Opensips安装配置（以下操作均已centOS 6.3系统为准）

最新推荐文章于 2024-10-11 07:48:50 发布

holybomb

最新推荐文章于 2024-10-11 07:48:50 发布

阅读量791

点赞数

文章标签： centos linux 运维

本文链接：https://blog.csdn.net/holybomb/article/details/14216077

版权

1. 安装依赖软件：

a) Yum update //更新系统到最新

b) 安装以下所需依赖软件
gcc
bison
flex
make
openssl
libmysqlclient-dev
mysql-server

c) 安装radiusclient：

1. wget http://pkgs.repoforge.org/radiusclient-ng/radiusclient-ng-0.5.6-5.el6.rf.x86_64.rpm

2. rpm -ivfradiusclient-ng-0.5.6-5.el6.rf.x86_64.rpm

3. wget http://pkgs.repoforge.org/radiusclient-ng/radiusclient-ng-devel-0.5.6-5.el6.rf.x86_64.rpm

4. rpm -ivfradiusclient-ng-devel-0.5.6-5.el6.rf.x86_64.rpm

5. wget http://pkgs.repoforge.org/radiusclient-ng/radiusclient-ng-utils-0.5.6-5.el6.rf.x86_64.rpm

6. rpm -ivfradiusclient-ng-utils-0.5.6-5.el6.rf.x86_64.rpm

d) 安装xmlrpc3-
yum –y install *xmlrpc3*

e) 安装perl：

1. yum install *perl*MySQL*

2. yum install *perl*Front*

3. yum install *perl*Read*

f) 安装start-stop-daemon

1. wget http://developer.axis.com/download/distribution/apps-sys-utils-start-stop-daemon-IR1_9_18-2.tar.gz

2. tar zxf apps-sys-utils-start-stop-daemon-IR1_9_18-2.tar.gz

3. mvapps/sys-utils/start-stop-daemon-IR1_9_18-2/ ./

4. rm -rf apps

5. cdstart-stop-daemon-IR1_9_18-2/

6. cc start-stop-daemon.c -ostart-stop-daemon

7. cp start-stop-daemon /usr/bin/start-stop-daemon

2. 安装opensips

a) cd /usr/src

b) 下载opensips源码：
wget http://opensips.org/pub/opensips/1.6.0/src/opensips-1.6.0-tls_src.tar.gz

c) 解压缩源码：
tar -xf opensips-1.6.0-tls_src.tar.gz

d) cd opensips-1.6.0-tls

e) 编译并安装：
make prefix=/ all include_modules="db_mysql aaa_radius"
make prefix=/ install include_modules="db_mysql aaa_radius"

f) 创建运行目录
mkdir /var/run/opensips

3. 配置系统运行环境

a) 添加opensips运行文件到linux启动项

i. cd/usr/src/opensips-1.6.0-tls/packaging/debian

ii. cp opensips.default/etc/default/opensips

iii. cp opensips.init /etc/init.d/opensips

b) 修改/etc/opensips/opensips.cfg

i. vim /etc/opensips/opensips.cfg

ii. 删掉fork=no行，即便有注释也删掉

c) 赋予opensips.init文件正确权限

i. cd /etc/init.d

ii. chmod 755 opensips

d) 编辑/etc/default/opensips

i. vim /etc/default/opensips

ii. 修改如下(红色字体)：
# Set to yes to enable opensips, once configured properly.
RUN_OPENSIPS=yes
# User to run as
USER=root
# Group to run as
GROUP=root
# Amount of memory to allocate for the running OpenSIPS server (in Mb)
MEMORY=128

e) 编辑/etc/init.d/opensips，配置正确的opensips路径

i. vim /etc/init.d/opensips

ii. 修改如下（红色字体）
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/sbin/opensips
NAME=opensips
DESC=opensips
HOMEDIR=/var/run/opensips
PIDFILE=$HOMEDIR/$NAME.pid

