled net.ipv4.ip_forward=1

# add iptables rules
iptables -F
iptables -t nat -F

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -s 10.10.10.0/255.255.255.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Install RTPEngine + Kamailio with RTPEngine Module.

 

Download kamailio.cfg

Download sip.conf

Download /etc/default/ngcp-rtpengine-daemon

Kamailio: High-Availability/Failover with Corosync and Pacemaker on Debian 7

In this setup, we will have 2 Kamailio servers, referred to as ‘nodes’. One will be active and one will standby. There is a 3rd ‘floating’ IP that is moved to which ever node is active. Kamailio should be configured to use the floating IP. In this example, the nodes are:

kam01: 10.10.10.18
kam02: 10.10.10.19

Floating IP: 10.10.10.200

First, add both nodes to /etc/hosts

10.10.10.18    kam01
10.10.10.19    kam02

Install corosync and pacemaker:

apt-get install ntp corosync pacemaker -y

Generate /etc/corosync/authkey:

corosync-keygen

Copy corosync-key  to kam02:

scp -P 22 /etc/corosync/authkey root@kam02:/etc/corosync

Enable corosync on kam01 & kam02:

sed -i "s/START=no/START=yes/g" /etc/default/corosync

Enable pacemaker service in corosync:

cat > /etc/corosync/service.d/pcmk << EOF
service {
  name: pacemaker
  ver: 1
}
EOF

Add corosync config:

cat >/etc/corosync/corosync.conf<<EOF
#
totem {
        version: 2
        transport: udpu
        interface {
                member {
                        memberaddr: 10.10.10.18
                }
                member {
                        memberaddr: 10.10.10.19
                }
                ringnumber: 0
                bindnetaddr: 10.10.10.0
                mcastport: 5405
        }
}

logging {
        to_logfile: yes
        logfile: /var/log/corosync/corosync.log
        debug: off
        timestamp: on
        logger_subsys {
                subsys: AMF
                debug: off
        }
}
EOF

Start corosync and pacemaker:

service corosync start
service pacemaker start

Configure corosync, changes will propagate to other node. Make sure to disable stonith:

crm configure property stonith-enabled=false
crm configure primitive FAILOVER-IP ocf:heartbeat:IPaddr2 params ip="10.10.10.200" nic="eth0" cidr_netmask="255.255.255.0" op monitor interval="10s"
crm configure primitive KAM-HA lsb:kamailio op monitor interval="30s"
crm configure group KAM-HA-GROUP FAILOVER-IP KAM-HA
crm configure colocation KAM-HA-GROUP-COLO inf: FAILOVER-IP KAM-HA
crm configure order KAM-HA-ORDER inf: FAILOVER-IP KAM-HA
crm configure property no-quorum-policy=ignore

You need no-quorum-policy=ignore for a 2 node cluster. If you messed up during the crm configure part, you can start over using these commands:

# TO CLEAR CONFIG AND START OVER
crm configure property stop-all-resources=true
crm configure erase

It’s sometimes useful to see what resource agents are available, you can check with these commands:

# TO LIST RESOURCE AGENTS
crm ra list lsb
crm ra list systemd # (if using systemd init system)
crm ra list ocf heartbeat
crm ra list ocf pacemaker

If you need to migrate services and floating IP to other node you can run:

crm resource migrate KAM-HA-GROUP kam02

If you need edit specific parameters in the config, you can export it to xml, make the changes and re-import them:

# ADVANCED EDITING
cibadmin --query > tmp.xml
vi tmp.xml
cibadmin --replace --xml-file tmp.xml

 

RTPProxy: Compiling & Installing on Debian 8

cd /usr/src/
git clone https://github.com/sippy/rtpproxy.git
cd rtpproxy
./configure
make
make install

cp scripts/rtpproxy.init.debian /etc/init.d/rtpproxy
chmod +x /etc/init.d/rtpproxy
sed -i "s/DAEMON=\/usr\/bin\/rtpproxy/DAEMON=\/usr\/local\/bin\/rtpproxy/g" /etc/init.d/rtpproxy

cat > /etc/default/rtpproxy <<EOT
# Defaults for rtpproxy
# I like to use same user as Kamailio when running on Kamailio box
USER="kamailio"
GROUP="kamailio"
PIDFILE="/var/run/rtpproxy.pid"
# replace with your network interface IP address
LISTEN_ADDR=9.8.7.6

