have you tried that hikkup to intercept traffic?
No, hikkup cannot work for me. There is nothing to intercept. From its README:
… After this, power your wifi doorbell and make sure it connects to the same network as your PC resides in …
In my setup neither doorbell nor intercom is connected to my network.
Indeed, you don’t have acces to it :+(
Too bad indeed
Could you please share this sip.py script? I’m very interested to try the SIP approach with Hikvision Indoor Station. Thank you.
here you go… it can be used as a shell command
or you can just use asterisk and register a trunk on the indoor station
Remember, video doesnt forward to the softphone, i dont know why…
Thank you for sharing the script. The indoor station model I have is DS-KH8520-WTE1:
https://www.hikvision.com/en/products/Video-Intercom-Products/IP-Series/Pro-Series/ds-kh8520-wte1/
I did try the Asterisk add-on configured with trunk settings, according the instructions at your GitHub.
Unfortunately, this indoor station seems to not have the UDP port 5065 open, therefore Asterisk logs just show connection error.
There is any other configuration to be made using iVMS-4200? (besides the screenshot at your GitHub page)
Once again thank you for your help. Truly appreciated.
Hmm, no, no extra settings needed, by default normally 5065 should be open…
Do you perhaps have 2 indoor stations, otherwise you could Wireshark it…
Have you tried to run a portscan on the device ? Maybe it’s another port
The UDP port 5065 is actually open! I got confuse with the log message “No response received from ‘sip:10.9.4.2:5065’ on registration attempt”, sorry about that.
But not got working yet, hopefully you can help.
IP Addresses:
Asterisk IP: 10.9.1.2
Indoor Station IP: 10.9.4.2
Here is how the Intercom → Extension Settings are configured (via iVMS-4200):
Device Type: Indoor Extension
Serial No.: EXTENSION
IP Address: 10.9.1.2
Gateway: 10.9.0.1
Subnet Mask: 255.255.0.0
Password: ThePassword
SIP No.: 10000000002
No.: 2
And here is the pjsip_custom.conf
(Asterisk Trunk):
[siptrunk-auth]
type=auth
auth_type=userpass
username=10000000002
password=ThePassword
[siptrunk-aor]
type=aor
contact=sip:10.9.4.2:5065
[siptrunk-registration]
type=registration
outbound_auth=siptrunk-auth
server_uri=sip:10.9.4.2:5065
client_uri=sip:[email protected]:5065
contact_user=10000000002
retry_interval=10
expiration=600
[siptrunk-endpoint]
type=endpoint
context=default
disallow=all
allow=ulaw,alaw,h264,vp8
outbound_auth=siptrunk-auth
aors=siptrunk-aor
rewrite_contact=yes
;from_domain=mydomain.com
[siptrunk-identify]
type=identify
endpoint=siptrunk-endpoint
match=10.9.4.2
Asterisk logs:
[Oct 24 10:44:33] WARNING[361]: res_pjsip_registrar.c:1166 find_registrar_aor: AOR '' not found for endpoint 'siptrunk-endpoint' (10.9.4.2:5065)
[Oct 24 10:44:33] WARNING[361]: res_pjsip_registrar.c:1166 find_registrar_aor: AOR '' not found for endpoint 'siptrunk-endpoint' (10.9.4.2:5065)
[Oct 24 10:44:34] WARNING[361]: res_pjsip_registrar.c:1166 find_registrar_aor: AOR '' not found for endpoint 'siptrunk-endpoint' (10.9.4.2:5065)
[Oct 24 10:44:36] WARNING[361]: res_pjsip_registrar.c:1166 find_registrar_aor: AOR '' not found for endpoint 'siptrunk-endpoint' (10.9.4.2:5065)
