Hi Andrey Please find ethereal packet capture enclosed. SER n/w dump is 'SER_SERVER' and SIP_AS n/w dump is 'SAS_SERVER'. SER IP = 10.25.119.155 SIP AS IP = 10.25.119.156 To URI is registered at SER end (dilip)
From URI is Application Name (example) and neither created nor registered (WakeUpService) with SER.
Thanks in anticipation Kamal Mann
-----Original Message----- From: serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Andrey Kuprianov Sent: Monday, November 06, 2006 11:04 AM To: serusers@iptel.org Subject: Re: [serusers]: trusted table(permissions module)
Hi Kamal,
Please (!), do network dump and send it here. Use tcpdump, ngrep, Ethereal, anything to catch your network traffic on port 5060.
Waiting for your traces,
Andrey.
On 11/6/06, Kamal.Mann@t-systems.com Kamal.Mann@t-systems.com wrote:
Hi Andrey, Yes you are right it not bypassing that part of code (route [3]).But why it is so? Its not trusting SIP AS IP! I had recompiled permissions module but still the same response!!
Regards Kamal Mann -----Original Message----- From: serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Andrey Kuprianov Sent: Saturday, November 04, 2006 6:20 PM To: serusers@iptel.org Subject: Re: [serusers]: trusted table(permissions module)
Hi Kamal,
Really, there are only 2 places in your ser.cfg, where proxy_authorize is called. One is inside route[3] block, and one, which is commented out is inside the main route block. Since, one proxy_authorize is commented out, this leaves the only a single proxy_authorize - the one inside route[3] block. Now... In your previous mail you said, "allow_trusted results 'true' and it directly bypasses this code." This means only one thing - there are *no more* proxy_authorize left to call...
You also said "But after in route(1) its sending 407-proxy auth required to trusted ip of sip_AS". That is impossible. Your route[1] block cannot and does not send 407 response. There's simply no proxy_authorize code in there and SER does not do it automatically!
I have several ideas (some of them were already presented in previous mails):
- Something else (not SER) is sending 407 response. Catch network
traffic (i.e. traces) and send them here to the list. Do it on both sides, SER and SIP-AS. This is critical. 2. Your SER is using some other configuration file (it's my best guess now), not the one that you've sent. Please, check thoroughly on this issue. 3. Do a fresh start with your configuration file. You will lose 1 (maximum 2) hours, but at least it's gonna work.
I really wish you best of luck on this one, man!
Andrey.
On 11/4/06, Kamal.Mann@t-systems.com Kamal.Mann@t-systems.com wrote:
Hi All In current scenario when a sip invite message comes to SER from my SIP_AS; SER take this massage trusted (as I defined in trusted table) but after this in my INVITE route(3) it sends it to route(1) default message handler. I am enclosing my ser.cfg; please take a glance on it.
Thanks in anticipation Kamal Mann -----Original Message----- From: John Shellhouse [mailto:jwshel@hotmail.com] Sent: Friday, November 03, 2006 9:17 PM To: Mann, Kamal Subject: RE: [serusers]: trusted table(permissions module)
Hi,
you've already tried something more filled in like this...
if (!proxy_authorize("somedomain.com","subscriber")) { proxy_challenge("somedomain.com","0"); break; } else if (method == "INVITE" & !check_from()) { log("from!=digest\n"); sl_send_reply("403", "Use From=ID");
break; }; consume_credentials();
T
From: Kamal.Mann@t-systems.com To: andrey.kouprianov@gmail.com, serusers@iptel.org Subject: RE: [serusers]: trusted table(permissions module) Date: Fri, 3 Nov 2006 15:40:26 +0100
Hi All Now SER is trusting packates from trusted table IP and in the following part of route(3) of Invite message handler allow_trusted results 'true' and it directly bypasses this code. if (!allow_trusted()) { if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); break; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); break; }; consume_credentials(); }; But after in route(1) its sending 407-proxy auth required to trusted ip of sip_AS. Please help me out of this dilemma.
Thanks in anticipation Kamal Mann
-----Original Message----- From: serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Andrey Kuprianov Sent: Thursday, November 02, 2006 1:13 PM To: serusers@iptel.org Subject: Re: [serusers]: trusted table(permissions module)
The one you attached, didnt have a semicolon. Anyway, try using a fresh copy of a ready made ser.cfg.
Bests,
Andrey.
On 11/2/06, Kamal.Mann@t-systems.com Kamal.Mann@t-systems.com wrote:
Yup I always do the same, Might be copy paste error. Its having
semicolon & working fine here.
Regards Kamal Mann
-----Original Message----- From: Andrey Kuprianov [mailto:andrey.kouprianov@gmail.com] Sent: Thursday, November 02, 2006 10:34 AM To: serusers@iptel.org Subject: Re: [serusers]: trusted table(permissions module)
Hi Kamal,
Whenever you modified your ser.cfg did you restart SER after? Did you check your ser.cfg for errors using "ser -c" command? I found some errors in your ser.cfg code. For instance, inside the main route block, your "if", which processes INVITEs, is missing a semicolon at the end of the block.
if (method=="INVITE") { # sl_send_reply("404", "INVITE "); route(3); break; } <----- missing semicolon here
If you are comfortable with your current ser.cfg, that's ok, but I'd suggest you start with a fresh one, make your trusted table work, and then add a "REFER" processing, like in your currect ser.cfg. Just download one fresh ser.cfg from iptel.org site and add your allow_trusted() "if" clause there.
Regards,
Andrey.
On 11/2/06, Kamal.Mann@t-systems.com Kamal.Mann@t-systems.com wrote:
Hi Please find ser.cfg enclosed.
Trusted table entry: +---------------+-------+--------------+ | src_ip | proto | from_pattern | +---------------+-------+--------------+ | 10.25.119.156 | any | ^sip:.*$ | +---------------+-------+--------------+ 1 row in set (0.00 sec)
Thanks in anticipation Kamal Mann -----Original Message----- From: serusers-bounces@lists.iptel.org
[mailto:serusers-bounces@lists.iptel.org] On Behalf Of Andrey Kuprianov
Sent: Wednesday, November 01, 2006 7:03 PM To: serusers@iptel.org Subject: Re: [serusers]: trusted table(permissions module)
Hi Kamal,
I understand your setup. Nevertheless, it will be difficult to figure out your problem, w/o your ser.cfg file at hand. Also, send a trusted table query result (i.e. that row which contains entry for your SIP-AS).
Regards,
Andrey.On 11/1/06, Kamal.Mann@t-systems.com Kamal.Mann@t-systems.com wrote:
Hi All In my scenario I need ser to communicate with my SIP-AS. This SIP-AS
is having an application xyz running on it. This XYZ sends an invite to URI "A@xcv.de" which is a subscriber in SER and this is in TO header of Invite msg & FROM header contains another URI test@xcv.de but this URI (test@xcv.de) isn't registered / subscribed to SER. I need SER trust all packets from SIP-AS ip. BUT SER is sending 407 reply of INVITE to XYZ application! IP in trusted table is of SIP-AS on top of which XYZ application is running.
Thanks in anticipation Kamal Mann
-----Original Message----- From: Maciej ¯wirski [mailto:mzwirek@poczta.fm] Sent: Wednesday, November 01, 2006 3:20 PM To: serusers@lists.iptel.org Subject: Re: [serusers]: trusted table(permissions module)
Kamal.Mann@t-systems.com wrote:
> Hi All > > I made an entry /"10.25.119.156, any, ^sip:.*$"/ into trusted
table so
> that any packet sent from 10.25.119.156 would be trusted by SER
and
> don't ask for its credentials. But SER is replying *407- proxy*
auth
> needed!! After this I tried with permissions.allow file: > Hi, I had the same issue while interconnecting SER and Asterisk. It
turned
out to be an issue on Asterisk side (I had the same user added for
SER
and Asterisk, so the poor thing couldn't authorize either :)) So you could check if the 407 you're getting is from SER or from the remote
host.
Regards, Maciej Zwirski
Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Get FREE company branded e-mail accounts and business Web site from Microsoft Office Live http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers