If ever there was a Swiss Army Knife for SIP, Kamailio (a.k.a. OpenSER) is the hands-down winner. The flexibility of this open source SIP server is legendary. Whether it’s secure communications, insulation from brute force attacks, load balancing, failover, WebRTC, or the return of shared line appearances on your office phone system, Kamailio can handle it while processing thousands of call setups per second on minimal hardware platforms.

Our plan for today is to walk you through setting up a Debian-based Kamailio server on an inexpensive cloud platform that is suitable for making thousands of free SIP phone calls worldwide. Down the road, we’ll walk you through using Kamailio as a frontend for one or more Asterisk® servers to insulate your communications workhorses without sacrificing network security. If, like us, you managed an office which migrated from key telephones to a platform like Asterisk, then you will most certainly appreciate the ability to once again let your managers and secretaries share phone lines without the aggravation of call parking and pickup. Other than removing a free office coffee machine, I can’t think of any single event that ever prompted a staff and management revolt quite like the one we experienced with the removal of key telephones. Little wonder that it’s part of all Cisco and Avaya phone systems as well as cloud offerings from Vonage, 8X8, Jive, and probably others.

Before we begin our adventure, let me caution everyone that this is an experimental platform with a tutorial prepared by a Kamailio novice. While we’ve done our homework, digging out information on Kamailio is a challenge because many of the experts depend upon Kamailio consulting for their livelihood. It’s quite similar to the early Asterisk years. We also don’t vouch for the longevity of any of these VPS providers. Reread our article for details.

SIP URI (Free) Calling Opportunities

We mentioned free SIP phones in our introduction of Kamailio. But let that sink in for a moment. As we have stressed for many years, SIP calls to anyone with a public SIP URI (somebody@somewhere.com) are entirely free to anyone worldwide. And you can talk as long as you like. All that’s required is an Internet connection, a SIP phone or softphone, and a SIP URI. As part of the Kamailio implementation, we’ll show you how easy it is to create SIP URIs for all your friends and business acquaintances securely… in seconds. First, let’s take a moment to consider what SIP URI (free) calling opportunities are available. There literally are millions of SIP URI resources that await. But, unless you want to be one of the "don’t call us, we’ll call you" folks, you also will need one or more SIP URIs for yourself. YOU DON’T NEED A KAMAILIO SERVER TO OBTAIN A SIP URI. Here are just a few of the possibilities. Using SIP Broker, you can call anyone on more than 2,000 VoIP networks around the globe. Using a softphone and a free or almost free registration with VoIP.ms, CallCentric, or LocalPhone, you not only get a SIP URI, but you also can request an iNUM number which also doubles as a SIP URI by coupling it with @81.201.82.50. 3CX and pbxes.org also offer SIP URIs to complement their free offerings. All of these companies will let you connect a softphone or SIP endpoint directly to their service without the need for an Asterisk PBX in the middle.1 You can even refer your favorite spam callers to Lenny via SIP URI: 2233435945@sip2sip.info.

Deploying a Cloud-Based Debian Server

We hope you took advantage of one of the special VPS offerings we highlighted to start the New Year. Some are still available with annual pricing that’s less than the cost of most lunches these days. We recommend a cloud platform because (1) it’s cheap, (2) it’s easy to set up a Debian platform, and (3) it provides a static IP4 address for your server. When you sign up or if you wish to reconfigure an existing VPS that you may have gathering dust, just choose the Debian 8/64 operating system and assign an FQDN to your server. Once you get your credentials, log into the server as root with the password that was provided. Immediately change your root password and issue the following commands to bring Debian up to date. We also strongly recommend changing the SSH port to deter would-be attackers. A TCP port in the 1000-2000 range works wonders. Simply edit /etc/ssh/sshd_config and change the Port 22 entry before rebooting. HINT: Birth years make the SSH port easy to remember.

passwd
apt-get update
apt-key update
apt-get dist-upgrade
apt-get -y install gcc flex bison libmysqlclient-dev make libssl-dev nano
apt-get -y install libcurl4-openssl-dev libxml2-dev libpcre3-dev ntp ntpdate
reboot

Once the reboot is complete, log back into your server’s new SSH port using this syntax where 1234 is the port number you chose.

ssh -p 1234 root@server-ip-address

Now we’re ready to install the necessary packages to support Kamailio:

apt -y install mysql-server
mysql_secure_installation
apt -y install kamailio kamailio-mysql-modules
apt -y install kamailio-dbg
apt -y install kamailio-extra-modules
apt -y install kamailio-outbound-modules
apt -y install kamailio-presence-modules
apt -y install kamailio-tls-modules
apt -y install kamailio-utils-modules
apt -y install kamailio-websocket-modules

Configuring Kamailio’s kamctlrc File

For today, we’ll be configuring Kamailio to allow user logins from SIP endpoints including SIP phones and softphones. Down the road, we’ll change things up to let Kamailio serve as the front-end to one or more Asterisk PBXs. But let’s learn to walk before we start running. We’ll be editing three configuration files and then adding a SIP account to support logging in from a SIP phone. Let’s begin with kamctlrc.

(1) Edit kamctlrc: nano -w /etc/kamailio/kamctlrc

(2) Start by uncommenting SIP_DOMAIN and insert the FQDN you associated with your VPS.

(3) Uncomment DBENGINE line and make certain it points to MYSQL.

(4) Uncomment the following line: DBRWUSER="kamailio".

(5) Uncomment the DBRWPW line and insert your own password between the quotes.

(6) Uncomment the following line: DBROUSER="kamailioro".

