RTPengine install - CentOS/RHEL 7
Complete guide for installing RTPengine on a CentOS 7 or RHEL 7 server
What RTPengine is
RTPengine is a proxy for RTP traffic, typically used with a SIP Proxy (e.g. Kamailio) to decouple RTP audio stream between a caller and a callee, useful for example in scenarios where the caller is on a public network while the callee is confined within a private subnet.
Update your system and install the latest kernel
yum update
yum install kernel-devel
yum update kernel
reboot
Install iptables
systemctl stop firewalld
systemctl disable firewalld
yum install iptables-services iptables-devel
systemctl enable iptables.service
systemctl start iptables.service
iptables -F
service iptables save
Check that iptables service is up & running
systemctl status iptables.service
Install the Linux packages needed to compile RTPengine
Here we need to make a first distinction, because some of the necessary packages belong to the EPEL repository (Extra Packages Enterprise Linux) and the repository installation methods are different between RHEL and CentOS (https://docs.fedoraproject.org/en-US/ epel/#_el7).
EPEL on CentOS
yum install epel-release
EPEL on RedHat
subscription-manager repos --enable rhel-*-optional-rpms \
--enable rhel-*-extras-rpms \
--enable rhel-ha-for-rhel-*-server-rpms
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Package setups
yum install glib glib-devel gcc zlib zlib-devel openssl openssl-devel pcre pcre-devel libcurl libcurl-devel xmlrpc-c xmlrpc-c-devel wget
yum install libevent-devel glib2-devel json-c-devel json-glib json-glib-devel gperf libpcap-devel git perl-IPC-Cmd libiptcdata-devel libiptcdata-devel hiredis hiredis-devel redis iptables-devel libwebsockets-devel
yum install spandsp spandsp-devel
Install FFmpeg
Here there is a second distinction to make, because the rpm versions change over time, it is recommended to check the released version of FFmpeg at the link https://download1.rpmfusion.org/free/el/updates/7/x86_64/ f/.
rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
yum install http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
yum localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm
yum localinstall --nogpgcheck http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/Packages/opus-1.3-0.4.beta.el8.x86_64.rpm
yum localinstall --nogpgcheck http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/Packages/opus-devel-1.3-0.4.beta.el8.x86_64.rpm
mkdir /usr/src/ffmpeg_rpms
cd /usr/src/ffmpeg_rpms/
wget https://download1.rpmfusion.org/free/el/updates/7/x86_64/f/ffmpeg-devel-3.4.12-1.el7.x86_64.rpm
wget https://download1.rpmfusion.org/free/el/updates/7/x86_64/l/libavdevice-3.4.12-1.el7.x86_64.rpm
wget https://download1.rpmfusion.org/free/el/updates/7/x86_64/f/ffmpeg-3.4.12-1.el7.x86_64.rpm
wget https://forensics.cert.org/centos/cert/7/x86_64/ffmpeg-libs-2.6.8-3.el7.nux.x86_64.rpm
yum localinstall *.rpm
yum install bcg729 bcg729-devel
Install MariaDB
MariaDB is required to compile RTPengine correctly
yum install mariadb-devel mariadb-client mariadb-shared
Compile and install RTPengine
cd /usr/src/
git clone https://github.com/sipwise/rtpengine.git rtpengine
cd /usr/src/rtpengine
cd /usr/src/rtpengine/daemon
make
cp -fr rtpengine /usr/sbin/rtpengine
cp -fr rtpengine /usr/local/bin/rtpengine
Compile and install the iptables extensions
cd /usr/src/rtpengine/iptables-extension
make all
cp -fr libxt_RTPENGINE.so /usr/lib64/xtables/.
Compile and install the kernel module xt_RTPENGINE
cd /usr/src/rtpengine/kernel-module
make
cp -fr xt_RTPENGINE.ko /lib/modules/`uname -r`/extra/xt_RTPENGINE.ko
depmod -a
modprobe -v xt_RTPENGINE
Check that the kernel module has been loaded
lsmod | grep xt_RTPENGINE
Configure kernel module startup at system boot
echo "# load xt_RTPENGINE module" >> /etc/modules-load.d/rtpengine.conf
echo "xt_RTPENGINE" >> /etc/modules-load.d/rtpengine.conf
Check if RTPEngine is accessible
ls -l /proc/rtpengine/control | grep root
you should se something like
--w--w----. 1 root root 0 10 gen 12.31 /proc/rtpengine/control
and then
ls -l /proc/rtpengine/list
and you should se something like
-r--r--r--. 1 root root 0 10 gen 12.32 /proc/rtpengine/list
Configuration
The configuration file is /etc/sysconfig/rtpengine and to proceed with the correct configuration you need to know the external IP exposed by the system, to be replaced in 999.999.999.999. All configuration parameters are described here.
echo "OPTIONS=\"-i 999.999.999.999 -n 127.0.0.1:2223 -m 23000 -M 23100 -L 4 --log-facility=local1 --table=8 --delete-delay=0 --timeout=60 --silent-timeout=600 --final-timeout=7200 --offer-timeout=60 --num-threads=12 --tos=184 –no-fallback\"" > /etc/sysconfig/rtpengine
Configuring log
With the configuration parameters used above, RTPengine will produce logs within the facility local1 (–log-facility=local1), so to manage them correctly you can add the following line to the file /etc/rsyslog.conf
#rtpengine log
local1.* -/var/log/rtpengine/rtpengine.log
We can also disable writing log in the messages
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;local0.none;local1.none /var/log/messages
And then configure the log rotation, adding the file /etc/logrotate.d/rtpengine
/var/log/rtpengine/rtpengine.log {
daily
rotate 4
missingok
dateext
copytruncate
compress
}
Finally create the folder and the file where the logs will be produced
mkdir -p /var/log/rtpengine
touch /var/log/rtpengine/rtpengine.log
systemctl restart rsyslog
Configuring RTPengine service
To start and manage RTPengine as a service we can create the unit file /etc/systemd/system/rtpengine.service
[Unit]
Description=Kernel based rtp proxy
After=syslog.target
After=network-online.target
After=iptables.service
Requires=network-online.target
[Service]
Type=forking
PIDFile=/var/run/rtpengine.pid
EnvironmentFile=-/etc/sysconfig/rtpengine
ExecStart=/usr/local/bin/rtpengine -p /var/run/rtpengine.pid $OPTIONS
Restart=on-abort
[Install]
WantedBy=multi-user.target
Starting the service
mkdir -p /var/spool/rtpengine
systemctl enable rtpengine.service
systemctl start rtpengine.service