OpenSIPS on Ubuntu Part 3

Let’s add authentication on this part. Yes, that is the main focus of this article, to add an authentication mechanism so that SIP User Agent (SIP UA) can be authenticated by OpenSIPS.

Upon giving the username and password, UA will send a SIP REGISTER request to OpenSIPS. On 2 previous articles (part 1 and part 2) those SIP REGISTERs were ignored, all UA were just saved on user location by OpenSIPS regardless of what username or password they sent.

Of course we don’t want that for a production server, we want UAs to be authenticated with correct username and password. The username and password that admin set on OpenSIPS for each UA.

Please note that this article is the 3rd part of OpenSIPS on Ubuntu howto series. In order to successfully understood the content of this part you must previously followed article part 1 and part 2:

  • Part 1 talks about OpenSIPS installation and basic configuration.
  • Part 2 talks about how MediaProxy can be used to help OpenSIPS overcome certain NAT issues.

Let’s start part 3: all about authentication.

MySQL Server

In this article we will assume that the database that will be used is MySQL and MySQL will be installed on the same server as OpenSIPS.

Install MySQL server:

[code lang=bash]
sudo apt-get -y install mysql-server
[/code]

You will be asked to enter a password for root user. Remember that password. For the shake of this article you should put the password as simple as possible. You can then change it later when you already know what you’re doing.

For now please set MySQL root password to password.

Add 2 more MySQL users for read-only access and read-write access:

[code lang=bash]
mysql -uroot -p
[/code]

On MySQL prompt:

[code lang=text]
CREATE USER 'opensipsro'@'localhost' IDENTIFIED BY 'password';
CREATE USER 'opensips'@'localhost' IDENTIFIED BY 'password';
[/code]

Above SQL commands will create 2 MySQL users: opensipsro and opensips.

Still on MySQL prompt, grant privileges to MySQL user opensips and opensipsro:

[code lang=text]
GRANT ALL PRIVILEGES ON opensips.* TO 'opensips'@'localhost';
GRANT SELECT ON opensips.* TO 'opensipsro'@'localhost';
FLUSH PRIVILEGES;
[/code]

Here is what you get this far:

  • At this point you have 3 MySQL users: root, opensips and opensipsro
  • All three of them having the same password: password
  • MySQL user opensips will have read-write access to database opensips
  • Mysql user opensipsro will only have read-only access to database opensips

OpenSIPS Database

Edit opensipsctlrc:

[code lang=bash]
sudo vi /usr/local/etc/opensips/opensipsctlrc
[/code]

On opensipsctlrc make sure that you fill below options correctly:

[code lang=text]
SIP_DOMAIN=opensips.ngoprek.org
DBENGINE=MYSQL
DBHOST=localhost
DBNAME=opensips
DBRWUSER=opensips
DBRWPW="password"
DBROOTUSER="root"
[/code]

The option names above rather self explanatory, it should be easy to understand.

The SIP_DOMAIN option is the default domain name to use when adding new SIP accounts. You should use your own domain of course and the domain is pointed to the OpenSIPS IP address.

Create OpenSIPS database:

[code lang=bash]
sudo opensipsdbctl create
[/code]

Answer y to all questions.

Above command will create a new database called opensips on MySQL server.

Test Accounts

Let’s create 2 test SIP accounts:

[code lang=bash]
sudo opensipsctl add 1101 asdf1234
sudo opensipsctl add 1102 asdf1234
[/code]

Above commands will create 2 SIP accounts on OpenSIPS, they are: 1101 and 1102 with both having the same password: asdf1234 and the same domain the SIP_DOMAIN: opensips.ngoprek.org.

Verify if both SIP accounts are registered:

[code lang=bash]
sudo opensipsctl db show subscribers
[/code]

You should see both SIP accounts are registered on OpenSIPS subscriber database.

OpenSIPS Configuration

Get the example OpenSIPS configuration:

[code lang=bash]
cd /usr/local/etc/opensips
sudo wget -c https://raw.githubusercontent.com/antonraharja/voip-id/master/contrib/opensips-cfg/opensips.cfg.3.nat.auth.txt
[/code]

Replace (but backup first) the previous opensips.cfg with the newly downloaded example file:

[code lang=bash]
cd /usr/local/etc/opensips
sudo cp opensips.cfg opensips.cfg.backup
sudo opensips.cfg.3.nat.auth.txt opensips.cfg
[/code]

Edit the new opensips.cfg to adjust OpenSIPS IP address. Look for CUSTOMIZE ME and replace the example IP address 192.168.2.2 with the correct IP address. And also replace dbusername:dbpassword with the correct MySQL username and password, replace them with opensipsro:password.

The example OpenSIPS configuration file will contain configuration on previous article, the NAT and MediaProxy related configuration.

Restart or start OpenSIPS:

[code lang=bash]
sudo /etc/init.d/opensips.init restart
[/code]

Verify OpenSIPS is running:

[code lang=bash]
ps ax | grep opensips
sudo netstat -lnptu | grep opensips
sudo tail -f /var/log/syslog -n 100
[/code]

Go ahead test login from SIP UA and try to call each other.

Verify both UAs are registered with OpenSIPS:

[code lang=bash]
sudo opensipsctl online
sudo opensipsctl ul show
[/code]

At this point OpenSIPS should have capability to overcome NAT issues with the help of MediaProxy and it also has authentication mechanism for SIP REGISTER and SIP INVITE.

OpenSIPS on Ubuntu howto series is finished.

Author

This article is written by Anton Raharja.

2 thoughts on “OpenSIPS on Ubuntu Part 3

  1. wongfenghung

    Pak,

    Setelah di ganti dengan config “opensips.cfg.3.nat.auth.txt” kemudian coba reg 1101 tidak bisa lagi, bisa di check di mana yang salah?

    Thanks

Comments are closed.