(7) Uncomment the DBROPW line and insert a different password between the quotes.

(8) Uncomment the DBACCESSHOST line and insert the IP address of your server.

(9) Drop down near the bottom of the file and uncomment the PID_FILE line.

(10) Save the file.

Configuring Kamailio’s kamailio.cfg Startup File

(1) Edit kamailio.cfg: nano -w /etc/kamailio/kamailio.cfg

(2) Make the top of the startup file look like the following:

#!KAMAILIO
#!define WITH_MYSQL
#!define WITH_AUTH
#!define WITH_USRLOCDB
#!define WITH_ANTIFLOOD
#!define WITH_PRESENCE
# change next line to comment to disable logging
#!define WITH_ACCDB
#
# Kamailio (OpenSER) SIP Server v4.2 - default configuration script

(3) Find the line: #!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"

(4) Change the kamailiorw entry to the password you entered in step #5 above.

(5) Tighten up security a bit by searching for the line containing friendly-scanner.

(6) Immediately above that line, cut-and-paste this addition from Fred Posner at AstriCon:

### Posner additions
        if ($ua =~ "(friendly-scanner|sipvicious|sipcli)") {
                xlog("L_INFO","script kiddies from IP:$si:$sp - $ua n");
$sht(ipban=>$si) = 1;
                sl_send_reply("200", "OK");
                exit;
        }
        if($au =~ "(=)|(--)|(')|(#)|(%27)|(%24)" and $au != $null) {
                xlog("L_INFO","[R-REQINIT:$ci] sql injection from IP:$si:$sp - $au n");
$sht(ipban=>$si) = 1;
                exit;
        }
###

(7) Save the file.

(8) Generate the MySQL database and tables to support Kamailio: kamdbctl create

(9) At every prompt, type Y to add the feature.

(10) Open MySQL as root using the actual MySQL password you assigned when adding the MySQL package:

mysql -u root -ppassw0rd kamailio

(11) At the MySQL prompt, cut-and-paste the following commands:

ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN src_ip varchar(64) NOT NULL default '';
ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_ip varchar(64) NOT NULL default '';
ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
quit

Configuring Kamailio Defaults in /etc/default/kamailio

(1) Edit Kamailio defaults: nano -w /etc/default/kamailio

(2) Make the startup defaults look like the following:

#
# Kamailio startup options
#

# Set to yes to enable kamailio, once configured properly.
RUN_KAMAILIO=yes

# User to run as
USER=kamailio

# Group to run as
GROUP=kamailio

# Amount of shared and private memory to allocate
# for the running Kamailio server (in Mb)
SHM_MEMORY=128
PKG_MEMORY=4

# Config file
CFGFILE=/etc/kamailio/kamailio.cfg

(3) Save the file.

Managing Kamailio Startups & Shutdowns

With all the pieces in place, here’s how to start, restart, stop, and check status of Kamailio:

systemctl start kamailio
systemctl restart kamailio
systemctl stop kamailio
systemctl status kamailio

Adding Users/Accounts to Kamailio

Now we’re ready to add accounts to Kamailio. These can be numeric, alphanumeric, or purely alpha entries. They become the user’s respective SIP URIs when coupled with @FQDN where FQDN is the fully-qualified domain name assigned to your server:

kamctl add username userpw

As you probably have guessed, kamctl is the main management tool for Kamailio. Issuing the command by itself will list all of the possible options that are available.

Monitoring Kamailio Access

There are a number of ways to monitor access (both legitimate and otherwise) to your Kamailio server. Here are a few of our favorites:

systemctl status kamailio
cat /var/log/syslog | grep kamailio
mysql -u root -ppassw0rd kamailio -e "select * from acc"
mysql -u root -ppassw0rd kamailio -e "select * from missed_calls"

Connecting a SIP Phone to Kamailio

You can connect virtually any kind of SIP telephone or endpoint to Kamailio. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum. For today we’ll get you started with one of our favorite (free) softphones, YateClient. It’s available for almost all desktop platforms.

Download YateClient from here. Run YateClient once you’ve installed it and enter the credentials for the account you created above. You’ll need the IP address of your server plus your account’s password. Fill in the Yate Client template using the IP address or FQDN of your Server as well as your Username and whatever Password you assigned to the account when you created it. Click OK to save your entries.

Once the Yate softphone shows that it has registered with Kamailio, try a test call to Lenny by dialing sip:2233435945@sip2sip.info.

Next week, we’ll tackle security. If you run systemctl status kamailio for a few days, you’ll understand why. We’ll also get your Kamailio server interconnected with Asterisk so that inbound calls to your new SIP URI pass through to Asterisk transparently. Enjoy!

Originally published: Monday, January 14, 2019



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: RentPBX, Amazon, Skyetel, Vitelity, DigitalOcean, Vultr, Digium, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls plus quadruple data center redundancy assures that you’ll never have a failed call. Tutorial and sign up details are here.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Print Friendly, PDF & Email

Be Sociable, Share!

  1. Some of our links refer users to sites or service providers when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from these providers to help cover the costs of our blog. We never recommend particular products solely to generate commissions. []
Tags:

This article has 2 comments

  1. Thanks for this article!

    Just to add that kamctl tool can be used to display the content of database tables used by kamailio, like:

    kamctl db show acc
    kamctl db show missed_calls

    This is rather convenient if you set the DB access attributes inside kamctlrc file.

  2. Hi Ward.

    As usual, this is a great article. How are things going with the next steps to integrate it with Asterisk?

    Thanks for the great articles throughout the years!