# The control socket.
CONTROL_SOCK="unix:/var/run/rtpproxy.sock"
# To listen on an UDP socket, uncomment this line:
#CONTROL_SOCK=udp:127.0.0.1:7722

# Additional options that are passed to the daemon.
EXTRA_OPTS="-l \$LISTEN_ADDR"

DAEMON_OPTS="-s \$CONTROL_SOCK -u \$USER:\$GROUP -p \$PIDFILE \$EXTRA_OPTS"

EOT

/etc/init.d/rtpproxy start

Kamailio: Compiling & Installing on Debian 8

Here we will compile and install Kamailio from GIT master branch and create our own systemd service configuration file.

# install dependencies
apt-get install libpq-dev pkg-config build-essential bison make libperl-dev git linux-headers-$(uname -r) libunistring-dev flex libjson-c-dev libevent-dev 

# download & compile
cd /usr/src
git clone git://git.sip-router.org/kamailio kamailio-git
cd kamailio-git

# include your own modules, these are what i compile
make include_modules="db_postgres debugger usrloc dispatcher registrar auth auth_db avp avpops tm rr pv sl maxfwd nathelper textops siputils uac uac_redirect db_text xlog sanity htable app_perl path ctrl tls ctl mi_fifo kex permissions dmq dialog websocket xhttp textopsx sdpops kazoo tmx uuid presence presence_xml presence_dialoginfo presence_mwi outbound" cfg

make all

make install

# add kam group/user
groupadd -g 6001 kamailio
useradd -u 6001 -g 6001 -d /usr/local/kamailio -M -s /bin/false kamailio

# create custom directories for kamailio
mkdir -p /usr/local/kamailio/{run,etc,tmp}

# create kamailio default file
cat >/etc/default/kamailio <<EOT
RUN_KAMAILIO=yes
USER=kamailio
GROUP=kamailio
SHM_MEMORY=64
PKG_MEMORY=8
PIDFILE=/usr/local/kamailio/run/kamailio.pid
CFGFILE=/usr/local/kamailio/etc/kamailio.cfg
#DUMP_CORE=yes
EOT

# create systemd file
cat >/etc/systemd/system/kamailio.service<<EOT
[Unit]
Description=Kamailio (OpenSER) - the Open Source SIP Server
After=syslog.target network.target

[Service]
Type=forking
EnvironmentFile=-/etc/default/kamailio
PIDFile=\$PIDFILE
# ExecStart requires a full absolute path
ExecStart=/usr/local/sbin/kamailio -P \$PIDFILE -f \$CFGFILE -m \$SHM_MEMORY -M \$PKG_MEMORY -u \$USER -g \$GROUP
ExecStopPost=/bin/rm -f \$PIDFILE
Restart=on-abort

[Install]
WantedBy=multi-user.target

EOT

# enable kamailio service
systemctl enable kamailio

# if you change the systemd file you can reload changes with:
systemctl daemon-reload

# set permissions to /usr/local/kamailio
chown kamailio:kamailio -R /usr/local/kamailio

Please note, by default, Kamailio will install it’s configuration files in /usr/local/etc/kamailio, modules in /usr/local/lib64/kamailio, and binaries in /usr/local/sbin

Kamailio: Basic SIP Proxy (all requests) Setup

In this example, I will share how to setup Kamailio to proxy SIP requests to a SIP switch (such as FreeSWITCH or Asterisk).
192.168.1.101 is the IP of Kamailio
192.168.1.102 is the IP of FreeSWITCH or Asterisk
Here are snippets from the main config script, kamailio.cfg:

...
 

