19 Jul
2004
19 Jul
'04
11:38 a.m.
Thank you Andrei,
this is the ngrep output from 'ngrep bart port 5060'. I'm only
connecting the natted phone:
#
U 213.219.137.148:5060 -> 212.71.0.90:5060
REGISTER sip:ser.edpnet.net:5060 SIP/2.0..Via: SIP/2.0/UDP
213.219.137.148:50198..Supported: replaces..User-Agent: SIP201
(lp201sip.100a)..Contact: <sip:bart@10.0.0.2:5060>;expires=60..From:
<sip:bart@ser.edpnet.net> ;tag=a000002-13c4-0-42e-7
fea..To: <sip:bart@ser.edpnet.net>..Call-ID:
a000002-13c4-0-406-79bf-1..CSeq: 1 REGISTER..Content-Length:0....
#
U 212.71.0.90:5060 -> 213.219.137.148:5060
SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
213.219.137.148:50198;rport=5060..From: <sip:bart@ser.edpnet.net>
;tag=a000002 -13c4-0-42e-7fea..To:
<sip:bart@ser.edpnet.net>;tag=61a88e7fd5f0561d96cde0cc9ecba6d7.9adf..Call-ID
: a000002-13c4-0-406-79
bf-1..CSeq: 1 REGISTER..WWW-Authenticate: Digest realm="ser.edpnet.net",
nonce="40fb952b226d9f0726f09c5fda8db0fe3b9a47d2"
..Server: Sip EXpress router (0.8.13-dev-33-usrloc
(i386/linux))..Content-Length: 0..Warning: 392 212.71.0.90:5060 "Noisy
feedback tells: pid=17817 req_src_ip=213.219.137.148 req_src_port=5060
in_uri=sip:ser.edpnet.net:5060 out_uri=sip:ser.edpnet.net:5060
via_cnt==1"....
--- the second register:
U 213.219.137.148:5060 -> 212.71.0.90:5060
REGISTER sip:ser.edpnet.net:5060 SIP/2.0..Via: SIP/2.0/UDP
213.219.137.148:50198..Supported: replaces..User-Agent: SIP201
(lp201sip.100a)..Contact: <sip:bart@10.0.0.2:5060>;expires=60..From:
<sip:bart@ser.edpnet.net> ;tag=a000002-13c4-0-42e-7
fea..To: <sip:bart@ser.edpnet.net>..Call-ID:
a000002-13c4-0-406-79bf-1..CSeq: 1 REGISTER..Content-Length:0....
#
U 212.71.0.90:5060 -> 213.219.137.148:5060
SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
213.219.137.148:50198;rport=5060..From: <sip:bart@ser.edpnet.net>
;tag=a000002-13c4-0-42e-7fea..To:
<sip:bart@ser.edpnet.net>;tag=61a88e7fd5f0561d96cde0cc9ecba6d7.9adf..Call-ID
: a000002-13c4-0-406-79
bf-1..CSeq: 1 REGISTER..WWW-Authenticate: Digest realm="ser.edpnet.net",
nonce="40fb952cf1352a491276a2e811642001d3698340"
..Server: Sip EXpress router (0.8.13-dev-33-usrloc
(i386/linux))..Content-Length: 0..Warning: 392 212.71.0.90:5060 "Noisy
feedback tells: pid=17817 req_src_ip=213.219.137.148 req_src_port=5060
in_uri=sip:ser.edpnet.net:5060 out_uri=sip:ser.edpnet.net:5060
via_cnt==1"....
#
So I guess my UA doesn't resend the request with the proper auth?
thanks,
Bart
-----Original Message-----
From: Andrei Pelinescu-Onciul
[mailto:pelinescu-onciul@fokus.fraunhofer.de]
Sent: vrijdag 16 juli 2004 17:22
To: Bart Van Daal
Cc: serusers(a)lists.iptel.org
Subject: Re: [Serusers] NAT vs. NoNat authentication
On Jul 16, 2004 at 13:38, Bart Van Daal <B.Vandaal(a)edpnet.net> wrote:
Hi,
Is there a difference in authenticating a natted or
non-nated UA using
www_authen? The reason i'm asking is because
when my UA is directly
connected to the internet it authenticates fine but when
NATed I get
the following error:
parse_headers: flags=4096
0(12877) pre_auth(): Credentials with given realm not found
0(12877) ---:: didn't authorize
0(12877) build_auth_hf(): 'WWW-Authenticate: Digest
realm="ser.edpnet.net",
nonce="40f7be4edbd22e214821f2a3937968fc049ae290" '
0(12877) parse_headers: flags=-1
This is normal if it happens only for the first request. Your
UA sends the first request without auth. info., the server
sends back a negative reply with and auth. header and then
your UA is supposed to retry to send the request with proper auth.
In the future please include network dumps.
Andrei