[Oct 24 10:44:40] WARNING[361]: res_pjsip_registrar.c:1166 find_registrar_aor: AOR '' not found for endpoint 'siptrunk-endpoint' (10.9.4.2:5065)
[Oct 24 10:44:44] WARNING[361]: res_pjsip_registrar.c:1166 find_registrar_aor: AOR '' not found for endpoint 'siptrunk-endpoint' (10.9.4.2:5065)
[Oct 24 10:44:48] WARNING[361]: res_pjsip_registrar.c:1166 find_registrar_aor: AOR '' not found for endpoint 'siptrunk-endpoint' (10.9.4.2:5065)
[Oct 24 10:44:52] WARNING[361]: res_pjsip_registrar.c:1166 find_registrar_aor: AOR '' not found for endpoint 'siptrunk-endpoint' (10.9.4.2:5065)
[Oct 24 10:44:56] WARNING[361]: res_pjsip_registrar.c:1166 find_registrar_aor: AOR '' not found for endpoint 'siptrunk-endpoint' (10.9.4.2:5065)
[Oct 24 10:45:00] WARNING[361]: res_pjsip_registrar.c:1166 find_registrar_aor: AOR '' not found for endpoint 'siptrunk-endpoint' (10.9.4.2:5065)
[Oct 24 10:45:04] WARNING[361]: res_pjsip_registrar.c:1166 find_registrar_aor: AOR '' not found for endpoint 'siptrunk-endpoint' (10.9.4.2:5065)
[Oct 24 10:45:05] WARNING[361]: res_pjsip_outbound_registration.c:908 schedule_retry: No response received from 'sip:10.9.4.2:5065' on registration attempt to 'sip:[email protected]:5065', retrying in '10'
TCPDump:
10:44:33.684339 IP (tos 0x0, ttl 64, id 48139, offset 0, flags [DF], proto UDP (17), length 571)
10.9.1.2.sip > 10.9.4.2.5065: [bad udp cksum 0x1b4e -> 0x2f93!] SIP, length: 543
REGISTER sip:10.9.4.2:5065 SIP/2.0
Via: SIP/2.0/UDP 10.9.1.2:5060;rport;branch=z9hG4bKPj5c9dc0a8-eca3-489c-ab5d-c05509fe598d
From: <sip:[email protected]>;tag=52909919-953e-445e-ab79-f05f9c10853a
To: <sip:[email protected]>
Call-ID: 3512cd47-2d92-4e60-b5e1-ec5a13a51dda
CSeq: 4585 REGISTER
Contact: <sip:[email protected]:5060>
Expires: 600
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
Max-Forwards: 70
User-Agent: Asterisk PBX 18.14.0
Content-Length: 0
10:44:33.686966 IP (tos 0x0, ttl 64, id 43241, offset 0, flags [DF], proto UDP (17), length 659)
10.9.4.2.5065 > 10.9.1.2.sip: [udp sum ok] SIP, length: 631
REGISTER sip:10.9.4.2:5065 SIP/2.0
Via: SIP/2.0/UDP 10.9.1.2:5060;rport=5060;branch=z9hG4bKPj5c9dc0a8-eca3-489c-ab5d-c05509fe598d
From: <sip:[email protected]>;tag=52909919-953e-445e-ab79-f05f9c10853a
To: <sip:[email protected]>
Call-ID: 3512cd47-2d92-4e60-b5e1-ec5a13a51dda
CSeq: 4585 REGISTER
Contact: <sip:[email protected]:5060>
Allow: OPTIONS
Allow: REGISTER
Allow: SUBSCRIBE
Allow: NOTIFY
Allow: PUBLISH
Allow: INVITE
Allow: ACK
Allow: BYE
Allow: CANCEL
Allow: UPDATE
Allow: PRACK
Allow: MESSAGE
Allow: REFER
Expires: 600
Max-forwards: 70
User-agent: Asterisk PBX 18.14.0
Content-Length: 0
...
10:44:33.687453 IP (tos 0x0, ttl 64, id 48142, offset 0, flags [DF], proto UDP (17), length 442)
10.9.1.2.sip > 10.9.4.2.5065: [bad udp cksum 0x1acd -> 0x6ca9!] SIP, length: 414
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 10.9.1.2:5060;rport=5065;received=10.9.4.2;branch=z9hG4bKPj5c9dc0a8-eca3-489c-ab5d-c05509fe598d
Call-ID: 3512cd47-2d92-4e60-b5e1-ec5a13a51dda
From: <sip:[email protected]>;tag=52909919-953e-445e-ab79-f05f9c10853a
To: <sip:[email protected]>;tag=z9hG4bKPj5c9dc0a8-eca3-489c-ab5d-c05509fe598d
CSeq: 4585 REGISTER
Server: Asterisk PBX 18.14.0
Content-Length: 0
Not sure what is happening, it seems the the AOR is not being found for the endpoint.
