book

Building Telephony Systems with OpenSIPS - Second Edition

Name: Building Telephony Systems with OpenSIPS - Second Edition
ISBN: 9781785280610

by Flavio E. Goncalves, Flavio E Goncalves, Bogdan-Andrei Iancu

January 2016

Intermediate to advanced

384 pages

8h 6m

English

Packt Publishing

Read now

Unlock full access

Building Telephony Systems with OpenSIPS Second Edition
Table of Contents
Building Telephony Systems with OpenSIPS Second Edition
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for

Conventions
Reader feedback
Customer support
ErrataPiracyQuestions
1. Introduction to SIP
Understanding the SIP architecture
The SIP registration process
Types of SIP servers
The proxy serverThe redirect serverThe B2BUA server
SIP request messages
The SIP dialog flow
SIP transactions and dialogs
Locating the SIP servers
SIP services
The SIP identity
The RTP protocol
CodecsDTMF-relay
Session Description Protocol
The SIP protocol and OSI model
The VoIP provider's big picture
The SIP proxyThe user administration and provisioning portalThe PSTN gatewayThe media serverThe media proxy or RTP proxy for NAT traversalAccounting and CDR generationMonitoring tools
Additional references
Summary
2. Introducing OpenSIPS
Understanding OpenSIPS
OpenSIPS capabilities
An overview of the OpenSIPS projectOpenSIPS knowledge transfer and support
Usage scenarios for OpenSIPS
The ingress sideThe core sideThe egress side
Who's using OpenSIPS?
The OpenSIPS design
The OpenSIPS coreThe OpenSIPS modules
Summary
3. Installing OpenSIPS
Hardware and software requirementsInstalling Linux for OpenSIPSDownloading and installing OpenSIPS v2.1.x
Generating OpenSIPS scripts
Running OpenSIPS at the Linux boot timeThe OpenSIPS v2.1.x directory structureThe configuration filesModules
Working with the log files
Startup options
Summary
4. OpenSIPS Language and Routing Concepts
An overview of OpenSIPS scripting
The OpenSIPS configuration file
Global parametersThe modules sectionScripting routesThe request routeThe branch routeThe failure routeThe reply routeThe local routeThe start up routeThe timer routeThe event routeThe error route
Scripting capabilities
The scripting functionsThe scripting variablesThe reference variablesThe AVP variablesThe script variablesScripting transformationsScripting flagsScripting operatorsScript statements
SIP routing in OpenSIPS
Mapping SIP traffic over the routing scriptStateless and stateful routingIn-dialog SIP routing
Summary
5. Subscriber Management
Modules
The AUTH_DB module
The REGISTER authentication sequence
The REGISTER sequence
The INVITE authentication sequence
The INVITE sequence packet captureThe INVITE code snippet
Digest authentication
The authorization request headerQuality of protection
Plaintext or prehashed passwords
Installing MySQL support
Analysis of the opensips.cfg file
The REGISTER requestsThe non-REGISTER requests
The opensipsctl shell script
Configuring the opensipsctl utilityUsing OpenSIPS with authenticationThe registration processEnhancing the opensips.cfg routing scriptManaging multiple domains
Using aliases
Handling the CANCEL requests and retransmissions
Lab – multidomain support
Lab – using aliases
IP authentication
Summary
6. OpenSIPS Control Panel
The OpenSIPS control panel
Installation of OpenSIPS-CP
Configuring the OpenSIPS-CPInstalling Monit
Configuring administrators
Adding and removing domains
Manage the access control lists or groups
Managing aliases
Managing subscribers
Verifying the subscriber registration
Managing permissions and IP authentication
Sending commands to the management interface
A generic table viewer
Summary
7. Dialplan and Routing
The dialplan module
PSTN routing
Receiving calls from PSTNGateway authenticationThe permissions moduleCaller identificationSending calls to PSTNIdentifying PSTN callsAuthorizing PSTN callsThe group moduleAccess Control ListsCaller ID in PSTN callsRouting to PSTN GWsThe dynamic routing moduleRouting entitiesThe selection algorithmProbing and disabling gatewaysAdvanced featuresScript samples
Summary
8. Managing Dialogs
Enabling the dialog module
Creating a dialog
Dialog matching
Dialog states
Dialog timeout and call disconnection
Dialog variables and flags
Setting and reading the dialog variablesSetting and reading the dialog flags
Profiling a dialog
Counting calls from the MI interface
Disconnecting calls
Disconnecting a call using the MI interface
Topology hiding
