// A Beginners Guide to OpenSER // // by natas (natas@oldskoolphreak.com) // // http://www.oldskoolphreak.com/ My fascination with SER, short for SIP Express Router, began a few years ago, when I was watching SIP packets on my Asterisk server with the "SIP debug" command. I noticed that the SIP packets from Jeff Pulver's Free World Dialup service stated that they were coming from a server running the SIP Express Router, which, at the time, was something I had never heard of. I figured that if this software was powering Free World Dialup, which handles tens of thousands of SIP users, and an equal amount of calls, then it must be powerful and advanced. After doing some research, I concluded that it was, in fact, both. But the problem was that I hated the available documentation and there didn't seem to be a very active community following the progress of the software, like we have with the Asterisk community. So I kind of gave up on SER for a while. Then OpenSER came along. The OpenSER project (http://www.openser.org) began due to a lack of progress and contributions to the SER project from SER team members and developers. People started working on new features, and some decent documentation started showing up. However, if it was perfect, I wouldn't have had such a hard time getting it installed properly, and wouldn't be writing this text file! After being at Astricon last week and going to a few talks that touched on OpenSER, I became determined to get OpenSER installed, and configured properly, so that I could finally start playing around with it on my own network. Honestly, I felt like a fucking idiot having so many issues with just the installation! I couldn't even get OpenSER working on Debian, which has it's own special binaries on the OpenSER site, to make things as easy as possible. I kept having different problems with the MySQL module, which I felt, was an absolute necessity. (And the only reason I haven't used the PostgreSQL module yet, is because I wanted to keep things as simple as possible at first, and there isn't as much documentation for PostgreSQL support yet.) Why am I even bothering with OpenSER when there's Asterisk? Asterisk is great, but it's not really a SIP proxy and it doesn't scale as well as OpenSER. A single OpenSER box can handle more registrations and call setups, than a large cluster of Asterisk boxes can at this time. This is why Free World Dialup uses SER as it's SIP proxy and not Asterisk. I came to the conclusion I should write this text file, to try to help other users around the Binary Revolution community, or to spark an interest in those around the community, who might be interested in using OpenSER. So far there really hasn't been that much talk around the forums, or on our sites, about SER or OpenSER, so I thought this might be a nice addition. I'm hoping that maybe next time I post something in the forums about OpenSER, someone will actually respond! So now you have a little background as to how this text file came about. Lets get into some details on how to actually get the software installed and configured with MySQL support for persistent data storage. I started off with a clean install of Fedora Core 3. Why Fedora Core 3? Because I feel comfortable with it and it was quick and easy to get it installed on my test machine, which is an 800MHz P3. I checked the OpenSER site and made sure I had all the required packages, which in my case, were: gcc or icc, bison or yacc, flex, zlib, zlib-devel, MySQL and MySQL-devel. I didn't have all of these packages by default, so I installed them using yum. In my particular case, I think I had to install bison, zlib-devel, and mysql-devel. I also made sure I had all the necessary gcc packages, just in case, by doing "yum install gcc*" and installing a bunch of gcc related packages. I started the OpenSER installation by cd'ing into /usr/src/ and used wget to download the OpenSER 1.1.0 package. cd /usr/src/ wget http://openser.org/pub/openser/1.1.0/src/openser-1.1.0-notls_src.tar.gz I decided to just go with the package without TLS support, since I didn't think I would need TLS support for now. I untarred the file, cd'ed into the OpenSER directory. tar -xzvf openser-1.1.0-notls_src.tar.gz cd openser-1.1.0-notls After some help from some OpenSER users, I realized that I only had to do two simple commands to install OpenSER and actually get the damned MySQL module installed with it! make all include_modules="mysql" make prefix=/usr/local install include_modules="mysql" If all goes well for you, unlike it did for me the first few times, mysql.so should be installed in /usr/local/lib/openser/modules. The next step is to begin setting up everything for MySQL support, beginning with the most obvious package necessary for this...MYSQL! Check your MySQL installation and make sure you have assigned a password to the root account! If you haven't password protected the account yet, do the following: mysql -u root update