OpenSIPS on Ubuntu Part 3

Let’s add authentication on this part. Yes, that is the main focus of this article, to add an authentication mechanism so that SIP User Agent (SIP UA) can be authenticated by OpenSIPS.

Upon giving the username and password, UA will send a SIP REGISTER request to OpenSIPS. On 2 previous articles (part 1 and part 2) those SIP REGISTERs were ignored, all UA were just saved on user location by OpenSIPS regardless of what username or password they sent.

Of course we don’t want that for a production server, we want UAs to be authenticated with correct username and password. The username and password that admin set on OpenSIPS for each UA.

Please note that this article is the 3rd part of OpenSIPS on Ubuntu howto series. In order to successfully understood the content of this part you must previously followed article part 1 and part 2:

  • Part 1 talks about OpenSIPS installation and basic configuration.
  • Part 2 talks about how MediaProxy can be used to help OpenSIPS overcome certain NAT issues.

Let’s start part 3: all about authentication.

MySQL Server

In this article we will assume that the database that will be used is MySQL and MySQL will be installed on the same server as OpenSIPS.

Install MySQL server:

sudo apt-get -y install mysql-server

You will be asked to enter a password for root user. Remember that password. For the shake of this article you should put the password as simple as possible. You can then change it later when you already know what you’re doing.

For now please set MySQL root password to password.

Add 2 more MySQL users for read-only access and read-write access:

mysql -uroot -p

On MySQL prompt:

CREATE USER 'opensipsro'@'localhost' IDENTIFIED BY 'password';
CREATE USER 'opensips'@'localhost' IDENTIFIED BY 'password';

Above SQL commands will create 2 MySQL users: opensipsro and opensips.

Still on MySQL prompt, grant privileges to MySQL user opensips and opensipsro:

GRANT ALL PRIVILEGES ON opensips.* TO 'opensips'@'localhost';
GRANT SELECT ON opensips.* TO 'opensipsro'@'localhost';
FLUSH PRIVILEGES;

Here is what you get this far:

  • At this point you have 3 MySQL users: root, opensips and opensipsro
  • All three of them having the same password: password
  • MySQL user opensips will have read-write access to database opensips
  • Mysql user opensipsro will only have read-only access to database opensips

OpenSIPS Database

Edit opensipsctlrc:

sudo vi /usr/local/etc/opensips/opensipsctlrc

On opensipsctlrc make sure that you fill below options correctly:

SIP_DOMAIN=opensips.ngoprek.org
DBENGINE=MYSQL
DBHOST=localhost
DBNAME=opensips
DBRWUSER=opensips
DBRWPW="password"
DBROOTUSER="root"

The option names above rather self explanatory, it should be easy to understand.

The SIP_DOMAIN option is the default domain name to use when adding new SIP accounts. You should use your own domain of course and the domain is pointed to the OpenSIPS IP address.

Create OpenSIPS database:

sudo opensipsdbctl create

Answer y to all questions.

Above command will create a new database called opensips on MySQL server.

Test Accounts

Let’s create 2 test SIP accounts:

sudo opensipsctl add 1101 asdf1234
sudo opensipsctl add 1102 asdf1234

Above commands will create 2 SIP accounts on OpenSIPS, they are: 1101 and 1102 with both having the same password: asdf1234 and the same domain the SIP_DOMAIN: opensips.ngoprek.org.

Verify if both SIP accounts are registered:

sudo opensipsctl db show subscribers

You should see both SIP accounts are registered on OpenSIPS subscriber database.

OpenSIPS Configuration

Get the example OpenSIPS configuration:

cd /usr/local/etc/opensips
sudo wget -c https://raw.githubusercontent.com/antonraharja/voip-id/master/contrib/opensips-cfg/opensips.cfg.3.nat.auth.txt

Replace (but backup first) the previous opensips.cfg with the newly downloaded example file:

cd /usr/local/etc/opensips
sudo cp opensips.cfg opensips.cfg.backup
sudo opensips.cfg.3.nat.auth.txt opensips.cfg

Edit the new opensips.cfg to adjust OpenSIPS IP address. Look for CUSTOMIZE ME and replace the example IP address 192.168.2.2 with the correct IP address. And also replace dbusername:dbpassword with the correct MySQL username and password, replace them with opensipsro:password.

The example OpenSIPS configuration file will contain configuration on previous article, the NAT and MediaProxy related configuration.

Restart or start OpenSIPS:

sudo /etc/init.d/opensips.init restart

Verify OpenSIPS is running:

ps ax | grep opensips
sudo netstat -lnptu | grep opensips
sudo tail -f /var/log/syslog -n 100

Go ahead test login from SIP UA and try to call each other.

Verify both UAs are registered with OpenSIPS:

sudo opensipsctl online
sudo opensipsctl ul show

At this point OpenSIPS should have capability to overcome NAT issues with the help of MediaProxy and it also has authentication mechanism for SIP REGISTER and SIP INVITE.

OpenSIPS on Ubuntu howto series is finished.

Author

This article is written by Anton Raharja.

2 thoughts on “OpenSIPS on Ubuntu Part 3

  1. Pak,

    Setelah di ganti dengan config “opensips.cfg.3.nat.auth.txt” kemudian coba reg 1101 tidak bisa lagi, bisa di check di mana yang salah?

    Thanks

    Like

Comments are closed.