OpenSIPS on Ubuntu Part 2

This article would be the second part of OpenSIPS 1.11.6 installation on Ubuntu Server 14.04.

The first part available here. It is recommended to read and follow the first part first.

There are 2 sections available in this part:

  1. MediaProxy
  2. OpenSIPS NAT Configuration

The focus on this part is to setup a way to help User Agents under NAT routers. No user authentication stuffs will be added, for that you will need to also follow the instruction on part 3, when its available (soon).

Let’s do the 2nd part.

MediaProxy

MediaProxy is a middle box for SIP based VoIP that handles the accepting and forwarding RTP from one participant to another. This box must be placed somewhere with public IP, for example in a data center. It also must be able to be contacted by all participants.

There are 2 components in MediaProxy, they are:

  • Dispatcher
  • Relay

Dispatcher accept allocation requests from OpenSIPS and then dispatch them to relay. There can be only one dispatcher with multiple relays deployed for a single OpenSIPS. In this article we will be configuring one dispatcher for one relay and all components, along with the OpenSIPS, are installed on the same server.

MediaProxy Installation

We will be using deb packages from AG Projects (the author and maintainer of MediaProxy project).

Add a sources list for MediaProxy and add this line:

deb http://ag-projects.com/ubuntu trusty main

sudo vi /etc/apt/sources.list.d/ag-projects.list

Add apt-key for newly added sources list:

wget http://download.ag-projects.com/agp-debian-gpg.key 
sudo apt-key add agp-debian-gpg.key

Update local repo:

sudo apt-get -y update

Install MediaProxy:

apt-get install mediaproxy-dispatcher mediaproxy-relay

Enable packet forwarding for IPv4:

  • Edit /etc/sysctl.conf: 
    sudo vi /etc/sysctl.conf
  • Look for #net.ipv4.ip_forward=1 and remove the comment mark, it will become:

    net.ipv4.ip_forward=1

  • Save the file, exit editor and load the value: 
    sudo sysctl -p

MediaProxy Configuration

Look for dispatchers option under [Relay] block, fill with the location of the dispatcher where the relay need to connect to, that would be 127.0.0.1 because the dispatcher’s location is in localhost:

  • Edit /etc/mediaproxy/config.ini: 
    sudo vi /etc/mediaproxy/config.ini
  • Add this line under [Relay] block (under commented dispatchers option:

    dispatchers=127.0.0.1

Verify configuration by running the dispatcher and relay:

sudo /etc/init.d/mediaproxy-dispatcher start
sudo /etc/init.d/mediaproxy-relay start

SSL Certs for MediaProxy

These are SSL cert files required to be in /etc/mediaproxy/tls:

  • ca.pem (CA cert file)
  • crl.pem (Certificate Revocation Lists file)
  • dispatcher.crt (Cert file for Dispatcher)
  • dispatcher.key (Private key for Dispatcher cert file)
  • relay.crt (Cert file for Relay)
  • relay.key (Private key for Relay cert file)

Create CA:

cd /etc/mediaproxy/tls
sudo openssl genrsa -out ca.key 4096
sudo openssl req -key ca.key -new -x509 -days 3600 -out ca.pem

Create cert for Dispatcher:

cd /etc/mediaproxy/tls
sudo openssl genrsa -out dispatcher.key 4096
sudo openssl req -new -key dispatcher.key -out dispatcher.csr
sudo openssl x509 -req -in dispatcher.csr -CA ca.pem -CAkey ca.key -CAcreateserial -days 3600 -out dispatcher.crt

Create cert for Relay:

cd /etc/mediaproxy/tls
sudo openssl genrsa -out relay.key 4096
sudo openssl req -new -key relay.key -out relay.csr
sudo openssl x509 -req -in relay.csr -CA ca.pem -CAkey ca.key -CAcreateserial -days 3600 -out relay.crt

Last, just use crl.pem from MediaProxy website, this file will only be use if you ever revoke your certificates:

cd /etc/mediaproxy/tls
sudo wget -c http://devel.ag-projects.com/repositories/mediaproxy/tls/crl.pem

Please note that you can always use other way that you know to create those certificates. For example using the OpenSIPS manual for secure calling.

Running MediaProxy

Run the dispatcher and the relay:

sudo /etc/init.d/mediaproxy-dispatcher restart
sudo /etc/init.d/mediaproxy-relay restart

Verify:

ps aux | grep mediaproxy
netstat -lnptu | grep python | grep 2506

OpenSIPS NAT Configuration

Now its time to configure OpenSIPS to make it work with MediaProxy.

The relation between OpenSIPS and MediaProxy is rather simple:

  1. Upon receiving SIP request from User Agents (UA), OpenSIPS will exercise some tests to determine whether the UA is behind NAT router or not.
  2. Knowing the UA is behind NAT router, OpenSIPS will then ask MediaProxy to allocate ports to allow UA to use them
  3. OpenSIPS gets those ports (and IP of MediaProxy Relay) and deliver them to UAs
  4. UAs will use those ports and IP information to send/receive RTP (media payloads)

Get OpenSIPS example configuration:

cd /usr/local/etc/opensips
sudo wget -c https://raw.githubusercontent.com/antonraharja/voip-id/master/contrib/opensips-cfg/opensips.cfg.2.nat.noauth.txt

Please note that the selected example is the one with NAT configuration but no authentication for easy reading. I have another part that will explain authentication.

Replace previous opensips.cfg with the downloaded template:

cd /usr/local/etc/opensips
sudo mv opensips.cfg opensips.cfg.backup
sudo cp opensips.cfg.2.nat.noauth.txt opensips.cfg

Edit opensips.cfg and adjust IP address, look for CUSTOMIZE ME:

sudo vi opensips.cfg

Restart OpenSIPS:

sudo /etc/init.d/opensips.init restart

Verify OpenSIPS:

ps ax | grep opensips
sudo netstat -lnptu | grep opensips
sudo tail -f /var/log/syslog

That is all.

Please continue to part 3 when you’re done and its available.

Author

This article is written by Anton Raharja.

Update:

  • Part 1 is available here
  • Part 3 is available here

2 thoughts on “OpenSIPS on Ubuntu Part 2

Comments are closed.