Kamailio + RTPengine在公网环境下实现音视频通话

服务器环境：

Debian 12.9

一、Kamailio 安装及配置

1.1 Kamilio安装

首先安装mysql服务，注意安装完成后调整mysql的密码策略，调整为最低，后续kamailio配置数据库不会出错

然后根据官方安装教程执行命令（访问官网前先阅读注意事项）：
https://kamailio.org/docs/tutorials/6.0.x/kamailio-install-guide-git/

注意事项：

• 选择include_modules= db_mysql，并非include_modules= db_mysql dialplan tls
• 执行/usr/local/sbin/kamdbctl create命令前需要修改kamctlrc文件
  找到以下行进行修改：

  # 填公网IP
  SIP_DOMAIN=121.41.89.120
  
  DBENGINE=MYSQL
  
  DBHOST=localhost
  
  DBPORT=3306
  
  DBNAME=kamailio
  
  DBRWUSER="kamailio"
  
  DBRWPW="kamailiorw"
  
  DBROUSER="kamailioro"
  
  DBROPW="kamailioro"
  
  DBROOTHOST="localhost"
  
  DBROOTUSER="root"
  
  # 服务器数据库的root密码
  DBROOTPW="root密码"
  

• 此步骤跳过，保证原生配置不变，后续另开一个kamailio-local.cfg文件进行配置
  

1.2 Kamailio配置

新建文件kamailio-local.cfg放在路径/usr/local/etc/kamailio/下（与kamailio.cfg相同路径）。
kamailio-local.cfg 的配置信息如下：

# 开启 MySQL
#!define WITH_MYSQL

# 开启验证
#!define WITH_AUTH
#!define WITH_USRLOCDB

# 开启日志

# 开启 NAT 默认使用 rtpproxy
#!define WITH_NAT

# 开启 rtpengine 会替换 rtpproxy
#!define WITH_RTPENGINE

# 监听端口，121.41.89.120为服务器公网IP
listen=udp:0.0.0.0:5060 advertise 121.41.89.120:5060 
listen=tcp:0.0.0.0:5060 advertise 121.41.89.120:5060

1.3 Kamailio相关命令

# 启动命令
kamctl start

# 停止命令
kamctl stop

# 添加用户账号，test1为账号，123456为密码
kamctl add test1 123456

---

二、RTPengin

2.1 RTPengin安装

1. 通过添加源仓库安装（推荐），官网指引如下：
   https://dfx.at/rtpengine/

2. 若需要手动编译安装，参考博客https://www.cnblogs.com/MikeZhang/p/18364371/debian10installRtpengine20240817

2.2 RTPengine配置

apt安装的配置文件路径为：/etc/rtpengine/rtpengine.conf

若是手动编译安装的配置文件则在文件目录/usr/local/src/rtpengine-master/rtpengine/etc/rtpengine.conf，将该配置文件移动到/usr/local/bin/rtpengine.conf

按照下述文件进行配置

[rtpengine]
table = 0
# no-fallback = false
### for userspace forwarding only:
# table = -1

### a single interface:
# interface = 123.234.345.456
### separate multiple interfaces with semicolons:
# interface = internal/12.23.34.45;external/23.34.45.54
### for different advertised address:
# interface = 12.23.34.45!23.34.45.56

#172.22.66.138为服务器私网 IP，121.41.89.120为公网 IP
interface=172.22.66.138!121.41.89.120

listen-ng = localhost:2223
# listen-tcp = 25060
# listen-udp = 12222

### interface for HTTP, WS and Prometheus
# listen-http = 9101
listen-http = localhost:2225

# listen-https = localhost:2226
# https-cert =
# https-key =

listen-cli = localhost:2224

timeout = 60
silent-timeout = 3600
tos = 184
# control-tos = 184
# control-pmtu = dont
# delete-delay = 30
# final-timeout = 10800
# endpoint-learning = heuristic
# reject-invalid-sdp = false