Initial request before topology hidingInitial request after topology hidingSequential request before topology hidingSequential request after topology hidingTopology hiding limitations
Validating a dialog and fixing broken dialogs
Displaying the dialog statistics
Description of the statistics
SIP session timers
How the SIP session timer works
Summary
9. Accounting
Progress check
Selecting a backend
The accounting configurationAutomatic accountingManual accountingExtra accountingMulti-leg accountingLab - accounting using MySQLUsing the dialog module to obtain the durationCall end reasonGenerating CDRsLab – generating CDRsCDRviewer and extra accounting
Accounting using RADIUS
Lab – accounting using a FreeRADIUS server
Package and dependenciesFreeRADIUS client and server configurationConfiguring the OpenSIPS server
Missing BYEs and CDRs
Summary
10. SIP NAT Traversal
Port address translation
Where does NAT break SIP?
Types of NAT
Full coneRestricted conePort-restricted coneSymmetricThe NAT firewall table
Solving the SIP NAT traversal challenge
A solution proposed for the NAT issueThe solution's topology
Building the solution
Installing STUNWhy STUN does not work with symmetric NAT devicesSolving SIP signalingImplementing NAT detectionSolving the Via header using rportFixing the Contact header for requests and repliesHandling the REGISTER requests and pingsHandling the responsesHandling sequential requestsUsing a media relay serverSolving the traversal of the RTP packets
Understanding the solution flow
(1) First INVITE(2) INVITE relayed by the server(3) Reply 200 OK with SDPAcknowledgements (ACK packets)
Summary
11. Implementing SIP Services
Where to implement SIP services
Explaining RFC 5359 with SIP service examples
Playing announcements
Playing demo-thanks
Call forwarding
Implementing blind call forwardingLoading the AVPops module and its parametersLab – implementing blind call forwarding
Implementing call forward on busy or unanswered
Debugging the routing script
Lab – testing the call forwarding feature
Implementing an integrated voicemailUser integrationIntegrating Asterisk Realtime with OpenSIPS
Call transfer
An unattended transferTips for call transfer
Summary
12. Monitoring Tools
Built-in tools
Trace tools
SIPTRACEConfiguring SIPTRACEScript trace
Troubleshooting routing scripts
A system crashBenchmarking segments of codeStress testing toolsThe sipsak toolSIPpInstalling SIPpStress testingPacket capturing toolsNgrepSipgrepWireshark
Summary
13. OpenSIPS Security
Configuring a firewall for OpenSIPSBlocking multiple unsuccessful authentication attemptsPreventing DOS using the PIKE modulePIKE in manual modePIKE in automatic mode
Preventing DNS and registration poisoning
Enabling Transport Layer Security
Generating a script for TLSCreating the root certificate authorityCreating the server certificateInstalling the root certificate authority in your softphone
Enabling Secure Real-time Protocol
SRTP-SDESDTLS-SRTPZRTPEnabling SRTP
Enabling the anti-fraud module
Event generationScript integration
Summary
14. Advanced Topics with OpenSIPS 2.1
Asynchronous operations
Asynchronous support in the OpenSIPS script
Available asynchronous functions
Binary replication
Dialog replicationThe usrloc replication
TCP handling
Enabling TCP
Summary
Index

Content preview from Building Telephony Systems with OpenSIPS - Second Edition

The INVITE authentication sequence

Here is the INVITE authentication sequence of an ordinary call. The proxy server always answers the first INVITE message with a reply containing the 407 Proxy Authentication Required message. This message has the Authorization header field, which contains information about the Digest authentication, such as realm and nonce (nonce is a number used once in the authentication process and it prevents replay attacks). Once received by UAC, this message is replied with a new INVITE. Now, the Authorize header field contains the Digest calculated using the username, password, realm, and nonce with the MD5 algorithm. If a match exists between the Digest informed in the request and the one calculated in the server using ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Asterisk: The Future of Telephony, 2nd Edition

Publisher Resources

ISBN: 9781785280610

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Building Telephony Systems with OpenSIPS - Second Edition

by Flavio E. Goncalves, Flavio E Goncalves, Bogdan-Andrei Iancu

The INVITE authentication sequence

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.