Hi
I have an OpenSER 1.1 box on a public IP running a config taken
more-or-less verbatim from the
iptel.org <http://iptel.org> getting
started examples. I have a UA behind a PIX which is translating port
5060 on the phone to port 8907 on the firewall. OpenSER is ignoring this
and sending replies to INVITEs to port 5060 on the firewall.
If it's likely to make any difference, the PATed IP and the IP of the
OpenSER box are on the same network.
31 61.574505 193.x.x.15 -> 193.x.x.5 SIP/SDP Request: INVITE
sip:5551212@193.x.x.5 <mailto:sip:5551212@193.x.x.5>;user=phone, with
session description
32 61.575998 193.x.x.5 -> 193.x.x.15 SIP Status: 407 Proxy
Authentication Required
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: SIP Request:
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: method: <INVITE>
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: uri: <
sip:5551212@193.x.x.5 <mailto:sip:5551212@193.x.x.5>;user=phone>
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: version: <SIP/2.0>
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=2
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: Found param type 232,
<branch> = <z9hG4bK4ae31c203ab6ceb>; state=16
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: end of header reached,
state=5
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: Via found,
flags=2
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: this is
the first via
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: After parse_msg...
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: preparing to run routing
scripts...
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=100
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG:parse_to:end of
header reached, state=10
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DBUG:parse_to:
display={}, ruri={sip:5551212@193.x.x.5
<mailto:sip:5551212@193.x.x.5>;user=phone}
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: get_hdr_field:
<To> [39]; uri=[ sip:5551212@193.x.x.5
<mailto:sip:5551212@193.x.x.5>;user=phone]
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: to body [<
sip:5551212@193.x.x.5 <mailto:sip:5551212@193.x.x.5>;user=phone>^M ]
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: get_hdr_field: cseq
<CSeq>: <1> <INVITE>
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: get_hdr_body :
content_length=284
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: found end of header
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: is_maxfwd_present:
max_forwards header not found!
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: add_param:
tag=3783260355
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG:parse_to:end of
header reached, state=29
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DBUG:parse_to:
display={}, ruri={sip:84410001@193.x.x.5 <mailto:sip:84410001@193.x.x.5>
;user=phone}
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=200
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: find_first_route: No
Route headers found
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: loose_route: There is no
Route HF
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: grep_sock_info - checking
if host==us: 12==12 && [ 193.x.x.5] == [193.x.x.5]
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: grep_sock_info - checking
if port 5060 matches port 5060
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: XXX INVITE handler: start
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=10000
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: pre_auth(): Credentials
with given realm not found
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: XXX INVITE handler:
proxy_authorize failed
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: build_auth_hf():
'Proxy-Authenticate: Digest realm=" 193.x.x.5",
nonce="44d3636e40c00e3f51456a587f994d0f285325af"^M '
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers:
flags=ffffffffffffffff
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: check_via_address(
193.x.x.15, 10.200.100.46 <http://10.200.100.46>, 0)
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG:destroy_avp_list:
destroying list (nil)
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: receive_msg: cleaning up
How can I force proxy_challenge() to send its challenge to port 8907?
Cheers,
Mark
Config:
debug=8
fork=yes
log_stderror=no
listen= 193.82.139.5 <http://193.82.139.5>
port=5060
children=4
dns=no
rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://openserro:openserro@localhost/openser"
loadmodule "/usr/lib/openser/modules/mysql.so"
loadmodule "/usr/lib/openser/modules/sl.so"
loadmodule "/usr/lib/openser/modules/tm.so"
loadmodule "/usr/lib/openser/modules/rr.so"
loadmodule "/usr/lib/openser/modules/maxfwd.so"
loadmodule "/usr/lib/openser/modules/usrloc.so"
loadmodule "/usr/lib/openser/modules/registrar.so"
loadmodule "/usr/lib/openser/modules/auth.so"
loadmodule "/usr/lib/openser/modules/auth_db.so"
loadmodule "/usr/lib/openser/modules/uri.so"
loadmodule "/usr/lib/openser/modules/uri_db.so"
loadmodule "/usr/lib/openser/modules/nathelper.so"
loadmodule "/usr/lib/openser/modules/textops.so"
modparam("auth_db|uri_db|usrloc", "db_url",
"mysql://openserro:openserro@localhost/openser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "rtpproxy_sock",
"unix:/var/run/rtpproxy.sock")
modparam("usrloc", "db_mode", 2)
modparam("registrar", "nat_flag", 6)
modparam("rr", "enable_full_lr", 1)
route {
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
return;
};
if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
return;
};
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method!="REGISTER") {
record_route();
};
if (method=="BYE" || method=="CANCEL") {
unforce_rtp_proxy();
}
# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
if ((method=="INVITE" || method=="REFER") &&
!has_totag()) {
sl_send_reply("403", "Forbidden");
return;
};
if (method=="INVITE") {
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
return;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
return;
};
consume_credentials();
if (nat_uac_test("19")) {
setflag(6);
force_rport();
fix_nated_contact();
};
force_rtp_proxy("l");
};
route(1);
return;
};
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri!=myself) {
route(4);
route(1);
return;
};
if (method=="ACK") {
route(1);
return;
} else if (method=="CANCEL") {
route(1);
return;
} else if (method=="INVITE") {
route(3);
return;
} else if (method=="REGISTER") {
route(2);
return;
};
lookup("aliases");
if (uri!=myself) {
route(4);
route(1);
return;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
return;
};
route(1);
}
route[1] {
log("XXX default handler: start");
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" && isflagset(6)) {
unforce_rtp_proxy();
};
sl_reply_error();
};
}
route[2] {
log("XXX REGISTER handler: start");
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
if (!search("^Contact:[ ]*\*") && nat_uac_test("19"))
{
log("XXX REGISTER handler: valid contact and
nat_uac_test(19) true");
setflag(6);
fix_nated_register();
force_rport();
};
log("XXX REGISTER handler: 100 trying");
sl_send_reply("100", "Trying");
if (!www_authorize("","subscriber")) {
log("XXX REGISTER handler: www_authorize failed");
www_challenge("","0");
return;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
return;
};
consume_credentials();
if (!save("location")) {
sl_reply_error();
};
log("XXX REGISTER handler: location saved");
}
route[3] {
log("XXX INVITE handler: start");
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
if (!proxy_authorize("","subscriber")) {
log("XXX INVITE handler: proxy_authorize failed");
proxy_challenge("","0");
return;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
return;
};
consume_credentials();
if (nat_uac_test("19")) {
setflag(6);
}
lookup("aliases");
if (uri!=myself) {
route(4);
route(1);
return;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
return;
};
route(4);
route(1);
}
route[4] {
log("XXX NAT traversal: start");
# -----------------------------------------------------------------
# NAT Traversal Section
# -----------------------------------------------------------------
if (isflagset(6)) {
force_rport();
fix_nated_contact();
force_rtp_proxy();
}
}
onreply_route[1] {
log("XXX onreply_route: start");
if (isflagset(6) && status=~"(180)|(183)|2[0-9][0-9]") {
if (!search("^Content-Length:[ ]*0")) {
force_rtp_proxy();
};
};
if (nat_uac_test("1")) {
log("XXX onreply_route: nat_uac_test(1) true");
fix_nated_contact();
};
}
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users