4. 独立Log文件

a) 修改/etc/rsyslog.conf

i. vim /etc/rsyslog.conf

ii. 在文件最后添加一条：
local0.* /var/log/opensips.log

b) 重启rsyslog服务：
service rsyslog restart

5. 启动opensips

a) 启动opensips服务：
/etc/init.d/opensips start|stop|restart

6. 配置mysql认证支持

a) 确认db_mysql.so正常存在
ls /lib/opensips/modules/db_mysql.so

b) 修改/etc/opensips/opensipsctlrc文件，去掉如下内容的注释：
SIp_DoMAIN=115.28.38.216
DBENGINE=MYSQL
DBHoST=localhost
DBNAME=opensips
DBRWUSER=opensips
DBRWpW="opensipsrw"
DBRoUSER=opensipsro
DBRopW=opensipsro
ALIASES_TYPE="DB"
oSIpS_FIFo="/tmp/opensips_fifo"

c) 创建opensips的数据库
opensipsdbctl create
输入如下（注意红色字，一律选y）：
Opensips:~# opensipsdbctl create
MySqL password for root:
INFO: test server charset
INFO: creating database opensips ...
INFO: Core Opensips tables successfully created.
Install presence related tables?(y/n): y
INFO: creatingpresence tables into opensips ...
INFO: Presence tables successfully created.
Install tables for imc cpl siptracedomainpolicy carrierroute? (y/n): y

d) 编辑/etc/opensips/opensips.cfg
修改如下（去掉如下代码的注释）
#loadmodule "db_mysql.so"
#loadmodule "auth.so"
#loadmodule "auth_db.so"
#modparam("usrloc", "db_mode", 2)
#modparam("usrloc", "db_url",
# "mysql://opensips:opensipsrw@localhost/opensips")
#modparam("auth_db", "calculate_ha1", yes)
#modparam("auth_db", "password_column","password")
#modparam("auth_db", "db_url",
# "mysql://opensips:opensipsrw@localhost/opensips")
#modparam("auth_db", "load_credentials", "")
##if (!(method=="REGISTER") && from_uri==myself) /*nomultidomain version*/
##{
## if (!proxy_authorize("", "subscriber")) {
## proxy_challenge("", "0");
## exit;
## }
## if (!db_check_from()) {
## sl_send_reply("403","Forbidden auth ID");
## exit;
## }
##
## consume_credentials();
## # caller authenticated
##}
#authenticate the REGISTER requests
(uncomment to enable auth)
##if (!www_authorize("", "subscriber"))
##{
## www_challenge("", "0");
## exit;
##}
##
##if (!db_check_to())
##{
## sl_send_reply("403","Forbidden auth ID");
## exit;
##}

e) 重启opensips服务
/etc/init.d/opensips restart

f) 添加两个用户
opensipsctl add 1000 1000
opensipsctl add 1001 1001

g) 客户端可进行登录验证

7. 配置RTPProxy处理NAT

a) 下载并安装RTPProxy

1. cd /usr/src

2. wgethttp://b2bua.org/chrome/site/rtpproxy-1.2.0.tar.gz

3. tar –xzvf rtpproxy-1.2.0.tar.gz

4. cd rtpproxy-1.2.0

5. ./configure

6. make

7. make install

b) 运行RTPProxy
rtpproxy -l 115.28.38.216 -a 10.144.59.80 -s udp:localhost:7890 -F -d INFOLOG_LOCAL1

c) 修改/etc/opensips/opensips.cfg文件
修改如下：
在#loadmodule "presence_xml.so"下面添加
loadmodule "nathelper.so"

在” #modparam("presence", "server_address","sip:192.168.1.2:5060")”下面添加：
modparam("nathelper","rtpproxy_sock", "udp:127.0.0.1:7890")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 0)
modparam("nathelper", "sipping_bflag", 7)
modparam("nathelper", "sipping_from","sip:pinger@127.0.0.1")
modparam("registrar","received_avp","$avp(i:42)")
modparam("nathelper","received_avp","$avp(i:42)")
在# main request routing logic下面的代码中添加如下红色字：
# main request routing logic

route{

if(!mf_process_maxfwd_header("10")) {

sl_send_reply("483","TooMany Hops");

exit;

