Hi,
Thanks for the reply. Both the gateways in the set up are in the same domain as the proxy and everything is inside LAN. So either gateway is challenged depending upon whichever has intiated the invite. Is there a logic I can use to change the openser config file so the in-dialog invite is also challenged?
Thanks, Padmaja ----- Original Message ----- From: "Klaus Darilion" klaus.mailinglists@pernau.at To: "Padmaja" padmaja.rv@vodcalabs.com Cc: users@lists.openser.org Sent: Wednesday, January 23, 2008 3:36 PM Subject: Re: [OpenSER-Users] Reg. Proxy authentication
Padmaja schrieb:
Hi all, Please see the call flow below:
GW1 Proxy GW2 |-----invite----------->| | |<------407-----------| | |-----invite w/cred--->| | | |-----Invite------->| |<------------200 Ok---------------------| |----------------Ack--------------------->| | | | |<----ReInvite -----| |
When the proxy receives the Reinvite below from GW 2, should it again challenge it for proxy authentication or simply forward the call to the GW1? The openser proxy in our lab simply forwards the Invite without asking for authentication this time. However, I need to test the situation, where the proxy asks for authentication for the Reinvite. Is this possible?
This is a difficult question. If GW2 is known to your proxy, the proxy can challenge GW2. (if the GW supports authentication at all).
Often the domain in the From URI is used to find out if a SIP client is a "local" user or from another domain. Local users will get challenged, external users not. But using From header domain works only for initial INVITE and can not be used reliable for reINVITEs.
Thus, usually in-dialog requests will not be challenged. Thus, its a matter of your policy and depends if you provide an open SIP service (like e.g. iptel.org, FWD ...) or if you are in a closed environment were every SIP client is known to have credentials to authenticate against the proxy.
regards klaus
Please let me know.
Thanks, Padmaja _______________________________________________ Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users