Skip to content

Instantly share code, notes, and snippets.

@l2dy
Last active May 26, 2021 12:47
Show Gist options
  • Save l2dy/f085643cf920c32b97d55abe531d2d09 to your computer and use it in GitHub Desktop.
Save l2dy/f085643cf920c32b97d55abe531d2d09 to your computer and use it in GitHub Desktop.
OpenSIPS in the Cloud with NAT Support
  1. Install and start rtpproxy, configure firewall to allow UDP ports used.
  2. make menuconfig.
  3. Generate OpenSIPS Script -> Residential Script -> Configure.
  4. Select ENABLE_TLS, USE_AUTH, USE_DIALOG and USE_NAT.
  5. Go back, Generate & Save Residential Script.
  6. Copy etc/opensips_residential_*.cfg to /etc/opensips/opensips.cfg.
  7. Customize opensips.cfg and SIP_DOMAIN, DBENGINE, etc. in opensipsctlrc.
  8. opensipsdbctl create.
  9. systemctl enable opensips.service && systemctl start opensips.service.
  10. opensipsctl add <USER> <PASSWORD>.
  11. Enjoy and profit!

P.S. Check out https://blog.opensips.org/2016/11/11/how-to-avoid-plaintext-passwords/.

--- /etc/opensips_residential_2020.cfg
+++ /etc/opensips/opensips.cfg
@@ -37,14 +37,16 @@
 auto_aliases=no
 
 
+advertised_address="PUBLIC_DOMAIN"
+
 listen=udp:127.0.0.1:5060   # CUSTOMIZE ME
 
-listen=tls:127.0.0.1:5061   # CUSTOMIZE ME
+listen=tls:PRIVATE_IP:5061   # CUSTOMIZE ME
 
 ####### Modules Section ########
 
 #set module path
-mpath="/usr/local/lib/opensips/modules/"
+mpath="/usr/lib64/opensips/modules"
 
 #### SIGNALING module
 loadmodule "signaling.so"
@@ -125,21 +127,21 @@
 modparam("nathelper", "natping_interval", 10)
 modparam("nathelper", "ping_nated_only", 1)
 modparam("nathelper", "sipping_bflag", "SIP_PING_FLAG")
-modparam("nathelper", "sipping_from", "sip:[email protected]") #CUSTOMIZE ME
+modparam("nathelper", "sipping_from", "sip:pinger@PUBLIC_DOMAIN") #CUSTOMIZE ME
 modparam("nathelper", "received_avp", "$avp(received_nh)")
 
 loadmodule "rtpproxy.so"
-modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:12221") # CUSTOMIZE ME
+modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:9000") # CUSTOMIZE ME
 
 loadmodule "proto_udp.so"
 loadmodule "proto_tls.so"
 loadmodule "tls_mgm.so"
-modparam("tls_mgm","verify_cert", "1")
+modparam("tls_mgm","verify_cert", "0")
 modparam("tls_mgm","require_cert", "0")
-modparam("tls_mgm","tls_method", "TLSv1")
-modparam("tls_mgm","certificate", "/usr/local/etc/opensips/tls/user/user-cert.pem")
-modparam("tls_mgm","private_key", "/usr/local/etc/opensips/tls/user/user-privkey.pem")
-modparam("tls_mgm","ca_list", "/usr/local/etc/opensips/tls/user/user-calist.pem")
+modparam("tls_mgm","tls_method", "TLSv1_2")
+modparam("tls_mgm","certificate", "/etc/opensips/tls/user/user-cert.pem")
+modparam("tls_mgm","private_key", "/etc/opensips/tls/user/user-privkey.pem")
+modparam("tls_mgm","ca_list", "/etc/pki/tls/certs/ca-bundle.crt")
 
  
 ####### Routing Logic ########
@@ -348,7 +350,7 @@
 	if (is_method("INVITE")) {
 		
 		if (isflagset(NAT)) {
-			rtpproxy_offer("ro");
+			rtpproxy_offer("ro", "PUBLIC_IP");
 		}
 
 		t_on_branch("per_branch_ops");
@@ -378,7 +380,7 @@
 	if (nat_uac_test("1"))
 		fix_nated_contact();
 	if ( isflagset(NAT) )
-		rtpproxy_answer("ro");
+		rtpproxy_answer("ro", "PUBLIC_IP");
 	xlog("incoming reply\n");
 }
 
@hasanr68
Copy link

Cool :) Thx a lot - inaccessible from the Internet was the issue. Just curious, when calling from the cell network, I get the following error:
ERROR:rtpproxy:force_rtp_proxy: Unable to parse body

Is that normal?

@l2dy
Copy link
Author

l2dy commented Nov 20, 2020

I've seen that error before, but everything was fine so I ignored it. If you found out why, please let me know.

@hasanr68
Copy link

Alright, will do! Thanks a lot for all your time and help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment