Had a closer look at the Digest being
sent.
Attempted to recreate Digest based on the username, realm,
password, method & uri I was expecting versus the one
created in the invite. Looks like Asterisk was using a blank
password.
Proxy-Authorization: Digest username="provideruser",
realm="providerip", algorithm=MD5,
uri=
"sip:provideruser@providerip",
nonce="nonceexample", response="exampleresponse"
php -r 'echo
md5(md5("provideruser:providerip:password").":nonceexample:".md5("INVITE:
sip:provideruser@providerip"));'
someotherresponse
php -r 'echo
md5(md5("provideruser:providerip:").":nonceexample:".md5("INVITE:
sip:provideruser@providerip"));'
exampleresponse
Here's the two lines in chan_sip.c
(
http://svn.asterisk.org/svn/asterisk/branches/11/channels/chan_sip.c)
that could have set the secret:
secret = auth->secret;
secret = p->relatedpeer
&&
!ast_strlen_zero(p->relatedpeer->remotesecret)
? p->relatedpeer->remotesecret :
p->peersecret;
When I checked Elastix MT code, it wasn't setting the secret for
Asterisk Realtime because this is handled by Kamailio for
extensions. But I noted that remotesecret could be used for
peers.
Ended up altering Elastix Mt trunk interface to allow entering
remotesecret field via /usr/share/elastix/apps/trunks/index.php
Now a single outbound call is able to connect, however, it drops
out when a second outbound call is made.
From:
Daniel-Constantin Mierla [miconda@gmail.com]
Sent: Monday, 11 May 2015 8:47 PM
To: Darren Campbell (Primar); Kamailio (SER) -
Users Mailing List
Subject: Re: [SR-Users] Handling 407 Proxy
Authentication, Elastix MT
What is happening then, is the provider sending back
another 407?
Normally the Proxy-Authorization header should stay
unchanged, but if you change the request uri, it may result
in mismatch.
Cheers,
Daniel
On 11/05/15 10:26, Darren
Campbell (Primar) wrote:
Thanks, much appreciated.
I'm seeing the Proxy-Authorization from Asterisk in
tcpdump. It seems like I've been working against what's
already built into Kamailio.
Probably need to tweak some uri's though.
When dialing out, the r-uri is:
sip:mobilenumberhere@exampleip
But the uri part of the Proxy-Authorization in the new
INVITE ends up with uri=
"sip:mobilenumberhere@exampleip"
However, I think it should be showing uri=
"sip:providerusernamehere@exampleip"
Regards,
Darren
Hello,
On 11/05/15 08:41,
Darren Campbell (Primar) wrote:
Hi all
Have Asterisk listening on 127.0.0.1 and aiming
to route all inbound/outbound SIP via Kamailio
listening on 127.0.0.1 and external interface.
Inbound calls from the SIP PROVIDER work just
fine. Have NAT, rtpproxy configured for
successful registration and subsequent INVITEs
etc.
Experiencing some challenges with the outgoing
INVITES, primarily authenticating the outbound
INVITEs.
The current situation is this:
Asterisk > INVITE > Kamailio > INVITE
> SIP PROVIDER
SIP PROVIDER > 407 Proxy Authenticate >
Kamailio > Transaction Cancelled.
Asterisk then plays number unavailable message.
The desired situation is more like this:
Asterisk > INVITE > Kamailio > INVITE
> SIP PROVIDER
SIP PROVIDER > 407 Proxy Authenticate >
Kamailio > Asterisk
Asterisk > INVITE (with auth digest etc) >
Kamailio > INVITE > SIP PROVIDER
An attempted solution was made by having
Kamailio authenticate using the uac module.
However, ideally Kamailio should be mostly
transparent and Asterisk should be handling and
responding to the 407 Proxy Authentication.
If there is someone in the Kamailio community
that has addressed this situation before,
guidance would be much appreciated.
do you have a failure_route block in kamailio.cfg?
Be sure that if 401/407 is received, you just exit
the routing block:
failure_route[abc] {
...
if(t_check_status("401|407")) exit;
...
}
Then the 401/407 replies will be sent upstream to
asterisk.
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, May 27-29, 2015
Berlin, Germany - http://www.kamailioworld.com
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, May 27-29, 2015
Berlin, Germany - http://www.kamailioworld.com