Hi list,
I have a problem where my SER is supposed to be authenticating a user
out from the radius server, but it doesn't contact the radius server.
When I sniff the ethernet I can see it doing DNS lookups (incl answers)
on the radius server but it never actually sends radius packets.
It even does PTR lookups on the IP address, but still nothing.
If anyone has any ideas of why this his happening, please help me :)
Thanks,
Patrick
just a question,
Am i dummy or my questions are so complicated?
Or banned maybe :(
I never ave an answer to my questions, very disapointing...
Regards,
Olivier
Using logic similar to the Onsip.org config file i'm doing call forward
no-answer using a TM timer, when the call is forwarded OSER sends a
cancel to the original client which responds with a "200 OK". OSER
doesn't seem to process this 200 ok, generating an error and resending
the CANCEL message.
Running OSER in debug level 5 shows that OSER was not able to match the
"200 OK" to the CANCEL message
Below is a trace of exchange, the following error is recorded in the
debug log
--
get_hdr_field: cseq <CSeq>: <102> <CANCEL>
header field type 5, name=<CSeq>, body=<102 CANCEL>
DEBUG: t_reply_matching: hash 44785 label 1883536846 branch 0
DEBUG: t_reply_matching: no matching transaction exists
DEBUG: t_reply_matching: failure to match a transaction
DEBUG: t_check: msg id=3 global id=3 T end=(nil)
....
ERROR: forward_reply: no 2nd via found in reply
--
#
U OSER_PROXY:15061 -> SIP_UAC:5060
CANCEL sip:200110005333@192.168.99.240:5060 SIP/2.0.
Via: SIP/2.0/UDP OSER_PROXY:15061;branch=z9hG4bKb3b2.9e597b73.0.
From: tavis <sip:200110005334@OSER_PROXY:15061>;tag=d478d8ef4036cbffo0.
Call-ID: c818cfaf-edd9443f(a)192.168.99.66.
To: <sip:200110005333@OSER_PROXY:15061>.
CSeq: 102 CANCEL.
Content-Length: 0.
.
#
U SIP_UAC:5060 -> OSER_PROXY:15061
SIP/2.0 200 OK.
Via: SIP/2.0/UDP OSER_PROXY:15061;branch=z9hG4bKb3b2.9e597b73.0.
From: tavis <sip:200110005334@OSER_PROXY:15061>;tag=d478d8ef4036cbffo0.
To:
<sip:200110005333@OSER_PROXY:15061>;tag=00055e7cd6f33c1a551406a2-75f29afe.
Call-ID: c818cfaf-edd9443f(a)192.168.99.66.
CSeq: 102 CANCEL.
Server: Cisco-CP7960G/7.5.
Content-Length: 0.
.
Hi Klaus,
> Alexander Philipp Lintenhofer wrote:
>
>> Hi Klaus,
>>
>> TLS: Is this feature already tested with version 0.10.x? Is it
>> necessary that
>> both proxies are under the same root-CA or is it possible to define
>> different
>
>
> up to now I did not tested it, I just read the README. If I understand
> it correctly, than you can import as man CA certs as you like.
OK, that is also my state of information. So you import the root
certificates of
all trusted domains with which you want authentification.
>
>> trust anchors by distributing root certificates? Or do I need a
>> cross-path
>> mechanism to deal with this problem?
>
>
> At the moment I'm having problems figuring out how the server
> certificate must look like.
The standard is X509v3.
> e.g. a lookup for sip:klaus@example.net may lead to another domain
> using SRV. Which domain must be in the certificate? Where in the
> certificate (Subject? Subject alternative name? ...)
The SRV-Request yields the resonsible sipserver of example.net.
According to
RFC3261 the subject of the certificate must correspond to the canonical
hostname of this server.
I believe that your outbound proxy exchanges his certificate with the
inbound of
example.net for mutual authentification. So regarding RFC 2246 both need
a way
to validate the other cert. -> ?
regards,
philipp
>
>>
>>> proxy2proxy authentication is usually done by TLS.
>>>
>>> The problem is that both proxies use different nonce to
>>> authenticate. You can try to set the secret on both proxies:
>>> http://openser.org/docs/modules/0.10.x/auth.html#AEN62
>>>
>>> regards
>>> klaus
>>>
>>> Taras Bendik wrote:
>>>
>>>> Situation:
>>>> client1 ----->openser1 ----> openser2 ---->client2
>>>> Both openser have same accounts (user/pass)
>>>>
>>>> When im not using proxy authentification it works ok.
