# Installation from package repository You can install Kamailio from APT repos: ```text sudo apt-get install kamailio kamailio-websocket-modules kamailio-mysql-modules kamailio-tls-modules kamailio-presence-modules mysql-server ``` # Configuration Files Configuration files are located in /etc/kamailio/ folder. Copy: kamailio into /etc/kamailio/ rtpengine into /etc/rtpengine fail2ban into /etc/fail2ban `kamctlrc` The /etc/kamailio/kamctlrc is the configuration file for kamctl and kamdbctl tools. You need to edit it and set the SIP\_DOMAIN to your SIP service domain (or IP address if you don't have a DNS hostname associated with your SIP service). Set also the DBENGINE to be MYSQL and adjust other setting as you want. Very important are the passwords to connect to MySQL server, respectively DBRWPW and DBROPW. By default, their values are kamailiorw and kamailioro. You should change them before executing kamdbctl create (step detailed the section Create Database). `kamailio.cfg` The /etc/kamailio/kamailio.cfg is the configuration file for kamailio. Edit it to enable some of the features shipped with it. To enable use of MySQL server backend, user authentication and persistent user location, add after the first line: ```text #!define WITH_MYSQL #!define WITH_AUTH #!define WITH_USRLOCDB ``` For a more detailed configuration, see [our Kamailio docs](http://194.226.0.195:32127/telecom/kamailio). ## Create Database To create the database structure needed by Kamailio, run: ```text kamdbctl create ``` The database name created in MySQL is kamailio. Two access users to MySQL server were created: `kamailio` - (with password set by DBRWPW in kamctlrc) - user which has full access rights to kamailio database `kamailioro` - ((with password set by DBROPW in kamctlrc) - user which has read-only access rights to kamailio database The access for the two users is restricted to localhost, but as advised above, it is recommended to change their default passwords. If you changed the value of DBRWPW in kamctlrc, you must update the value of DBURL define inside kamailio.cfg. ```text #!define DBURL "mysql://kamailio:_NEW_DBRWPW_@localhost/kamailio" ``` > Alternavely, you can use [our SQL script](http://194.226.0.195:32127/telecom/kamailio/db) to configure database. {.is-info} ## Startup Scripts ### Init.d Scripts Depending on startup system, you may have an /etc/init.d/kamailio script that you can use to start/stop kamailio. First you should edit /etc/default/kamailio and adjust the setting for kamailio startup script, in particular the one that enables kamailio to start. ```text sudo /etc/init.d/kamailio start sudo /etc/init.d/kamailio stop ``` ### Systemd Scripts If the default startup system is systemd, then kamailio can be managed via systemctl: ```text sudo systemctl start kamailio sudo systemctl stop kamailio ``` First you may also need to edit /etc/default/kamailio and adjust the setting for kamailio startup script, in particular the one that enables kamailio to start. ## Adding Subscribers To add subscribers (users), you can use the kamctl command: ```text kamctl add userid password ``` Then you can configure your phone to register to Kamailio using the username and password set in the above command. ## Reading logs You can print Kamailio logs from journalctl into file: ```text sudo journalctl -eu kamailio -f > kamailio.log vim kamailio.log ``` # Installing RTPengine 1. Clone the RTPengine repo: ```text git clone https://github.com/sipwise/rtpengine.git cd rtpengine ``` 1. Install the necessary dependencies: ```text sudo apt install debhelper-compat libmysqlclient-dev gperf libavcodec-dev libavfilter-dev libavformat-dev libavutil-dev libbencode-perl libcrypt-openssl-rsa-perl libcrypt-rijndael-perl libcurl4-openssl-dev libdigest-crc-perl libdigest-hmac-perl libevent-dev libglib2.0-dev libhiredis-dev libio-multiplex-perl libio-socket-inet6-perl libiptc-dev libjson-glib-dev libjson-perl libmosquitto-dev libnet-interface-perl libopus-dev libpcre3-dev libsocket6-perl libspandsp-dev libswresample-dev libsystemd-dev libwebsockets-dev libxmlrpc-core-c3-dev libxtables-dev markdown python3-websockets ``` 1. Install the bcg729 library: ```text VER=1.0.4 curl https://codeload.github.com/BelledonneCommunications/bcg729/tar.gz/$VER >bcg729_$VER.orig.tar.gz tar zxf bcg729_$VER.orig.tar.gz cd bcg729-$VER git clone https://github.com/ossobv/bcg729-deb.git debian dpkg-buildpackage -us -uc -sa -b -rfakeroot cd ../ dpkg -i libbcg729-*.deb ``` 1. Check the RTPengine dependencies again: ```text dpkg-checkbuilddeps ``` 1. Bulid the deb packages: ```text dpkg-buildpackage --no-sign ``` > To fix the installation error: > > ```text > invoke-rc.d: syntax error: unknown option "--skip-systemd-native" > dpkg: error processing package ngcp-rtpengine-daemon (--install): > ``` > > You need to put the init-system-helpers from bionic-backports to do this by adding the source to /etc/apt/sources.list: > > ```text > deb http://archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse > ``` > > Create the file /etc/apt/preferences.d/init-system-helpers with following content: > > ```text > Package: init-system-helpers > Pin: release a=bionic-backports > Pin-Priority: 500 > ``` > > Install the package: > > ```text > apt update > apt install init-system-helpers > ``` {.is-warning} 1. Install the RTPengine: ```text dpkg -i ngcp-rtpengine-daemon_*.deb dpkg -i ngcp-rtpengine-iptables_*.deb dpkg -i ngcp-rtpengine-kernel-dkms_*.deb dpkg -i ngcp-rtpengine-kernel-source_*.deb dpkg -i ngcp-rtpengine-recording-daemon_*.deb dpkg -i ngcp-rtpengine-utils_*.deb dpkg -i ngcp-rtpengine_*.deb ``` ## Configure RTPengine ```text [rtpengine] table = -1 interface = pub/ listen-ng = 127.0.0.1:16400 listen-udp = 16401 timeout = 60 silent-timeout = 3600 tos = 184 port-min = 16384 port-max = 16485 log-level = 7 log-facility = daemon log-facility-cdr = local0 log-facility-rtcp = local1 ``` ## Reading logs You can print RTPengine logs from journalctl into file: ```text sudo journalctl -eu ngcp-rtpengine-daemon -f > rtpengine.log vim rtpengine.log ``` # Kamailio configuration ## Preprocessor directives Kamailio configuration supports preprocessor directives to set constants. See about configuration language on [official site](http://www.kamailio.org/wiki/cookbooks/devel/core). At first we should define constants which activate some Kamailio features: ```text #!define WITH_DEBUG #!define WITH_MYSQL #!define WITH_AUTH #!define WITH_WEBSOCKETS #!define WITH_LOCALHOST_WS #!define WITH_NAT #!define WITH_LOCALHOST_SIP #!define WITH_TLS #!define WITH_RTPENGINE #!define WITH_ANTIFLOOD ``` After that we can define the constants we are going to use in our configuration (adresses, ports, etc.): ```text #!substdef "!MY_SIP_PORT!5060!g" #!substdef "!MY_SIPS_PORT!5061!g" #!substdef "!MY_WS_PORT!8080!g" #!substdef "!MY_WSS_PORT!8089!g" #!substdef "!MY_IP4_ADDR!!g" #!substdef "!MY_IP4_LOCAL_ADDR!!g" #!substdef "!IP4_LOCALHOST!127.0.0.1!g" #!substdef "!MY_WS4_ADDR!tcp:MY_IP4_ADDR:MY_WS_PORT!g" #!substdef "!MY_WSS4_ADDR!tls:MY_IP4_ADDR:MY_WSS_PORT!g" #!substdef "!LOCALHOST_WS4_ADDR!tcp:IP4_LOCALHOST:MY_WS_PORT!g" #!substdef "!LOCALHOST_WSS4_ADDR!tls:IP4_LOCALHOST:MY_WSS_PORT!g" ``` ## Addresses Set up listening IP addresses: ```text #listen=MY_IP4_ADDR #!ifdef WITH_LOCALHOST_SIP listen=IP4_LOCALHOST #!endif #!endif ##!ifdef WITH_NAT #listen=udp:MY_IP4_LOCAL_ADDR:5060 #listen=tcp:MY_IP4_LOCAL_ADDR:5060 #listen=udp:MY_IP4_LOCAL_ADDR:5060 advertise MY_IP4_ADDR:5060 #listen=tcp:MY_IP4_LOCAL_ADDR:5060 advertise MY_IP4_ADDR:5060 ##!endif #!ifdef WITH_WEBSOCKETS listen=MY_WS4_ADDR #!ifdef WITH_LOCALHOST_WS listen=LOCALHOST_WS4_ADDR #!endif #!ifdef WITH_TLS listen=MY_WSS4_ADDR #!ifdef WITH_LOCALHOST_WS listen=LOCALHOST_WSS4_ADDR #!endif #!endif #!endif ``` Do not forget to configure alias: ```text /* add local domain aliases */ alias="your.domain.com" ``` ## Generate certificate **Let’s Encrypt** is a service offering free SSL certificates through an automated API. The most popular Let’s Encrypt client is EFF’s **Certbot**. Install Certbot: ```text sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot ``` Certbot needs to answer a cryptographic challenge issued by the Let’s Encrypt API in order to prove we control our domain. It uses ports 80 (HTTP) or 443 (HTTPS) to accomplish this. Open up the appropriate port in your firewall: ```text sudo ufw allow 80 ``` Substitute 443 above if that’s the port you’re using. ufw will output confirmation that your rule was added: > Output Rule added Rule added (v6) {.is-success} We can now run Certbot to get our certificate. We’ll use the --standalone option to tell Certbot to handle the challenge using its own built-in web server. The --preferred-challenges option instructs Certbot to use port 80 or port 443. If you’re using port 80, you want --preferred-challenges http. For port 443 it would be --preferred-challenges tls-sni. Finally, the -d flag is used to specify the domain you’re requesting a certificate for. You can add multiple -d options to cover multiple domains in one certificate. ```text sudo certbot certonly --standalone --preferred-challenges http -d example.com ``` Add cerificates to Kamailio: ```text [server:default] method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/privkey.pem certificate = /etc/kamailio/keys/cert.pem ```