Let’s add authentication on this part. Yes, that is the main focus of this article, to add an authentication mechanism so that SIP User Agent (SIP UA) can be authenticated by OpenSIPS.
Upon giving the username and password, UA will send a SIP REGISTER request to OpenSIPS. On 2 previous articles (part 1 and part 2) those SIP REGISTERs were ignored, all UA were just saved on user location by OpenSIPS regardless of what username or password they sent.
Of course we don’t want that for a production server, we want UAs to be authenticated with correct username and password. The username and password that admin set on OpenSIPS for each UA.
Please note that this article is the 3rd part of OpenSIPS on Ubuntu howto series. In order to successfully understood the content of this part you must previously followed article part 1 and part 2:
- Part 1 talks about OpenSIPS installation and basic configuration.
- Part 2 talks about how MediaProxy can be used to help OpenSIPS overcome certain NAT issues.
Let’s start part 3: all about authentication.
In this article we will assume that the database that will be used is MySQL and MySQL will be installed on the same server as OpenSIPS.
Install MySQL server:
sudo apt-get -y install mysql-server
You will be asked to enter a password for
root user. Remember that password. For the shake of this article you should put the password as simple as possible. You can then change it later when you already know what you’re doing.
For now please set MySQL root password to
Add 2 more MySQL users for read-only access and read-write access:
mysql -uroot -p
On MySQL prompt:
CREATE USER 'opensipsro'@'localhost' IDENTIFIED BY 'password'; CREATE USER 'opensips'@'localhost' IDENTIFIED BY 'password';
Above SQL commands will create 2 MySQL users:
Still on MySQL prompt, grant privileges to MySQL user
GRANT ALL PRIVILEGES ON opensips.* TO 'opensips'@'localhost'; GRANT SELECT ON opensips.* TO 'opensipsro'@'localhost'; FLUSH PRIVILEGES;
Here is what you get this far:
- At this point you have 3 MySQL users:
- All three of them having the same password:
- MySQL user
opensipswill have read-write access to database
- Mysql user
opensipsrowill only have read-only access to database
sudo vi /usr/local/etc/opensips/opensipsctlrc
opensipsctlrc make sure that you fill below options correctly:
SIP_DOMAIN=opensips.ngoprek.org DBENGINE=MYSQL DBHOST=localhost DBNAME=opensips DBRWUSER=opensips DBRWPW="password" DBROOTUSER="root"
The option names above rather self explanatory, it should be easy to understand.
The SIP_DOMAIN option is the default domain name to use when adding new SIP accounts. You should use your own domain of course and the domain is pointed to the OpenSIPS IP address.
Create OpenSIPS database:
sudo opensipsdbctl create
Answer y to all questions.
Above command will create a new database called
opensips on MySQL server.
Let’s create 2 test SIP accounts:
sudo opensipsctl add 1101 asdf1234 sudo opensipsctl add 1102 asdf1234
Above commands will create 2 SIP accounts on OpenSIPS, they are: 1101 and 1102 with both having the same password:
asdf1234 and the same domain the SIP_DOMAIN:
Verify if both SIP accounts are registered:
sudo opensipsctl db show subscribers
You should see both SIP accounts are registered on OpenSIPS subscriber database.
Get the example OpenSIPS configuration:
cd /usr/local/etc/opensips sudo wget -c https://raw.githubusercontent.com/antonraharja/voip-id/master/contrib/opensips-cfg/opensips.cfg.3.nat.auth.txt
Replace (but backup first) the previous
opensips.cfg with the newly downloaded example file:
cd /usr/local/etc/opensips sudo cp opensips.cfg opensips.cfg.backup sudo opensips.cfg.3.nat.auth.txt opensips.cfg
Edit the new
opensips.cfg to adjust OpenSIPS IP address. Look for CUSTOMIZE ME and replace the example IP address
192.168.2.2 with the correct IP address. And also replace
dbusername:dbpassword with the correct MySQL username and password, replace them with
The example OpenSIPS configuration file will contain configuration on previous article, the NAT and MediaProxy related configuration.
Restart or start OpenSIPS:
sudo /etc/init.d/opensips.init restart
Verify OpenSIPS is running:
ps ax | grep opensips sudo netstat -lnptu | grep opensips sudo tail -f /var/log/syslog -n 100
Go ahead test login from SIP UA and try to call each other.
Verify both UAs are registered with OpenSIPS:
sudo opensipsctl online sudo opensipsctl ul show
At this point OpenSIPS should have capability to overcome NAT issues with the help of MediaProxy and it also has authentication mechanism for SIP REGISTER and SIP INVITE.
OpenSIPS on Ubuntu howto series is finished.
This article is written by Anton Raharja.