# foreground = false
# pidfile = /run/ngcp-rtpengine-daemon.pid
# num-threads = 16
# media-num-threads = 8
# http-threads = 4

port-min = 30000
port-max = 40000
# max-sessions = 5000

# software-id = rtpengine
# max-load = 5
# max-cpu = 90
# max-bandwidth = 10000000
# scheduling = default
# priority = -3
# idle-scheduling = idle
# idle-priority = 10

recording-dir = /var/spool/rtpengine
recording-method = proc
# recording-format = raw

# redis = 127.0.0.1:6379/5
# redis-write = password@12.23.34.45:6379/42
# redis-num-threads = 8
# no-redis-required = false
# redis-expires = 86400
# redis-allowed-errors = -1
# redis-disable-time = 10
# redis-cmd-timeout = 0
# redis-connect-timeout = 1000

# b2b-url = http://127.0.0.1:8090/
# xmlrpc-format = 0
# janus-secret = ABC123

# log-level = 7
log-level = 7
# log-stderr = false
# log-facility = daemon
log-facility = local5
# log-facility-cdr = local0
# log-facility-rtcp = local1
# debug-srtp = false
# log-srtp-keys = false
# dtls-cert-cipher = prime256v1
# dtls-rsa-key-size = 2048
# dtls-mtu = 1200
# dtls-signature = sha-256
# dtls-ciphers = DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK

# dtmf-no-log-injects = 0

# graphite = 127.0.0.1:9006
# graphite-interval = 60
# graphite-prefix = foobar.

# homer = 123.234.345.456:65432
# homer-protocol = udp
# homer-id = 2001

# mysql-host = localhost
# mysql-port = 3306
# mysql-user = mysql
# myser-pass = mysql
# mysql-query = select data from voip.files where id = %llu

# dtx-delay = 50
# max-dtx = 600
# dtx-buffer = 5
# dtx-lag = 100
# dtx-shift = 0
# amr-dtx = native
# dtx-cn-params = 60
# silence-detect = 0.05
# cn-payload = 60

# player-cache = false
# kernel-player = 0
# kernel-player-media = 128

# audio-buffer-length = 120
# audio-buffer-delay = 10
# audio-player = on-demand

# sip-source = false
# dtls-passive = false

# mqtt-host = localhost
# mqtt-port = 1883
# mqtt-tls-alpn = mqtt
# mqtt-id =
# mqtt-user = foo
# mqtt-pass = bar
# mqtt-capath =
# mqtt-cafile =
# mqtt-certfile =
# mqtt-keyfile =
# mqtt-publish-qos = 0
# mqtt-publish-topic = rtpengine
# mqtt-publish-interval = 5000
# mqtt-publish-scope = media

# mos = CQ
# poller-per-thread = false
# io-uring = false
# socket-cpu-affinity = -1
# rtcp-interval = 5000

[rtpengine-testing]
table = -1
interface = 10.15.20.121
listen-ng = 2223
foreground = true
log-stderr = true
log-level = 7

2.3 RTPengine启动命令

### 针对apt安装
# 启动命令
systemctl start rtpengine
# 停止命令
systemctl stop rtpengine

### 针对手动编译安装
# 启动命令，需要指定配置文件
rtpengine --config-file /usr/local/bin/rtpengine.conf
# 停止命令，先查看PID，再kill
ps aux | grep rtpengine
sudo kill -9 78595

三、日志配置

找到下述文件

/usr/lib/systemd/system/rtpengine-daemon.service

找到ExecStart所在行，修改如下：

ExecStart=/usr/bin/rtpengine -f --no-log-timestamps --pidfile /run/rtpengine/rtpengine-daemon.pid --config-file /etc/rtpengine/rtpengine.conf

再去/etc/rsyslog.d/下新建kamailio.conf和rtpengine.conf文件

kamailio.conf配置信息如下：

local0.*    -/var/log/kamailio.log

rtpengine.conf配置信息如下：

local5.*    -/var/log/rtpengine.log

查看日志命令：

# kamailio
tail -f /var/log/kamailio.log 

# rtpengine
tail -f /var/log/rtpengine.log

四、验证

使用Linphone验证，配置如下：
其中：

• 用户名：执行kamctl add 指令时的用户名
• 域名：公网IP
  

PC端Linphone配置如下：

五、针对PJSIP验证

需修改Kamailio.cfg的以下位置：

• 第877行
  
• 第907行，第911行