Re: [Users] Proxy authentication message to wrong port

Hi I have an OpenSER 1.1 box on a public IP running a config taken more-or-less verbatim from the iptel.org <http://iptel.org> getting started examples. I have a UA behind a PIX which is translating port 5060 on the phone to port 8907 on the firewall. OpenSER is ignoring this and sending replies to INVITEs to port 5060 on the firewall. If it's likely to make any difference, the PATed IP and the IP of the OpenSER box are on the same network. 31 61.574505 193.x.x.15 -> 193.x.x.5 SIP/SDP Request: INVITE sip:5551212@193.x.x.5 <mailto:sip:5551212@193.x.x.5>;user=phone, with session description 32 61.575998 193.x.x.5 -> 193.x.x.15 SIP Status: 407 Proxy Authentication Required Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: SIP Request: Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: method: <INVITE> Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: uri: < sip:5551212@193.x.x.5 <mailto:sip:5551212@193.x.x.5>;user=phone> Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: version: <SIP/2.0> Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=2 Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: Found param type 232, <branch> = <z9hG4bK4ae31c203ab6ceb>; state=16 Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: end of header reached, state=5 Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: Via found, flags=2 Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: this is the first via Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: After parse_msg... Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: preparing to run routing scripts... Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=100 Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG:parse_to:end of header reached, state=10 Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DBUG:parse_to: display={}, ruri={sip:5551212@193.x.x.5 <mailto:sip:5551212@193.x.x.5>;user=phone} Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: get_hdr_field: <To> [39]; uri=[ sip:5551212@193.x.x.5 <mailto:sip:5551212@193.x.x.5>;user=phone] Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: to body [< sip:5551212@193.x.x.5 <mailto:sip:5551212@193.x.x.5>;user=phone>^M ] Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: get_hdr_field: cseq <CSeq>: <1> <INVITE> Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: get_hdr_body : content_length=284 Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: found end of header Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: is_maxfwd_present: max_forwards header not found! Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: add_param: tag=3783260355 Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG:parse_to:end of header reached, state=29 Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DBUG:parse_to: display={}, ruri={sip:84410001@193.x.x.5 <mailto:sip:84410001@193.x.x.5> ;user=phone} Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=200 Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: find_first_route: No Route headers found Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: loose_route: There is no Route HF Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: grep_sock_info - checking if host==us: 12==12 && [ 193.x.x.5] == [193.x.x.5] Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: grep_sock_info - checking if port 5060 matches port 5060 Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: XXX INVITE handler: start Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=10000 Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: pre_auth(): Credentials with given realm not found Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: XXX INVITE handler: proxy_authorize failed Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: build_auth_hf(): 'Proxy-Authenticate: Digest realm=" 193.x.x.5", nonce="44d3636e40c00e3f51456a587f994d0f285325af"^M ' Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=ffffffffffffffff Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: check_via_address( 193.x.x.15, 10.200.100.46 <http://10.200.100.46>, 0) Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG:destroy_avp_list: destroying list (nil) Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: receive_msg: cleaning up How can I force proxy_challenge() to send its challenge to port 8907? Cheers, Mark Config: debug=8 fork=yes log_stderror=no listen= 193.82.139.5 <http://193.82.139.5> port=5060 children=4 dns=no rev_dns=no fifo="/tmp/ser_fifo" fifo_db_url="mysql://openserro:openserro@localhost/openser" loadmodule "/usr/lib/openser/modules/mysql.so" loadmodule "/usr/lib/openser/modules/sl.so" loadmodule "/usr/lib/openser/modules/tm.so" loadmodule "/usr/lib/openser/modules/rr.so" loadmodule "/usr/lib/openser/modules/maxfwd.so" loadmodule "/usr/lib/openser/modules/usrloc.so" loadmodule "/usr/lib/openser/modules/registrar.so" loadmodule "/usr/lib/openser/modules/auth.so" loadmodule "/usr/lib/openser/modules/auth_db.so" loadmodule "/usr/lib/openser/modules/uri.so" loadmodule "/usr/lib/openser/modules/uri_db.so" loadmodule "/usr/lib/openser/modules/nathelper.so" loadmodule "/usr/lib/openser/modules/textops.so" modparam("auth_db|uri_db|usrloc", "db_url", "mysql://openserro:openserro@localhost/openser") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock") modparam("usrloc", "db_mode", 2) modparam("registrar", "nat_flag", 6) modparam("rr", "enable_full_lr", 1) route { # ----------------------------------------------------------------- # Sanity Check Section # ----------------------------------------------------------------- if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); return; }; if (msg:len > max_len) { sl_send_reply("513", "Message Overflow"); return; }; # ----------------------------------------------------------------- # Record Route Section # ----------------------------------------------------------------- if (method!="REGISTER") { record_route(); }; if (method=="BYE" || method=="CANCEL") { unforce_rtp_proxy(); } # ----------------------------------------------------------------- # Loose Route Section # ----------------------------------------------------------------- if (loose_route()) { if ((method=="INVITE" || method=="REFER") && !has_totag()) { sl_send_reply("403", "Forbidden"); return; }; if (method=="INVITE") { if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); return; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); return; }; consume_credentials(); if (nat_uac_test("19")) { setflag(6); force_rport(); fix_nated_contact(); }; force_rtp_proxy("l"); }; route(1); return; }; # ----------------------------------------------------------------- # Call Type Processing Section # ----------------------------------------------------------------- if (uri!=myself) { route(4); route(1); return; }; if (method=="ACK") { route(1); return; } else if (method=="CANCEL") { route(1); return; } else if (method=="INVITE") { route(3); return; } else if (method=="REGISTER") { route(2); return; }; lookup("aliases"); if (uri!=myself) { route(4); route(1); return; }; if (!lookup("location")) { sl_send_reply("404", "User Not Found"); return; }; route(1); } route[1] { log("XXX default handler: start"); # ----------------------------------------------------------------- # Default Message Handler # ----------------------------------------------------------------- t_on_reply("1"); if (!t_relay()) { if (method=="INVITE" && isflagset(6)) { unforce_rtp_proxy(); }; sl_reply_error(); }; } route[2] { log("XXX REGISTER handler: start"); # ----------------------------------------------------------------- # REGISTER Message Handler # ---------------------------------------------------------------- if (!search("^Contact:[ ]*\*") && nat_uac_test("19")) { log("XXX REGISTER handler: valid contact and nat_uac_test(19) true"); setflag(6); fix_nated_register(); force_rport(); }; log("XXX REGISTER handler: 100 trying"); sl_send_reply("100", "Trying"); if (!www_authorize("","subscriber")) { log("XXX REGISTER handler: www_authorize failed"); www_challenge("","0"); return; }; if (!check_to()) { sl_send_reply("401", "Unauthorized"); return; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; log("XXX REGISTER handler: location saved"); } route[3] { log("XXX INVITE handler: start"); # ----------------------------------------------------------------- # INVITE Message Handler # ----------------------------------------------------------------- if (!proxy_authorize("","subscriber")) { log("XXX INVITE handler: proxy_authorize failed"); proxy_challenge("","0"); return; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); return; }; consume_credentials(); if (nat_uac_test("19")) { setflag(6); } lookup("aliases"); if (uri!=myself) { route(4); route(1); return; }; if (!lookup("location")) { sl_send_reply("404", "User Not Found"); return; }; route(4); route(1); } route[4] { log("XXX NAT traversal: start"); # ----------------------------------------------------------------- # NAT Traversal Section # ----------------------------------------------------------------- if (isflagset(6)) { force_rport(); fix_nated_contact(); force_rtp_proxy(); } } onreply_route[1] { log("XXX onreply_route: start"); if (isflagset(6) && status=~"(180)|(183)|2[0-9][0-9]") { if (!search("^Content-Length:[ ]*0")) { force_rtp_proxy(); }; }; if (nat_uac_test("1")) { log("XXX onreply_route: nat_uac_test(1) true"); fix_nated_contact(); }; } ------------------------------------------------------------------------ _______________________________________________ Users mailing list Users(a)openser.org http://openser.org/cgi-bin/mailman/listinfo/users