mysql.user set Password = PASSWORD('password here') where User = 'root'; flush privileges; exit; Now the next step is to create the OpenSER database by using the openser_mysql.sh script located in /usr/local/sbin/. Run the script by cd'ing into this directory and issuing the following command: openser_mysql.sh create You will prompted to enter your SIP "realm" or "domain" during this step, followed by your root MySQL users password. In my case, my test box was on my local network, so there really wasn't a "realm" or "domain" so I just entered the IP address of the box, which was 192.168.1.106. The next step is to open up the /usr/local/etc/opernser.cfg file with your favorite text editor, and comment/uncomment some lines to enable MySQL support. You will have to uncomment the following lines: - loadmodule "/usr/lib/openser/modules/mysql.so" - loadmodule "/usr/lib/openser/modules/auth.so" - loadmodule "/usr/lib/openser/modules/auth_db.so" - modparam("usrloc", "db_mode", 2) - modparam("auth", "calculate_ha1", yes) - modparam("auth_db", "password_column", "password") - if (!www_authorize("sip.org", "subscriber")) { - www_challenge("sip.org", "0"); - break; - }; Make sure you change the two sip.org instances in the above config, to your domain, or realm. In my case, I changed this to 192.168.1.106 which was the IP address of this box. Also, be sure to comment out the following line: modparam("usrloc", "db_mode", 0) Now you need to edit /usr/local/etc/openser/openserctlrc with your favorite text editor, and uncomment all the lines, except the OSER_FIFO="FIFO" line, for MySQL support to actually work. Be sure to put your own SIP_DOMAIN info at the top of the file too. In this config I also added the line that says "DBRWPW=openserrw" so that I wouldn't have to enter the password every time I access the OpenSER database with an "openserctl" command that requires a password. Keep in mind that this config is still using the default passwords, which should be changed. The sooner the better. However the focus of this guide is not really on security, as this OpenSER setup is really just a basic config for testing purposes. # $Id: openserctlrc,v 1.2 2006/07/05 19:37:20 miconda Exp $ # # openser control tool resource file # # here you can set variables used in the openserctl ## your SIP domain SIP_DOMAIN=192.168.1.106 ## database type: MYSQL or PGSQL, by defaulte none is loaded DBENGINE=MYSQL ## database host DBHOST=localhost ## database name DBNAME=openser ## database read/write user DBRWUSER=openser ## database read/write password DBRWPW=openserrw ## database read only user DBROUSER=openserro ## password for database read only user DBROPW=openserro ## database super user DBROOTUSER="root" ## type of aliases used: DB - database aliases; UL - usrloc aliases ## - default: none ALIASES_TYPE="DB" ## control engine: FIFO or UNIXSOCK ## - default FIFO CTLENGINE="FIFO" ## path to FIFO file # OSER_FIFO="FIFO" ## check ACL names; default on (1); off (0) VERIFY_ACL=1 ## ACL names - if VERIFY_ACL is set, only the ACL names from below list ## are accepted ACL_GROUPS="local ld int voicemail free-pstn" ## verbose - debug purposes - default '0' VERBOSE=1 After editing your openserctlrc file to match the above, you should be all set to start running openser by executing "openser start". If your receiving any error messages on the screen, thats a bad thing. You can tell if MySQL support is working, by executing a command that requires database access. In my case, I tested this by adding a couple of SIP users to the database. openserctl add 100 100 100@localhost openserctl add 101 101 101@localhost I also suggest you test your fifo settings, by running: openserctl moni If you don't receive any errors, then things are looking good. You should have three users in your database now: admin, which was created by default, 100 and 101, which I created with the "openserctl add" command. Now, you should be able to use a SIP client, such as Windows Messenger 5.1 or X Lite, which I recommend, to connect to your OpenSER box as any three of these users. The following is a quick X-Lite configurtion sample: Username: 100 Password: 100 Authorization user name: 100 (or you can leave this blank) Domain: 192.168.1.106 You should be able to log in without any problems, be able to place calls and send instant messages (if your SIP client supports it. X-Ten does, and it's nicer than Windows Messenger, which is why I recommend it!) You may even be able to use X-Ten's video chat if you have some web cams, but unfortunately I don't so I wasn't able to test it. At this point you have a basic working OpenSER config that should be a good starting point for any further SIP testing you'd like to do. I'm trying to think of other cool things to add in, so look for some more OpenSER related material in the future! Some OpenSER resources: http://www.openser.org http://www.openser.org/cgi-bin/mailman/listinfo/users http://siprouter.onsip.org/doc/gettingstarted/