}

#---- NAT Detection ----#

force_rport();

if (nat_uac_test("18")) {

if (is_method("REGISTER")) {

fix_nated_register();

}

else {

fix_nated_contact();

}

setflag(5);

}

if (has_totag()) {

# sequentialrequest withing a dialog should

# take thepath determined by record-routing

if(loose_route()) {

if(is_method("BYE")) {

setflag(1);# do accounting ...

setflag(3);# ... even if the transaction fails

}else if (is_method("INVITE")) {

#even if in most of the cases is useless, do RR for

#re-INVITEs alos, as some buggy clients do change route set

#during the dialog.

record_route();

}

#route it out to whatever destination was set by loose_route()

#in $du (destination URI).

route(1);

} else {

/*uncomment the following lines if you want to enable presence */

##if(is_method("SUBSCRIBE") && $rd =="your.server.ip.address") {

## # in-dialog subscribe requests

## route(2);

## exit;

##}

if( is_method("ACK") ) {

if( t_check_trans() ) {

#non loose-route, but stateful ACK; must be an ACK after

#a 487 or e.g. 404 from upstream server

t_relay();

exit;

}else {

#ACK without matching transaction ->

#ignore and discard

exit;

}

sl_send_reply("404","Nothere");

}

exit;

}

#initial requests

# CANCEL processing

if(is_method("CANCEL"))

{

if(t_check_trans())

t_relay();

exit;

}

t_check_trans();

# authenticate if fromlocal subscriber (uncomment to enable auth)

# authenticate allinitial non-REGISTER request that pretend to be

# generated by localsubscriber (domain from FROM URI is local)

#if(!(method=="REGISTER") && from_uri==myself) /*no multidomainversion*/

##if(!(method=="REGISTER") && is_from_local()) /*multidomain version*/

# if (!proxy_authorize("","subscriber")) {

# proxy_challenge("","0");

# exit;

# }

# if (!db_check_from()) {

# sl_send_reply("403","Forbiddenauth ID");

# exit;

# }

# consume_credentials();

# # caller authenticated

# preloaded routechecking

if (loose_route()) {

xlog("L_ERR",

"Attemptto route with preloaded Route's [$fu/$tu/$ru/$ci]");

if(!is_method("ACK"))

sl_send_reply("403","PreloadRoute denied");

exit;

}

# record routing

if(!is_method("REGISTER|MESSAGE"))

record_route();

# account only INVITEs

if(is_method("INVITE")) {

setflag(1);# do accounting

}

if (!uri==myself)

## replace withfollowing line if multi-domain support is used

##if(!is_uri_host_local())

{

append_hf("P-hint:outbound\r\n");

# if youhave some interdomain connections via TLS

##if($rd=="tls_domain1.net"){

## t_relay("tls:domain1.net");

## exit;

##} elseif($rd=="tls_domain2.net") {

## t_relay("tls:domain2.net");

## exit;

##}

route(1);

}

# requests for mydomain

## uncomment this ifyou want to enable presence server

## and comment the next 'if' block

## NOTE: uncomment also the definition ofroute[2] from below

##if( is_method("PUBLISH|SUBSCRIBE"))

## route(2);

if(is_method("PUBLISH"))

{

sl_send_reply("503","Service Unavailable");

exit;

}

if(is_method("REGISTER"))

{

#authenticate the REGISTER requests (uncomment to enable auth)

if(!www_authorize("", "subscriber"))

{

www_challenge("","0");

exit;

}

if(!db_check_to())

{

sl_send_reply("403","Forbiddenauth ID");

exit;

}

#--Request is behind NAT(flag5) save with bflag 6 -#

#----Use bflag 7 to start SIP pinging (Options) ---#

if(isflagset(5)) {

setbflag(6);

setbflag(7);

};

if(!save("location"))

sl_reply_error();

exit;