Note: I did not configure any dialplan for the trunk, not sure if is this needed.
Thank you.
hi, see my config below, with ivms i added a second indoor station with NO “5”, it creates then: 10000000005, and i gave it some fake SN…
192.168.0.17 is Asterisk, 192.168.0.71 is the indoorstation , in my screenshot below .72 is some other real indoor station, but not related
[mytrunk-auth]
type=auth
auth_type=userpass
password=XXX
username=10000000005
[mytrunk-aor]
type=aor
contact=sip:192.168.0.71:5065
[mytrunk-registration]
type=registration
outbound_auth=mytrunk-auth
server_uri=sip:192.168.0.71:5065
client_uri=sip:[email protected]:5065
retry_interval=10
contact_user=10000000005
expiration=600
[mytrunk]
type=endpoint
context=default
disallow=all
allow=ulaw,alaw
allow=h264,vp8
outbound_auth=mytrunk-auth
aors=mytrunk-aor
rewrite_contact=yes
from_domain=XXX.com
[mytrunk]
type=identify
endpoint=mytrunk
match=192.168.0.71
It seems your indoor device is not finding the asterisk I think, therefore the 404?
Do you also setup the indoor device with 255.255.0.0 and correct gateway? Maybe as a test , setup asterisk on the same subnet?? Maybe those Hikvision devices are not smart enough to handle other IP ranges
HA and the Indoor Station are in the same subnet.
I did some troubleshooting based in your script. First emulated the REGISTER request from asterisk, the indoor station replied the same way (basically the reply is a plain copy of the request, this is why all the errors on the Asterisk logs).
After that I just added the following XML body to the request (along with the corresponding Content-Length
):
<regXML>
<version>V2.0.0</version>
<regDevName>Asterisk</regDevName>
<regDevSerial>Q12345678</regDevSerial>
<regDevMacAddr>02:11:32:29:12:A4</regDevMacAddr>
</regXML>
The indoor station replied 401, asking for authentication (as expected).
So I added the Authorization header the same way as in your script and got 200 OK!!! Checking on iVMS-4200 the extension indeed got registered.
It seems my indoor station needs the xml body, I am now trying to figured out how to inject this xml to the Asterisk register request.
Any suggestion are welcome.
Thanks.
Hi , well, that’s not possible … You can’t modify the register request in asterisk, it’s not possible to add those headers … But normally it’s not needed if you have added the device first with ivms…
It works for me… Should also work on your device
Another road , if the script works, just run the script in background on HA start with an automation (the script doest have a RE-REGISTER every xx min)…
Then just setup a trunk on asterisk , but based on IP auth, not on user pass, because its already registered, it will forward the call to asterisk… (invite)
I also have a pjsip example of that, it’s an easy one…v , just launch the script from the same IP where asterisk is running, your script does the REGISTER, on INVITE Asterisk will accept it:
; ######################################## TRUNK HIKVISION RELAY
;[hikvision]
;type=aor
;contact=sip:[email protected]:5060
;[hikvision]
;type=endpoint
;context=default
;disallow=all
;allow=ulaw,alaw
;allow=h264,vp8
;aors=hikvision
;direct_media=no
;[hikvision]
;type=identify
;endpoint=hikvision
;match=192.168.0.71
Is there a reason why you want the approach based on registering on indoor? Because only advantage is that you can see the early preview on all indoor panels…
Also, where/how did you modify the script? Because I was already sending the regxlm part with content length? It was already included? I indeed started with the script, but after testing I found out that the regxlm was not needed at all, if you add the device first with ivms
I thought it so, I found your posts about this in some PBX forums. I was even considering recompile asterisk with this functionality, but…
This would be perfect in my case, I will give a shot!!
