Thank you Andrei,
this is the ngrep output from 'ngrep bart port 5060'. I'm only connecting the natted phone:
# U 213.219.137.148:5060 -> 212.71.0.90:5060 REGISTER sip:ser.edpnet.net:5060 SIP/2.0..Via: SIP/2.0/UDP 213.219.137.148:50198..Supported: replaces..User-Agent: SIP201 (lp201sip.100a)..Contact: sip:bart@10.0.0.2:5060;expires=60..From: sip:bart@ser.edpnet.net ;tag=a000002-13c4-0-42e-7 fea..To: sip:bart@ser.edpnet.net..Call-ID: a000002-13c4-0-406-79bf-1..CSeq: 1 REGISTER..Content-Length:0.... # U 212.71.0.90:5060 -> 213.219.137.148:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 213.219.137.148:50198;rport=5060..From: sip:bart@ser.edpnet.net ;tag=a000002 -13c4-0-42e-7fea..To: sip:bart@ser.edpnet.net;tag=61a88e7fd5f0561d96cde0cc9ecba6d7.9adf..Call-ID : a000002-13c4-0-406-79 bf-1..CSeq: 1 REGISTER..WWW-Authenticate: Digest realm="ser.edpnet.net", nonce="40fb952b226d9f0726f09c5fda8db0fe3b9a47d2" ..Server: Sip EXpress router (0.8.13-dev-33-usrloc (i386/linux))..Content-Length: 0..Warning: 392 212.71.0.90:5060 "Noisy feedback tells: pid=17817 req_src_ip=213.219.137.148 req_src_port=5060 in_uri=sip:ser.edpnet.net:5060 out_uri=sip:ser.edpnet.net:5060 via_cnt==1"....
--- the second register:
U 213.219.137.148:5060 -> 212.71.0.90:5060 REGISTER sip:ser.edpnet.net:5060 SIP/2.0..Via: SIP/2.0/UDP 213.219.137.148:50198..Supported: replaces..User-Agent: SIP201 (lp201sip.100a)..Contact: sip:bart@10.0.0.2:5060;expires=60..From: sip:bart@ser.edpnet.net ;tag=a000002-13c4-0-42e-7 fea..To: sip:bart@ser.edpnet.net..Call-ID: a000002-13c4-0-406-79bf-1..CSeq: 1 REGISTER..Content-Length:0.... # U 212.71.0.90:5060 -> 213.219.137.148:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 213.219.137.148:50198;rport=5060..From: sip:bart@ser.edpnet.net ;tag=a000002-13c4-0-42e-7fea..To: sip:bart@ser.edpnet.net;tag=61a88e7fd5f0561d96cde0cc9ecba6d7.9adf..Call-ID : a000002-13c4-0-406-79 bf-1..CSeq: 1 REGISTER..WWW-Authenticate: Digest realm="ser.edpnet.net", nonce="40fb952cf1352a491276a2e811642001d3698340" ..Server: Sip EXpress router (0.8.13-dev-33-usrloc (i386/linux))..Content-Length: 0..Warning: 392 212.71.0.90:5060 "Noisy feedback tells: pid=17817 req_src_ip=213.219.137.148 req_src_port=5060 in_uri=sip:ser.edpnet.net:5060 out_uri=sip:ser.edpnet.net:5060 via_cnt==1".... #
So I guess my UA doesn't resend the request with the proper auth?
thanks, Bart
-----Original Message----- From: Andrei Pelinescu-Onciul [mailto:pelinescu-onciul@fokus.fraunhofer.de] Sent: vrijdag 16 juli 2004 17:22 To: Bart Van Daal Cc: serusers@lists.iptel.org Subject: Re: [Serusers] NAT vs. NoNat authentication
On Jul 16, 2004 at 13:38, Bart Van Daal B.Vandaal@edpnet.net wrote:
Hi,
Is there a difference in authenticating a natted or
non-nated UA using
www_authen? The reason i'm asking is because when my UA is directly connected to the internet it authenticates fine but when
NATed I get
the following error:
parse_headers: flags=4096 0(12877) pre_auth(): Credentials with given realm not found 0(12877) ---:: didn't authorize 0(12877) build_auth_hf(): 'WWW-Authenticate: Digest realm="ser.edpnet.net",
nonce="40f7be4edbd22e214821f2a3937968fc049ae290" '
0(12877) parse_headers: flags=-1
This is normal if it happens only for the first request. Your UA sends the first request without auth. info., the server sends back a negative reply with and auth. header and then your UA is supposed to retry to send the request with proper auth.
In the future please include network dumps.
Andrei