- Install and start rtpproxy, configure firewall to allow UDP ports used.
make menuconfig
.- Generate OpenSIPS Script -> Residential Script -> Configure.
- Select ENABLE_TLS, USE_AUTH, USE_DIALOG and USE_NAT.
- Go back, Generate & Save Residential Script.
- Copy etc/opensips_residential_*.cfg to
/etc/opensips/opensips.cfg
. - Customize
opensips.cfg
andSIP_DOMAIN
,DBENGINE
, etc. inopensipsctlrc
. opensipsdbctl create
.systemctl enable opensips.service && systemctl start opensips.service
.opensipsctl add <USER> <PASSWORD>
.- Enjoy and profit!
P.S. Check out https://blog.opensips.org/2016/11/11/how-to-avoid-plaintext-passwords/.
--- /etc/opensips_residential_2020.cfg
+++ /etc/opensips/opensips.cfg
@@ -37,14 +37,16 @@
auto_aliases=no
+advertised_address="PUBLIC_DOMAIN"
+
listen=udp:127.0.0.1:5060 # CUSTOMIZE ME
-listen=tls:127.0.0.1:5061 # CUSTOMIZE ME
+listen=tls:PRIVATE_IP:5061 # CUSTOMIZE ME
####### Modules Section ########
#set module path
-mpath="/usr/local/lib/opensips/modules/"
+mpath="/usr/lib64/opensips/modules"
#### SIGNALING module
loadmodule "signaling.so"
@@ -125,21 +127,21 @@
modparam("nathelper", "natping_interval", 10)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_bflag", "SIP_PING_FLAG")
-modparam("nathelper", "sipping_from", "sip:[email protected]") #CUSTOMIZE ME
+modparam("nathelper", "sipping_from", "sip:pinger@PUBLIC_DOMAIN") #CUSTOMIZE ME
modparam("nathelper", "received_avp", "$avp(received_nh)")
loadmodule "rtpproxy.so"
-modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:12221") # CUSTOMIZE ME
+modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:9000") # CUSTOMIZE ME
loadmodule "proto_udp.so"
loadmodule "proto_tls.so"
loadmodule "tls_mgm.so"
-modparam("tls_mgm","verify_cert", "1")
+modparam("tls_mgm","verify_cert", "0")
modparam("tls_mgm","require_cert", "0")
-modparam("tls_mgm","tls_method", "TLSv1")
-modparam("tls_mgm","certificate", "/usr/local/etc/opensips/tls/user/user-cert.pem")
-modparam("tls_mgm","private_key", "/usr/local/etc/opensips/tls/user/user-privkey.pem")
-modparam("tls_mgm","ca_list", "/usr/local/etc/opensips/tls/user/user-calist.pem")
+modparam("tls_mgm","tls_method", "TLSv1_2")
+modparam("tls_mgm","certificate", "/etc/opensips/tls/user/user-cert.pem")
+modparam("tls_mgm","private_key", "/etc/opensips/tls/user/user-privkey.pem")
+modparam("tls_mgm","ca_list", "/etc/pki/tls/certs/ca-bundle.crt")
####### Routing Logic ########
@@ -348,7 +350,7 @@
if (is_method("INVITE")) {
if (isflagset(NAT)) {
- rtpproxy_offer("ro");
+ rtpproxy_offer("ro", "PUBLIC_IP");
}
t_on_branch("per_branch_ops");
@@ -378,7 +380,7 @@
if (nat_uac_test("1"))
fix_nated_contact();
if ( isflagset(NAT) )
- rtpproxy_answer("ro");
+ rtpproxy_answer("ro", "PUBLIC_IP");
xlog("incoming reply\n");
}
To clarify, I used the following to install RTPProxy (changed Kamailio to Opensips), and the Listen_Addr and Control_Sock to the above values:
https://blog.voipxswitch.com/2015/06/18/rtpproxy-compiling-installing-on-debian-8/