I created a very simple script just for debug the sip registration process, making small changes to the request to find-out where/why asterisk was failing. From your code I copied some parts, such as the Packet
class, the method http_auth
, etc.
Thank you.
ah, that makes sense, its still strange tough that it fails on your end, when i dont add the device firsr in IVMS, i cant register, i believe with an 401 error, when i added the device with a fake SN , then it indeed registers, the username is the only important one, it should match with the register
Also whats important, that you run asterisk on 5060 , i think the comm from indoor back to client, is always hardcoded on 5060 (probably not changable on indoor devices)
you can use indeed my script, its complete, it even intercepts invite messages
I was also think into compiling extra headers in Asterisk, but thats beyond my knowledge
I also have another addon, based on OpenSips, that one is able to send extra body headers in the REGISTER, buts its offcourse an overkill vs the script
But remember, video is not forwarding , i dont know why, was not able to find the root cause, but for me the most important one, was that i still have EARLY video on my indoor… if you configure the default SIP settings on the device, this was not possible
I am using Linhome/Linphone, and i modified it, to inject manually an RTSP stream in the call as early preview and while in call…
i used this project : GitHub - alexeyvasilyev/rtsp-client-android: Lightweight RTSP client library for Android
So now i have early video on INDOOR as well on my softphone client… And even if asterisk/HA is down, my indoor stay working
Also have a thread opened here below, what the issue could be that video is not going to the registered endpoint… it should work, because my second indoor station does have video, on the asterisk registered doesnt have video
but never got any response
Here the same, I also want keep the normal Hikvision functionalities working, independently if HA is up and running or not.
Good news: your suggestion of registering asterisk as extension of the main indoor station using the py script in HA worked!! I had to configure an automation to execute the script every 10 min, otherwise the “extension” gets unregistered.
Pressing the button on the door station (DS-KD8003) sends an INVITE request to Asterisk, but I still don’t have the dialplan configured for this endpoint. So Asterisk just logs the following:
[Oct 25 12:45:08] WARNING[422][C-00000001]: pjsip/dialplan_functions.c:1018 pjsip_acf_dial_contacts_read: Specified endpoint '10000000002' was not found
[Oct 25 12:45:08] -- Executing [10000000002@default:1] Dial("PJSIP/hikvision-00000000", "") in new stack
[Oct 25 12:45:08] -- No devices or endpoints to dial (technology/resource)
[Oct 25 12:45:08] -- Auto fallthrough, channel 'PJSIP/hikvision-00000000' status is 'CHANUNAVAIL'
Do you mind to also share the dialplan config for this case?
Thanks in advance.
Regarding the video: I am already using the RTSP stream from KD8003, this should be enough for my use case. Anyway, I will take a look on the linked thread as soon as I get the asterisk fully working for voice call.
Yeah, you can also setup a shell sensor with a scan interval like any 15 min… Or use my script, it has an reregister included…
For the dialplan , it’s easy, just start with 100000002 and then the rest… I can share offcourse later
Is your usecase to call to softphones? Or use the sip Lovelace card? Then indeed the rtsp is enough
Lovelace card. Just want be able to answer the intercom remotely.
The dialplan syntax is new for me, still trying to understand. This is what I have so far:
exten => 10000000002,1,Dial(${PJSIP_DIAL_CONTACTS(100)},30)
Basically I want redirect a call from the intercom to an asterisk user, in this case the user 100.
However, despite the add-on have created the user 100 automatically, ${PJSIP_DIAL_CONTACTS(100)}
is returning an empty string. Here is the log:
[Oct 25 14:54:04] -- Executing [10000000002@default:1] Dial("PJSIP/hikvision-00000000", ",30") in new stack
[Oct 25 14:54:04] -- No devices or endpoints to dial (technology/resource)
[Oct 25 14:54:04] -- Auto fallthrough, channel 'PJSIP/hikvision-00000000' status is 'CHANUNAVAIL'
It must be something wrong with this dialplan.
NVM - the dialplan is correct. The issue was with lovelace card configuration. The ‘person’ must have password, without it does not register with asterisk.