}

if ($rU==NULL) {

# requestwith no Username in RURI

sl_send_reply("484","AddressIncomplete");

exit;

}

# apply DB basedaliases (uncomment to enable)

##alias_db_lookup("dbaliases");

# do lookup withmethod filtering

if(!lookup("location","m")) {

switch($retcode) {

case-1:

case-3:

t_newtran();

t_reply("404","Not Found");

exit;

case -2:

sl_send_reply("405","Method Not Allowed");

exit;

}

# when routing viausrloc, log the missed calls also

setflag(2);

route(1);

}

route[1] {

# for INVITEs enablesome additional helper routes

#---- Helper route, if nat=yes in the R-URI setflag 6 ----#

#---- This is used to Process REINVITES ----#

if (subst_uri('/(sip:.*);nat=yes/\1/')){

setbflag(6);

};

#-- If caller(flag 5) or callee(flag 6) are behindNAT --#

#-- Call the route(6) to force the use of the RTPProxy --#

if (isflagset(5)||isbflagset(6)) {

route(6);

};

if (isflagset(5)){

search_append('Contact:.*sip:[^>[:cntrl:]]*',';nat=yes');

}

if(is_method("INVITE")) {

t_on_branch("2");

t_on_reply("2");

t_on_failure("1");

}

if (!t_relay()) {

sl_reply_error();

};

exit;

}

# Presence route

/* uncomment the whole following route for enabling presence

NOTE: do not forget toenable the call of this route from the main

route */

##route[2]

##{

## if (!t_newtran())

## {

## sl_reply_error();

## exit;

## };

## if(is_method("PUBLISH"))

## {

## handle_publish();

## t_release();

## }

## else

## if(is_method("SUBSCRIBE"))

## {

## handle_subscribe();

## t_release();

## }

## exit;

##}

route[6] {

#---- RTP Proxy handling ---#

if (is_method("BYE|CANCEL")) {

unforce_rtp_proxy();

}

else if (is_method("INVITE")){

#---- Activates the RTP Proxy for the CALLEE ---#

force_rtp_proxy();

t_on_failure("1");

};

}

branch_route[2] {

xlog("new branchat $ru\n");

}

onreply_route[2] {

xlog("incomingreply\n");

#---- Handling of the SDP for the 200 or 183 reply----#

#---- If behind nat (flags 5 or 6) start RTP Proxy----#

#---- Activates the RTP Proxy for the CALLER ----#

if ((isflagset(5) || isbflagset(6)) && status=~"(183)|(2[0-9][0-9])"){

force_rtp_proxy();

append_hf("P-hint:onreply_route|force_rtp_proxy \r\n");

}

#---- If the CALLEE is behind NAT, fix the CONTACTHF ----#

if (isbflagset(6)) {

#-- Insert nat=yes at the end of the Contactheader --#

#-- This helps with REINVITEs, --#

#- nat=yes will be included in the R-URI forseq.requests-#

search_append('Contact:.*sip:[^>[:cntrl:]]*',';nat=yes');

append_hf("P-hint: Onreply-route - fixcontact\r\n");

fix_nated_contact();

}

exit;

}

failure_route[1] {

#---- If a failure has ocurred, deactivate the RTpproxy ----#

if (isflagset(5) || isbflagset(6)){

unforce_rtp_proxy();

}

if (t_was_cancelled()){

exit;

}

# uncomment thefollowing lines if you want to block client

# redirect based on3xx replies.

##if(t_check_status("3[0-9][0-9]")) {

##t_reply("404","Notfound");

## exit;

##}

# uncomment thefollowing lines if you want to redirect the failed

# calls to a differentnew destination

##if(t_check_status("486|408")) {

## sethostport("192.168.2.100:5060");

## # do not set the missed call flag again

## t_relay();

##}

}

d) 重启opensips服务
/etc/init.d/opensips restart

holybomb

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
1
评论
复制链接

分享到 QQ

分享到新浪微博

扫一扫