#!define IPADDRESS "192.168.1.101"

#!define SWITCH_IPADDRESS "192.168.1.102"


#!define FLAG_FROM_SWITCH 1
#!define FLAG_FROM_USER 2

# ------------------ module loading ----------------------------------
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "sl.so"
loadmodule "maxfwd.so"
loadmodule "nathelper.so"
loadmodule "textops.so"
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "path.so"

# ----------------- setting module-specific parameters ---------------
modparam("nathelper|registrar", "received_avp", "$avp(s:rcv)")
# -------------------------  request routing logic -------------------
# main routing logic

route {

        # per request initial checks
        route(SANITY_CHECK);

        # CANCEL processing
        if (is_method("CANCEL")) {
                if (t_check_trans()) {
                        t_relay();
                }
                exit;
        }

        route(CHECK_SOURCE_IP);

        ##################################
        ### HANDLE SEQUENTIAL REQUESTS ###
        route(WITHINDLG);

        ###############################
        ### HANDLE INITIAL REQUESTS ###
        t_check_trans();

        if (is_method("INVITE|REFER")) {
                record_route();
        }
       
        if (is_method("REGISTER")) {
            add_path();
        }

        if (isflagset(FLAG_FROM_SWITCH)) {
                # don't send INVITE from SWITCH back to SWITCH, set reply route to handle NAT and forward them along
                t_on_reply("EXTERNAL_REPLY");
        } else {
                # set destination to your SWITCH
                $du = "sip:192.168.1.102:5060";
        }

        route(RELAY);


}


route[SANITY_CHECK]
{
        if (!sanity_check()) {
                #xlog("L_WARN", "$ci|end|message is insane");
                exit;
        }

        if (!mf_process_maxfwd_header("10")) {
                #xlog("L_WARN", "$ci|end|too much hops, not enough barley");
                send_reply("483", "Too Many Hops");
                exit;
        }

        if ($ua == "friendly-scanner" ||
                $ua == "sundayddr" ||
                $ua =~ "sipcli" ) {
                #xlog("L_WARN", "$ci|end|dropping message with user-agent $ua");
                exit;
        }

        if ($si == IPADDRESS) {
                #xlog("L_WARN", "$ci|end|dropping message");
                exit;
        }

}


route[CHECK_SOURCE_IP]
{
        if ($si == SWITCH_IPADDRESS) {
                setflag(FLAG_FROM_SWITCH);
        } else {
                setflag(FLAG_FROM_USER);
        }
}

# Handle requests within SIP dialogs
route[WITHINDLG]
{
        if (has_totag()) {
                # sequential request withing a dialog should
                # take the path determined by record-routing
                if (loose_route()) {
                        route(RELAY);
                } else {
                        if (is_method("NOTIFY")) {
                                route(RELAY);
                        }
                        if (is_method("SUBSCRIBE") && uri == myself) {
                                # in-dialog subscribe requests
                                exit;
                        }
                        if (is_method("ACK")) {
                                if (t_check_trans()) {
                                        # no loose-route, but stateful ACK;
                                        # must be an ACK after a 487
                                        # or e.g. 404 from upstream server
                                        t_relay();
                                        exit;
                                } else {
                                        # ACK without matching transaction ... ignore and discard
                                        #xlog("ACK without matching transaction ... ignore and discard");
                                        exit;
                                }
                        }
                        sl_send_reply("404","Not here");
                }
                exit;
        }
}

onreply_route[EXTERNAL_REPLY]
{
        route(NAT_TEST_AND_CORRECT);
}


route[NAT_TEST_AND_CORRECT]
{
        if (nat_uac_test("3")) {
                if (is_method("REGISTER")) {
                        fix_nated_register();
                } else {
                        fix_nated_contact();
                }
                force_rport();
        }
        if (has_body("application/sdp") && nat_uac_test("8")) {
                fix_nated_sdp("10");
        }
}

route[RELAY]
{
        if (!t_relay()) {
                sl_reply_error();
        }
        exit;
}

This example will proxy all SIP requests to the switch. Typically, this is not recommended as Kamailio is able to handle the SIP REGISTERs but I’ll save that for another tutorial.