Hola a todos,
Estoy intentando montar una red IMS con OpenIMSCore y Kamailio. La parte
de OpenIMSCore ya ha sido probada y utilizada con Mobicents. Ahora
quiero cambiar Mobicents por Kamailio. También he instalado Kamailio y
lo ejecuto sin problemas, pero cuando le llegan las publicaciones de la
presencia SIP a este último, me responde con "407 Proxy Authentication
Required". ¿Cómo puedo hacer que el proxy se autentique o evitar que
Kamailio pida dicha autenticación?
El Mensaje publish enviado:
PUBLISH sip:testuser01@open-ims.test SIP/2.0
Route: <sip:ciervo.inf.um.es:5060;lr>,
<sip:iscmark@scscf.open-ims.test:6060;lr;s=1;h=0;d=0;a=7369703a74657374757365723031406f70656e2d696d732e74657374>
Call-ID: K28QO9PYAE5vn3RNdYOkIEddMEd6yDiqeAW7DwSt6XV.
CSeq: 1 PUBLISH
From: "testuser01" <sip:testuser01@open-ims.test>;tag=ff123bda
To: "testuser01" <sip:testuser01@open-ims.test>
Via: SIP/2.0/UDP 155.54.210.135:6060;branch=z9hG4bKa31a.6cba1cd2.0
Via: SIP/2.0/UDP 155.54.210.134:4060;branch=z9hG4bKa31a.71481d13.0;i=1
Via: SIP/2.0/TCP
155.54.190.166:8060;rport=41624;branch=z9hG4bK-d8754z-ce7487ff34be55f9-1---d8754z-
Max-Forwards: 15
Content-Type: application/pidf+xml
Expires: 30000
Event: presence
Contact: <sip:testuser01@155.54.190.166:8060>
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
User-Agent: X-Lite IMS-OSGi-Client 0.1 CVS-Mon_Nov_29_10-14-33_CET_2010
Content-Length: 451
P-Asserted-Identity: <sip:testuser01@open-ims.test>
P-Charging-Vector:
icid-value="P-CSCFabcd000000004cf3708400000002";icid-generated-at=155.54.210.134;orig-ioi="open-ims.test"
<?xml version='1.0' encoding='UTF-8'?><presence
xmlns='urn:ietf:params:xml:ns:pidf'
xmlns:c='urn:ietf:params:xml:ns:pidf:cipid'
xmlns:dm='urn:ietf:params:xml:ns:pidf:data-model'
xmlns:rpid='urn:ietf:params:xml:ns:pidf:rpid'
entity='sip:testuser01@open-ims.test'><tuple
id='t6b9a6ab3'><status><basic>open</basic></status></tuple><dm:person
id='p34b126e5'><rpid:activities><rpid:Online/></rpid:activities><dm:note>Online</dm:note></dm:person></presence>
La respuesta de Kamailio:
SIP/2.0 407 Proxy Authentication Required
Call-ID: K28QO9PYAE5vn3RNdYOkIEddMEd6yDiqeAW7DwSt6XV.
CSeq: 1 PUBLISH
From: "testuser01" <sip:testuser01@open-ims.test>;tag=ff123bda
To: "testuser01"
<sip:testuser01@open-ims.test>;tag=b27e1a1d33761e85846fc98f5f3a7e58.3d3a
Via: SIP/2.0/UDP 155.54.210.135:6060;branch=z9hG4bKa31a.6cba1cd2.0
Via: SIP/2.0/UDP 155.54.210.134:4060;branch=z9hG4bKa31a.71481d13.0;i=1
Via: SIP/2.0/TCP
155.54.190.166:8060;rport=41624;branch=z9hG4bK-d8754z-ce7487ff34be55f9-1---d8754z-
Proxy-Authenticate: Digest realm="open-ims.test",
nonce="TPNwMkzzbwZRE1piAM8yHaXGsXvwS16v"
Server: kamailio (3.1.0 (i386/linux))
Content-Length: 0
Y el log de Kamailio:
5(15391) DEBUG: <core> [parser/msg_parser.c:628]: SIP Request:
5(15391) DEBUG: <core> [parser/msg_parser.c:630]: method: <PUBLISH>
5(15391) DEBUG: <core> [parser/msg_parser.c:632]: uri:
<sip:testuser01@open-ims.test>
5(15391) DEBUG: <core> [parser/msg_parser.c:634]: version: <SIP/2.0>
5(15391) DEBUG: <core> [parser/msg_parser.c:165]: get_hdr_field: cseq
<CSeq>: <1> <PUBLISH>
5(15391) DEBUG: <core> [parser/parse_to.c:803]: end of header reached,
state=10
5(15391) DEBUG: <core> [parser/msg_parser.c:185]: DEBUG: get_hdr_field:
<To> [45]; uri=[sip:testuser01@open-ims.test]
5(15391) DEBUG: <core> [parser/msg_parser.c:187]: DEBUG: to body
["testuser01" <sip:testuser01@open-ims.test>
]
5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type 232,
<branch> = <z9hG4bKa31a.6cba1cd2.0>; state=16
5(15391) DEBUG: <core> [parser/parse_via.c:2300]: end of header
reached, state=5
5(15391) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via
found, flags=2
5(15391) DEBUG: <core> [parser/msg_parser.c:515]: parse_headers: this
is the first via
5(15391) DEBUG: <core> [receive.c:145]: After parse_msg...
