Thanks Daniel.

Will take a look to that.

2016-03-31 11:06 GMT+02:00 Daniel-Constantin Mierla <miconda@gmail.com>:

If Asterisk is still do it the authentication, then likely it is not much gain on overall scalability. Maybe you can just use kamailio as an edge proxy with Path enabled.

Otherwise, the requests generated with uac_req_send() don't get in failure_route. You have to set the auth user/password in the $uac_req(...) fields -- see the variables core cookbook for them. On the other hand, this is not enough, you have to deal also with authentication for other requests, such as INVITEs/SUBSCRIBEs/etc.

Cheers,
Daniel
On 31/03/16 10:57, Alberto Sagredo wrote:
I have it working, authenticating in Kamailio. And just works.

But there is a farm with lots of Asterisk and i was looking for an easy way to do not modify secret= and permit= on every Asterisk Machine... Thats why i was looking for that..

2016-03-31 10:55 GMT+02:00 Marrold <kamailio@marrold.co.uk>:

Why not just authenticate on Kamailio in that case?

Also, be aware that the Authorization Username ($au) is included in SIP digest authentication. $au and $fu aren't necessarily the same, but on most end points the default is to use the same value for both. If you manipulate $fu or $au it may cause auth issues.

On Thu, Mar 31, 2016 at 9:49 AM, Alberto Sagredo <alberto.sagredo@avanzada7.com> wrote:

Hi Marrold. I want to authenticate user on Kamailio but want Asterisk to see them registered with kamailio ip as contact.

I making also some manipulations in $fu as users are different (emp_xxx_ext) in kamailio than in Asterisk xxx_ext

Thanks

2016-03-31 10:48 GMT+02:00 Marrold <kamailio@marrold.co.uk>:

Why not just relay the registration messages to Asterisk itself? What's the use case?

Cheers

On Thu, Mar 31, 2016 at 9:34 AM, Alberto Sagredo <alberto.sagredo@avanzada7.com> wrote:

Hi

Im trying to modify example for Asterisk/Kamailio integration that miconda did, and trying to handle Forwarded register to Asterisk in an authenticated way instead removing secret in asterisk.

I have made this changes

route[REGFWD] {

if(!is_method("REGISTER"))

{

return;

}

$var(rip) = $var(astip);

$uac_req(method)="REGISTER";

$uac_req(ruri)="sip:" + $var(rip) + ":" + $var(astport);

$uac_req(furi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip);

$uac_req(turi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip);

$uac_req(hdrs)="Contact: <sip:" + $au + "@"

+ $sel(cfg_get.kamailio.bindip)

+ ":" + $sel(cfg_get.kamailio.bindport) + ">\r\n";

if($sel(contact.expires) != $null)

$uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $sel(contact.expires) + "\r\n";

else

$uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $hdr(Expires) + "\r\n";

xlog("Dentro de REGFWD");

t_on_failure("REG_AST");

uac_req_send();

}

failure_route[REG_AST] {

if (t_is_canceled()) {

exit;

}

xlog("Dentro de REG AST");

if(t_check_status("401|407")) {

xlog("Dentro de 401");

$avp(auser) = "test";

$avp(apass) = "test";

uac_auth();

t_relay();

exit;

}

}

What i see on traces:

U x.x.x..240:5060 -> x.x.x..56:5060

REGISTER sip:x.x.x.56:5060 SIP/2.0.

Via: SIP/2.0/UDP x.x.x.240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0.

To: <sip:200@x.x.x.56>.

From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f.

CSeq: 10 REGISTER.

Call-ID: 09dc120d65932ed7-16044@127.0.0.1.

Max-Forwards: 70.

Content-Length: 0.

User-Agent: ANY.

Contact: <sip:emp_001_200@x.x.x.240:5060>.

Expires: 3600.

.

#

U x.x.x.56:5060 -> x.x.x..240:5060

SIP/2.0 401 Unauthorized.

Via: SIP/2.0/UDP x.x.x..240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0;received=x.x.x..240;rport=5060.

From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f.

To: <sip:200@x.x.x.56>;tag=as62b47138.

Call-ID: 09dc120d65932ed7-16044@127.0.0.1.

CSeq: 10 REGISTER.

Server: FPBX-2.11.0(11.17.1).

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE.

Supported: replaces, timer.

WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="59e39692".

Content-Length: 0.

.

But Kamailio is not sending authentication .

Any idea what could be wrong? Or any tip to do what i try.

The idea is that a sip endpoint register with authentication on kamailio and it sends register with authentication to asterisk.

Thanks in advance

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users