Time for another Astricon, the Asterisk Users Conference, is approaching.
Kamailio project will be present at the event, with an exhibition booth as well as talks about SIP, Kamailio and Asterisk, by Fred Posner and I. Many other developers and community members will be at the event, such as Torrey Searle, Alex Balashov, Nir Simionovich or JR Richardson, therefore it looks like a great place to come and meet other Kamailians.
Astricon is the event where a lot of Asterisk and Kamailio knowledge is concentrated in the same place, if you need to learn more about one or the other and how to combine them, then this event is the right opportunity. More about the event can be found at:
If you offer services or products that incorporate Kamailio, you are welcome to join our booth in the exhibition area, you can bring flyers, giveaways as well as come with a demo to show on site. Contact us via mailing list .
Kamailio project is present at IIT RTC Conference, Oct 6-8, 2015, in Chicago, with a presentation by myself about SIP Server Optimizations for Mobile Networks.
We have a discount code for our community, giving an 100USD discount, which can save a bit or make some of the available tickets completely free (like Expo Plus admission). Should someone be interested, contact directly via email.
If Kamailio friends are in the Chicago area and want to meet and chat about the project, no matter of participation to the conference, write an email at the above address and we can try to organize a meetup.
Kazoo project organizes its annual conference in San Francisco, USA, during October 5-6, 2015. Kazoo platform embeds Kamailio as its core SIP routing engine, a module with same name, kazoo, being part of Kamailio’s standard source code.
Expect many people from Kamailio community to be there, a lot of talks should present interesting use cases for Kamailio for running cloud PBX service from Kazoo developers and Kazoo users. Also, I will speak about VoIP security: Kamailio and VoIP Wild World.
Kamailio SIP Server v4.3.2stable is out – a minor release including fixes in code and documentation since v4.3.1 – configuration file and database compatibility is preserved.
Kamailio (former OpenSER) v4.3.2 is based on the latest version of GIT branch 4.3, therefore those running previous 4.3.x versions are advised to upgrade. There is no change that has to be done to configuration file or database structure comparing with older v4.3.x.
Kamailio project considering to organize the next IRC devel meeting to sync on the plans for Kamailio short term evolution. A wiki page has been created to keep track of what should be discussed there. Feel free to add your suggestions there:
First proposed date is next week on Wednesday, September 16, at 14:00 UTC (15:00 London, 16:00 Berlin, …). The date can be changed based on availability of people willing to attend — add your preferred date and time to the wiki.
Anyone can attend, no matter it proposed or not topics to discuss!
Looking forward to irc-ing about Kamailio next week!
One of the interesting modules added in Kamailio v4.3 is rtjson – in short, it defines a JSON document format that can be used to specify and push destination addresses when routing a SIP request. It is very handy when the attributes for routing are decided by an external application.
A tutorial about using a Node.js application to decide the routing for a SIP request has been published at:
The next diagram shows the relation between SIP, Kamailio and Node.js application.
The relevant components used inside Kamailio are:
evapi module – to asynchronously send/receive data to/from Node.js (i.e., don’t block Kamailio, allow to handle other traffic meanwhile)
rtjson module – to fill in the internal fields corresponding to the routing attributes returned by the Node.js application
jansson module – to access the rtjson document in kamailio.cfg for additional processing
Using this architecture, one can built external SIP routing decision engines for Kamailio that suits better various contexts. For example, do least cost routing or load balancing selection, access control policy, fraud protection, etc. inside the external application, instead of using the existing modules.
Depending on the needs, using such architecture could fit better, especially when dealing with lots of SIP server nodes. Of course, Node.js platform can be replaced by any other application, standalone or on top of a framework.
WWW-Digest authentication (RFC 2617), the same used to authenticate users in SIP, requires that both server and user share and store the same secret. Storing the password in clear text is really bad, unfortunately the only alternative is to store the so called HA1 string, which is the result of MD5 hashing over username, authentication realm and password — this has become the default lately.
Kamailio, as well as other SIP server side applications such as Asterisk or FreeSwitch, can work with clear text passwords as well as HA1 values (no need to repeat that you should use them with the second option!).
Each SIP service that allows customers to set the passwords must have a system in place to test if the passwords are strong enough to offer a fair protection against dictionary attacks. However, not all of them had such system from the moment they started to get customers.
To become safe, the options are:
force a reset of the passwords, so the new values are tested to see if they are strong
try to audit the existing HA1 values in subscriber database and detect the ones using weak values
The option a) is the best, but not easy to implement if the service provider doesn’t control the devices of the customer (CPE), especially when the customer has no IT/technical background.
The option b) means more or less that the SIP provider performs a dictionary attack against itself. Tools like sipsak, sipp or sipvicious can be used for such task, but they have the drawback of doing quite some processing: build and parsing of SIP messages, plus network communication. The SIP servers with all subscriber accounts have to replicated on different machines, not to overload the production instances.
But, unlike the attacker, the service provider has access to HA1 strings, knows the usernames and realsm, therefore it can skip a lot of processing done by SIP scanning tools and that can save a lot of resources and time.
Not finding quickly an existing implementation for such needs, a tool named md5ha1 has been developed and published on Github, targeting to help doing audits over HA1 values, it is available at:
It has options to load passwords from a file (e.g., 101, 123, …), generate passwords using templates (e.g., %u123 – replace %u with username) from a file or generate passwords using a set of characters with minimum and maximum length (e.g., passwords using only digits with length between 3 and 6). The readme of the project has more details about how md5ha1 can be used.
Hopefully the tool is going to be useful for Kamailio community! Improvements to it are welcome, use Github platform for issues and contributions.
Another development year for Kamailio is gone, the project enters its 15th full season of writing code. Back in 2001, on the 3rd of September, the first commit was made for the project, at that time called SIP Express Router (aka SER), done by Andrei Pelinescu-Onciul at Fraunhofer FOKUS research institute in Berlin, Germany, respectively:
Next year we are preparing to celebrate with a special edition of Kamailio World Conference – be sure you keep it in your plans for 2016.
Since September 2014, Kamailio has released two major versions, 4.2 (Oct 2014) and 4.3 (Jun 2015). Now, after the summer holidays, we are speeding up to get new stuff for next major release, planned to be numbered 4.4 — keep an eye on sr-dev mailing list to stay up to date with what is going to be new and interesting!
A fruitful rest of the year for all Kamailians out there and prepare for the party in 2016!