This article would be the second part of OpenSIPS 1.11.6 installation on Ubuntu Server 14.04.
The first part available here. It is recommended to read and follow the first part first.
There are 2 sections available in this part:
- MediaProxy
- OpenSIPS NAT Configuration
The focus on this part is to setup a way to help User Agents under NAT routers. No user authentication stuffs will be added, for that you will need to also follow the instruction on part 3, when its available (soon).
Let’s do the 2nd part.
MediaProxy
MediaProxy is a middle box for SIP based VoIP that handles the accepting and forwarding RTP from one participant to another. This box must be placed somewhere with public IP, for example in a data center. It also must be able to be contacted by all participants.
There are 2 components in MediaProxy, they are:
- Dispatcher
- Relay
Dispatcher accept allocation requests from OpenSIPS and then dispatch them to relay. There can be only one dispatcher with multiple relays deployed for a single OpenSIPS. In this article we will be configuring one dispatcher for one relay and all components, along with the OpenSIPS, are installed on the same server.
MediaProxy Installation
We will be using deb
packages from AG Projects (the author and maintainer of MediaProxy project).
Add a sources list for MediaProxy and add this line:
deb http://ag-projects.com/ubuntu trusty main
[code lang=”bash”]
sudo vi /etc/apt/sources.list.d/ag-projects.list
[/code]
Add apt-key
for newly added sources list:
[code lang=”bash”]
wget http://download.ag-projects.com/agp-debian-gpg.key
sudo apt-key add agp-debian-gpg.key
[/code]
Update local repo:
[code lang=”bash”]
sudo apt-get -y update
[/code]
Install MediaProxy:
[code lang=”bash”]
apt-get install mediaproxy-dispatcher mediaproxy-relay
[/code]
Enable packet forwarding for IPv4:
- Edit
/etc/sysctl.conf
:[code lang=”bash”]
sudo vi /etc/sysctl.conf
[/code] - Look for
#net.ipv4.ip_forward=1
and remove the comment mark, it will become:net.ipv4.ip_forward=1
- Save the file, exit editor and load the value:
[code lang=”bash”]
sudo sysctl -p
[/code]
MediaProxy Configuration
Look for dispatchers
option under [Relay]
block, fill with the location of the dispatcher where the relay need to connect to, that would be 127.0.0.1
because the dispatcher’s location is in localhost
:
- Edit
/etc/mediaproxy/config.ini
:[code lang=”bash”]
sudo vi /etc/mediaproxy/config.ini
[/code] - Add this line under
[Relay]
block (under commenteddispatchers
option:dispatchers=127.0.0.1
Verify configuration by running the dispatcher and relay:
[code lang=”bash”]
sudo /etc/init.d/mediaproxy-dispatcher start
sudo /etc/init.d/mediaproxy-relay start
[/code]
SSL Certs for MediaProxy
These are SSL cert files required to be in /etc/mediaproxy/tls
:
ca.pem
(CA cert file)crl.pem
(Certificate Revocation Lists file)dispatcher.crt
(Cert file for Dispatcher)dispatcher.key
(Private key for Dispatcher cert file)relay.crt
(Cert file for Relay)relay.key
(Private key for Relay cert file)
Create CA:
[code lang=”bash”]
cd /etc/mediaproxy/tls
sudo openssl genrsa -out ca.key 4096
sudo openssl req -key ca.key -new -x509 -days 3600 -out ca.pem
[/code]
Create cert for Dispatcher:
[code lang=”bash”]
cd /etc/mediaproxy/tls
sudo openssl genrsa -out dispatcher.key 4096
sudo openssl req -new -key dispatcher.key -out dispatcher.csr
sudo openssl x509 -req -in dispatcher.csr -CA ca.pem -CAkey ca.key -CAcreateserial -days 3600 -out dispatcher.crt
[/code]
Create cert for Relay:
[code lang=”bash”]
cd /etc/mediaproxy/tls
sudo openssl genrsa -out relay.key 4096
sudo openssl req -new -key relay.key -out relay.csr
sudo openssl x509 -req -in relay.csr -CA ca.pem -CAkey ca.key -CAcreateserial -days 3600 -out relay.crt
[/code]
Last, just use crl.pem
from MediaProxy website, this file will only be use if you ever revoke your certificates:
[code lang=”bash”]
cd /etc/mediaproxy/tls
sudo wget -c http://devel.ag-projects.com/repositories/mediaproxy/tls/crl.pem
[/code]
Please note that you can always use other way that you know to create those certificates. For example using the OpenSIPS manual for secure calling.
Running MediaProxy
Run the dispatcher and the relay:
[code lang=”bash”]
sudo /etc/init.d/mediaproxy-dispatcher restart
sudo /etc/init.d/mediaproxy-relay restart
[/code]
Verify:
[code lang=”bash”]
ps aux | grep mediaproxy
netstat -lnptu | grep python | grep 2506
[/code]
OpenSIPS NAT Configuration
Now its time to configure OpenSIPS to make it work with MediaProxy.
The relation between OpenSIPS and MediaProxy is rather simple:
- Upon receiving SIP request from User Agents (UA), OpenSIPS will exercise some tests to determine whether the UA is behind NAT router or not.
- Knowing the UA is behind NAT router, OpenSIPS will then ask MediaProxy to allocate ports to allow UA to use them
- OpenSIPS gets those ports (and IP of MediaProxy Relay) and deliver them to UAs
- UAs will use those ports and IP information to send/receive RTP (media payloads)
Get OpenSIPS example configuration:
[code lang=”bash”]
cd /usr/local/etc/opensips
sudo wget -c https://raw.githubusercontent.com/antonraharja/voip-id/master/contrib/opensips-cfg/opensips.cfg.2.nat.noauth.txt
[/code]
Please note that the selected example is the one with NAT configuration but no authentication for easy reading. I have another part that will explain authentication.
Replace previous opensips.cfg
with the downloaded template:
[code lang=”bash”]
cd /usr/local/etc/opensips
sudo mv opensips.cfg opensips.cfg.backup
sudo cp opensips.cfg.2.nat.noauth.txt opensips.cfg
[/code]
Edit opensips.cfg
and adjust IP address, look for CUSTOMIZE ME:
[code lang=”bash”]
sudo vi opensips.cfg
[/code]
Restart OpenSIPS:
[code lang=”bash”]
sudo /etc/init.d/opensips.init restart
[/code]
Verify OpenSIPS:
[code lang=”bash”]
ps ax | grep opensips
sudo netstat -lnptu | grep opensips
sudo tail -f /var/log/syslog
[/code]
That is all.
Please continue to part 3 when you’re done and its available.
Author
This article is written by Anton Raharja.
Update:
Hi Anton, it will be nice to see an example with RTProxy.
will write that someday, technically its easier to use/setup rtpproxy