>>>> If i use it it gives me 407
>>>>
>>>> i have tried to use following
>>>> http://www.voice-system.ro/docs/uac/ar01s06.html#ex_auth
>>>>
>>>> and always goes executing this part
>>>> if (isflagset(7)) {
>>>> t_reply("503","Authentication failed");
>>>> break;
>>>> }
>>>>
>>>> I look at ngrep log, and it is some thing like this
>>>> ser1 -> ser2 INVITE
>>>> ser2 -> ser1 AUTH Required
>>>> ser1 -> ser2 INVITE with auth
>>>> ser2 -> ser1 AUTH Required
>>>> ser1 -> ser2 INVITE with auth
>>>> ser2 -> ser1 AUTH Required
>>>> It seems to me that openser1 cannot authentificate on openser2.
>>>>
>>>>
>>>> Thanks in advance
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users(a)openser.org
>>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users(a)openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>>
>>
>>
>
>
>
Hi All,
I want to impliment the call forwarding in my SER.
Can anybody please send me a working ser.cfg which forwards a call to any particular
phone number.
I am very hopefull from your side.
THANKS IN ADVANCE .
SAGAR.
vids_cs(a)yahoo.com
vids.cs(a)gmail.com
---------------------------------
Yahoo! for Good
Click here to donate to the Hurricane Katrina relief effort.
has anyone found resolution to this issue?
Hi!
Is there anybody who's succesfully running jabber module on top of a recent
"stable" ser/openser version? I can't get the server running, it hangs and I
have then to kill it with "kill -9".
This is the error log (running on openser 0.9.5, not forking, debug level =
8):
...
0(21394) DEBUG: init_mod_child (1): avpops
0(21394) get_connection(): Connection found in the pool
0(21394) XJAB:xjab_check_workers: worker[0][pid=21403] has exited -
status=0 err=21403 errno=0
0(21394) XJAB:21402:xjab_check_workers: create a new worker[0]
0(21394) XJAB:xj_worker[0]:21405: exiting - wrong parameters
0(21394) XJAB:xjab_check_workers: worker[1][pid=21404] has exited -
status=0 err=21404 errno=0
0(21394) XJAB:21402:xjab_check_workers: create a new worker[1]
0(21394) XJAB:xj_worker[1]:21406: exiting - wrong parameters
0(21394) SIGCHLD received: we do not worry about grand-children
I don't really understand why I get different errors on different modules
lowering the debug level (3):
2(0) get_connection(): Inherited open database connections, this is not a
good idea
2(0) db_init(): Could not create a connection
2(0) ERROR: child_init(-2): Error while connecting database
2(0) init_mod_child(): Error while initializing module usrloc
Please note that everything is working fine if I disable jabber module
I have seen jabber module hasn't been modified recently, is it possible it
is now somehow not compatibile with *sql modules?
--
Ing. Pietro Ravasio - pietro.ravasio at abbeynet.it
Enterprise Market Manager
Abbeynet S.p.A. - http://www.abbeynet.it
TEL: +390702109044
GSM: +393282172055
FAX: +390702109055
Hi all,
I use OpenSER 0.9.5 and the latest rtpproxy from snapshots repository
(http://www.openser.org/downloads/snapshots/rtpproxy/), 2.6.8 kernel, sarge.
This error occures when i try to run openser:
:ERROR: send_rtpp_command: can't connect to RTP proxy
:send_rtpp_command(): proxy <unix:/var/run/rtpproxy.sock> does not
responding, disable it
:WARNING: rtpp_test: can't get version of the RTP proxy
:WARNING: rtpp_test: support for RTP proxy <unix:/var/run/rtpproxy.sock>has
been disabled temporarily
Part of the config:
modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("registrar", "nat_flag", 6)
Of course rtpproxy is running (without any parameters, is this correct?) and
/var/run/rtpproxy.sock is there. OpenSER is running under openser user and
RTPproxy is running under root user. Do you have any idea?
Regards,
Zdenek
Hi
I have a query which select the correct prefix from the lcr table, but
have realised that it my be incorrect, is anyone else using something
similiar for rating
SELECT prefix from lcr WHERE 'sip:1234@sip.domain.com' LIKE lcr.from_uri
AND '35387318220' LIKE CONCAT(lcr.prefix, '%') ORDER BY
CHAR_LENGTH(lcr.prefix), lcr.priority DESC, RAND() ;
Now this returns
+--------+
| prefix |
+--------+
| 353 |
| 3538 |
| 35387 |
+--------+
Now I assume you should pick the one with the best match, i.e at the
bottom, if so should the query not have ASC no desc in the query, rather
than having to add another line which takes all result and sees length
of each.
Iqbal
Situation:
client1 ----->openser1 ----> openser2 ---->client2
Both openser have same accounts (user/pass)
When im not using proxy authentification it works ok.
If i use it it gives me 407
i have tried to use following
http://www.voice-system.ro/docs/uac/ar01s06.html#ex_auth
and always goes executing this part
if (isflagset(7)) {
t_reply("503","Authentication failed");
break;
}
I look at ngrep log, and it is some thing like this
ser1 -> ser2 INVITE
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
It seems to me that openser1 cannot authentificate on openser2.
Thanks in advance
