0

I want to use netsed to alter the incoming SIP traffic (UDP port 5060) on a PBX server which is running on a linux system (debian 10 stretch).

In the first step I simply tried to set up the phone to connect to UDP/5061 and started netsed with that command:

./netsed udp 5061 127.0.0.1 5060 s/profile-level-id=4280D/profile-level-id=42800D

The traffic was intercepted, changed and forwarded to port 5060 of the PBX software.

Unfortunately, the SIP protocol "notices" that the port used by the phone does not match the PBX (the pbx is using 5060 and the phone is using 5061 because of the port forwarding). Now the question is how to do this with netsed.

So the question is how to create a transparent proxy on the same system as the pbx.

Or is there a way to listen with netsed already on port 5060, but then pass it on to the pbx software on port 5060?

The deeper background is the Mobotix door phones for outgoing calls that do not correctly encode the profile-level-id field (it should be six base16 characters long but is five characters long). My idea was to simply change the profile-level-id as soon as the SIP-Invite enters the PBX.

Same question at Stack Overflow.

A. Fendt
  • 1
  • 1

1 Answers1

0

First... the problem: SIP isn't the ONLY protocol used for VoIP. SIP is just the hand-shaking mechanism. It's job is to give status updates, and tell endpoints where to send/recieve audio. It's up other protocols to actually transport the audio... (i.e. RTP). SIP negotiates between endpoints audio codecs as well as endpoints to send the audio. Server tells client to send RTP to a specific IP and port... and since RTP is UDP, and connection-less... the client has no way to know if the server is receiving the audio or not. Even if you NAT everything (SIP and RTP)... the server probably would still reject a lot of traffic, because the source/dest IPs and ports don't match what is expected.

What you really need is something that understands NATs and the SIP protocol. There are sip-proxies/gateways that can do the translations of the protocols properly. (siproxyd, ALG, STUN, ICE, and many others) Most SIP server software out there has a mechanism to do the sip NAT handling. For example:

Asterisk: You can specify a few global variables in the conf as follows:

externip=x.x.x.x
localnet=y.y.y.y/m

and on the peer configs, you can specify a nat=yes or rely on the endpoints using RFC3581 with nat=no

Freeswitch: You can specify an "internal.xml" and "external.xml" as needed while specifying

<param name="ext-sip-ip" value="x.x.x.x"/>
<param name="ext-rtp-ip" value="x.x.x.x"/>

Without more info about what sort of SIP server you are running, I can only give a few hints.

TheCompWiz
  • 7,409
  • 17
  • 23
  • As already described, my phones (YeaLink T58) do not understand the incorrectly encoded profile-level-id which is sent by the SIP-Invite and its SDP from the Mobotix intercom to the phones. This is also derived from the diagnostic protocol of the phone. Now how can I use sipproxyd to correct this? As SIP proxy and registrar I used to use the SIP server inside the Mobotix door phone, but now I would use the 3CX PBX on a Raspberry Pi. – A. Fendt Nov 06 '19 at 22:25
  • Your question said, "the question is how to create a transparent proxy on the same system as the pbx." This implies that the phones you have already work without a NAT... from the last part of your comments, you only mentioned the Mobotix door phones as an after-thought. You did not tell us what sort of PBX you are using, and you didn't give us more details about what EXACTLY you're asking. – TheCompWiz Nov 07 '19 at 00:36
  • "profile-level-id" is a specific property used with regards to video, and is not a standard property in SIP communications for PBXes. It sounds more like you're running into issues of trying to negotiate video codecs between Yealink and Mobotix devices. – TheCompWiz Nov 07 '19 at 00:38