5(15391) DEBUG: <core> [receive.c:186]: preparing to run routing scripts...
5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type 232,
<branch> = <z9hG4bKa31a.71481d13.0>; state=6
5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type 236,
<i> = <1>; state=16
5(15391) DEBUG: <core> [parser/parse_via.c:2300]: end of header
reached, state=5
5(15391) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via
found, flags=100
5(15391) DEBUG: <core> [parser/msg_parser.c:526]: parse_headers: this
is the second via
5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type 235,
<rport> = <41624>; state=6
5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type 232,
<branch> = <z9hG4bK-d8754z-ce7487ff34be55f9-1---d8754z->; state=16
5(15391) DEBUG: <core> [parser/parse_via.c:2300]: end of header
reached, state=5
5(15391) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via
found, flags=100
5(15391) DEBUG: maxfwd [mf_funcs.c:85]: value = 15
5(15391) DEBUG: <core> [parser/msg_parser.c:199]: DEBUG: get_hdr_body :
content_length=451
5(15391) DEBUG: <core> [parser/msg_parser.c:101]: found end of header
5(15391) DEBUG: <core> [parser/parse_to.c:174]: DEBUG: add_param:
tag=ff123bda
5(15391) DEBUG: <core> [parser/parse_to.c:803]: end of header reached,
state=29
5(15391) DEBUG: sanity [mod_sanity.c:217]: all sanity checks passed
5(15391) DEBUG: siputils [checks.c:73]: no totag
5(15391) DEBUG: tm [t_lookup.c:1081]: DEBUG: t_check_msg: msg id=1
global id=0 T start=0xffffffff
5(15391) DEBUG: tm [t_lookup.c:528]: t_lookup_request: start searching:
hash=41274, isACK=0
5(15391) DEBUG: tm [t_lookup.c:485]: DEBUG: RFC3261 transaction
matching failed
5(15391) DEBUG: tm [t_lookup.c:711]: DEBUG: t_lookup_request: no
transaction found
5(15391) DEBUG: tm [t_lookup.c:1150]: DEBUG: t_check_msg: msg id=1
global id=1 T end=(nil)
5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info - checking
if host==us: 13==9 && [open-ims.test] == [127.0.0.1]
5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info - checking
if port 5060 matches port 5060
5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info - checking
if host==us: 13==14 && [open-ims.test] == [155.54.190.245]
5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info - checking
if port 5060 matches port 5060
5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info - checking
if host==us: 13==9 && [open-ims.test] == [127.0.0.1]
5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info - checking
if port 5060 matches port 5060
5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info - checking
if host==us: 13==14 && [open-ims.test] == [155.54.190.245]
5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info - checking
if port 5060 matches port 5060
5(15391) DEBUG: auth_db [authorize.c:239]: realm value [open-ims.test]
5(15391) DEBUG: auth [api.c:85]: auth:pre_auth: Credentials with realm
'open-ims.test' not found
5(15391) DEBUG: auth_db [authorize.c:257]: not authenticated
5(15391) DEBUG: auth [challenge.c:102]: build_challenge_hf:
realm='open-ims.test'
5(15391) DEBUG: auth [challenge.c:236]: auth: 'Proxy-Authenticate:
Digest realm="open-ims.test",
nonce="TPNwMkzzbwZRE1piAM8yHaXGsXvwS16v"
'
5(15391) DEBUG: sl [sl.c:278]: reply in stateless mode (sl)
5(15391) DEBUG: <core> [msg_translator.c:207]:
check_via_address(155.54.210.135, 155.54.210.135, 0)
5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
destroying list (nil)
5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
destroying list (nil)
5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
destroying list (nil)
5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
destroying list (nil)
5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
destroying list (nil)
5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
destroying list (nil)
5(15391) DEBUG: <core> [receive.c:289]: receive_msg: cleaning up
Muchas gracias,
Andrés.
--
-----------------------
Andrés S. García Ruiz
-----------------------
e-mail: asgarcia(a)um.es
Teléfono: (+34) 868 888258
Dpto. de Ingeniería de la Información y las Comunicaciones
Facultad de Informática
Universidad de Murcia
30100 Campus de Espinardo
Show replies by date
El día 29 de noviembre de 2010 10:40, "Andrés S. García Ruiz"
<asgarcia(a)um.es> escribió:
¿Cómo puedo hacer que el proxy se autentique o evitar
que Kamailio pida
dicha autenticación?
Simplemente no pidas auth cuando el request viene desde una IP
trusted. Lo puedes configurar a mano (if $si == "1.2.3.4) o usando el
módulo "permissions").
--
Iñaki Baz Castillo
<ibc(a)aliax.net>