This article would be the second part of OpenSIPS 1.11.6 installation on Ubuntu Server 14.04.
The first part available here. It is recommended to read and follow the first part first.
There are 2 sections available in this part:
- OpenSIPS NAT Configuration
The focus on this part is to setup a way to help User Agents under NAT routers. No user authentication stuffs will be added, for that you will need to also follow the instruction on part 3, when its available (soon).
Let’s do the 2nd part.
MediaProxy is a middle box for SIP based VoIP that handles the accepting and forwarding RTP from one participant to another. This box must be placed somewhere with public IP, for example in a data center. It also must be able to be contacted by all participants.
There are 2 components in MediaProxy, they are:
Dispatcher accept allocation requests from OpenSIPS and then dispatch them to relay. There can be only one dispatcher with multiple relays deployed for a single OpenSIPS. In this article we will be configuring one dispatcher for one relay and all components, along with the OpenSIPS, are installed on the same server.
We will be using
deb packages from AG Projects (the author and maintainer of MediaProxy project).
Add a sources list for MediaProxy and add this line:
deb http://ag-projects.com/ubuntu trusty main
sudo vi /etc/apt/sources.list.d/ag-projects.list
apt-key for newly added sources list:
wget http://download.ag-projects.com/agp-debian-gpg.key sudo apt-key add agp-debian-gpg.key
Update local repo:
sudo apt-get -y update
apt-get install mediaproxy-dispatcher mediaproxy-relay
Enable packet forwarding for IPv4:
sudo vi /etc/sysctl.conf
- Look for
#net.ipv4.ip_forward=1and remove the comment mark, it will become:
- Save the file, exit editor and load the value:
sudo sysctl -p
dispatchers option under
[Relay] block, fill with the location of the dispatcher where the relay need to connect to, that would be
127.0.0.1 because the dispatcher’s location is in
sudo vi /etc/mediaproxy/config.ini
- Add this line under
[Relay]block (under commented
Verify configuration by running the dispatcher and relay:
sudo /etc/init.d/mediaproxy-dispatcher start sudo /etc/init.d/mediaproxy-relay start
SSL Certs for MediaProxy
These are SSL cert files required to be in
ca.pem(CA cert file)
crl.pem(Certificate Revocation Lists file)
dispatcher.crt(Cert file for Dispatcher)
dispatcher.key(Private key for Dispatcher cert file)
relay.crt(Cert file for Relay)
relay.key(Private key for Relay cert file)
cd /etc/mediaproxy/tls sudo openssl genrsa -out ca.key 4096 sudo openssl req -key ca.key -new -x509 -days 3600 -out ca.pem
Create cert for Dispatcher:
cd /etc/mediaproxy/tls sudo openssl genrsa -out dispatcher.key 4096 sudo openssl req -new -key dispatcher.key -out dispatcher.csr sudo openssl x509 -req -in dispatcher.csr -CA ca.pem -CAkey ca.key -CAcreateserial -days 3600 -out dispatcher.crt
Create cert for Relay:
cd /etc/mediaproxy/tls sudo openssl genrsa -out relay.key 4096 sudo openssl req -new -key relay.key -out relay.csr sudo openssl x509 -req -in relay.csr -CA ca.pem -CAkey ca.key -CAcreateserial -days 3600 -out relay.crt
Last, just use
crl.pem from MediaProxy website, this file will only be use if you ever revoke your certificates:
cd /etc/mediaproxy/tls sudo wget -c http://devel.ag-projects.com/repositories/mediaproxy/tls/crl.pem
Please note that you can always use other way that you know to create those certificates. For example using the OpenSIPS manual for secure calling.
Run the dispatcher and the relay:
sudo /etc/init.d/mediaproxy-dispatcher restart sudo /etc/init.d/mediaproxy-relay restart
ps aux | grep mediaproxy netstat -lnptu | grep python | grep 2506
OpenSIPS NAT Configuration
Now its time to configure OpenSIPS to make it work with MediaProxy.
The relation between OpenSIPS and MediaProxy is rather simple:
- Upon receiving SIP request from User Agents (UA), OpenSIPS will exercise some tests to determine whether the UA is behind NAT router or not.
- Knowing the UA is behind NAT router, OpenSIPS will then ask MediaProxy to allocate ports to allow UA to use them
- OpenSIPS gets those ports (and IP of MediaProxy Relay) and deliver them to UAs
- UAs will use those ports and IP information to send/receive RTP (media payloads)
Get OpenSIPS example configuration:
cd /usr/local/etc/opensips sudo wget -c https://raw.githubusercontent.com/antonraharja/voip-id/master/contrib/opensips-cfg/opensips.cfg.2.nat.noauth.txt
Please note that the selected example is the one with NAT configuration but no authentication for easy reading. I have another part that will explain authentication.
opensips.cfg with the downloaded template:
cd /usr/local/etc/opensips sudo mv opensips.cfg opensips.cfg.backup sudo cp opensips.cfg.2.nat.noauth.txt opensips.cfg
opensips.cfg and adjust IP address, look for CUSTOMIZE ME:
sudo vi opensips.cfg
sudo /etc/init.d/opensips.init restart
ps ax | grep opensips sudo netstat -lnptu | grep opensips sudo tail -f /var/log/syslog
That is all.
Please continue to part 3 when you’re done and its available.
This article is written by Anton Raharja.