Hi
I have an OpenSER 1.1 box on a public IP running a config taken more-or-less verbatim from the iptel.org getting started examples. I have a UA behind a PIX which is translating port 5060 on the phone to port 8907 on the firewall. OpenSER is ignoring this and sending replies to INVITEs to port 5060 on the firewall.
If it's likely to make any difference, the PATed IP and the IP of the OpenSER box are on the same network.
31 61.574505 193.x.x.15 -> 193.x.x.5 SIP/SDP Request: INVITE
sip:5551212@193.x.x.5;user=phone, with session description
32 61.575998 193.x.x.5 -> 193.x.x.15 SIP Status: 407 Proxy Authentication Required
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: SIP Request:
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: method: <INVITE>
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: uri: <
sip:5551212@193.x.x.5;user=phone>
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: version: <SIP/2.0>
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=2
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: Found param type 232, <branch> = <z9hG4bK4ae31c203ab6ceb>; state=16
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: end of header reached, state=5
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: Via found, flags=2
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: this is the first via
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: After parse_msg...
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: preparing to run routing scripts...
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=100
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG:parse_to:end of header reached, state=10
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DBUG:parse_to: display={}, ruri={sip:5551212@193.x.x.5;user=phone}
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: get_hdr_field: <To> [39]; uri=[
sip:5551212@193.x.x.5;user=phone]
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: to body [<
sip:5551212@193.x.x.5;user=phone>^M ]
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: get_hdr_field: cseq <CSeq>: <1> <INVITE>
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: get_hdr_body : content_length=284
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: found end of header
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: is_maxfwd_present: max_forwards header not found!
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: add_param: tag=3783260355
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG:parse_to:end of header reached, state=29
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DBUG:parse_to: display={}, ruri={sip:84410001@193.x.x.5
;user=phone}
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=200
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: find_first_route: No Route headers found
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: loose_route: There is no Route HF
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: grep_sock_info - checking if host==us: 12==12 && [
193.x.x.5] == [193.x.x.5]
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: grep_sock_info - checking if port 5060 matches port 5060
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: XXX INVITE handler: start
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=10000
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: pre_auth(): Credentials with given realm not found
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: XXX INVITE handler: proxy_authorize failed
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: build_auth_hf(): 'Proxy-Authenticate: Digest realm="
193.x.x.5", nonce="44d3636e40c00e3f51456a587f994d0f285325af"^M '
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=ffffffffffffffff
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: check_via_address(
193.x.x.15, 10.200.100.46, 0)
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG:destroy_avp_list: destroying list (nil)
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: receive_msg: cleaning up
How can I force proxy_challenge() to send its challenge to port 8907?
Cheers,
Mark
Config:
debug=8
fork=yes
log_stderror=no
listen=
193.82.139.5
port=5060
children=4
dns=no
rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://openserro:openserro@localhost/openser"
loadmodule "/usr/lib/openser/modules/mysql.so"
loadmodule "/usr/lib/openser/modules/sl.so"
loadmodule "/usr/lib/openser/modules/tm.so"
loadmodule "/usr/lib/openser/modules/rr.so"
loadmodule "/usr/lib/openser/modules/maxfwd.so"
loadmodule "/usr/lib/openser/modules/usrloc.so"
loadmodule "/usr/lib/openser/modules/registrar.so"
loadmodule "/usr/lib/openser/modules/auth.so"
loadmodule "/usr/lib/openser/modules/auth_db.so"
loadmodule "/usr/lib/openser/modules/uri.so"
loadmodule "/usr/lib/openser/modules/uri_db.so"
loadmodule "/usr/lib/openser/modules/nathelper.so"
loadmodule "/usr/lib/openser/modules/textops.so"
modparam("auth_db|uri_db|usrloc", "db_url", "mysql://openserro:openserro@localhost/openser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")
modparam("usrloc", "db_mode", 2)
modparam("registrar", "nat_flag", 6)
modparam("rr", "enable_full_lr", 1)
route {
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
return;
};
if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
return;
};
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method!="REGISTER") {
record_route();
};
if (method=="BYE" || method=="CANCEL") {
unforce_rtp_proxy();
}
# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
if ((method=="INVITE" || method=="REFER") && !has_totag()) {
sl_send_reply("403", "Forbidden");
return;
};
if (method=="INVITE") {
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
return;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
return;
};
consume_credentials();
if (nat_uac_test("19")) {
setflag(6);
force_rport();
fix_nated_contact();
};
force_rtp_proxy("l");
};
route(1);
return;
};
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri!=myself) {
route(4);
route(1);
return;
};
if (method=="ACK") {
route(1);
return;
} else if (method=="CANCEL") {
route(1);
return;
} else if (method=="INVITE") {
route(3);
return;
} else if (method=="REGISTER") {
route(2);
return;
};
lookup("aliases");
if (uri!=myself) {
route(4);
route(1);
return;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
return;
};
route(1);
}
route[1] {
log("XXX default handler: start");
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" && isflagset(6)) {
unforce_rtp_proxy();
};
sl_reply_error();
};
}
route[2] {
log("XXX REGISTER handler: start");
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
if (!search("^Contact:[ ]*\*") && nat_uac_test("19")) {
log("XXX REGISTER handler: valid contact and nat_uac_test(19) true");
setflag(6);
fix_nated_register();
force_rport();
};
log("XXX REGISTER handler: 100 trying");
sl_send_reply("100", "Trying");
if (!www_authorize("","subscriber")) {
log("XXX REGISTER handler: www_authorize failed");
www_challenge("","0");
return;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
return;
};
consume_credentials();
if (!save("location")) {
sl_reply_error();
};
log("XXX REGISTER handler: location saved");
}
route[3] {
log("XXX INVITE handler: start");
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
if (!proxy_authorize("","subscriber")) {
log("XXX INVITE handler: proxy_authorize failed");
proxy_challenge("","0");
return;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
return;
};
consume_credentials();
if (nat_uac_test("19")) {
setflag(6);
}
lookup("aliases");
if (uri!=myself) {
route(4);
route(1);
return;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
return;
};
route(4);
route(1);
}
route[4] {
log("XXX NAT traversal: start");
# -----------------------------------------------------------------
# NAT Traversal Section
# -----------------------------------------------------------------
if (isflagset(6)) {
force_rport();
fix_nated_contact();
force_rtp_proxy();
}
}
onreply_route[1] {
log("XXX onreply_route: start");
if (isflagset(6) && status=~"(180)|(183)|2[0-9][0-9]") {
if (!search("^Content-Length:[ ]*0")) {
force_rtp_proxy();
};
};
if (nat_uac_test("1")) {
log("XXX onreply_route: nat_uac_test(1) true");
fix_nated_contact();
};
}