23 Jan
2008
23 Jan
'08
8:10 a.m.
Hi,
Thanks for the reply. Both the gateways in the set up are in the same domain
as the proxy and everything is inside LAN. So either gateway is challenged
depending upon whichever has intiated the invite. Is there a logic I can use
to change the openser config file so the in-dialog invite is also
challenged?
Thanks,
Padmaja
----- Original Message -----
From: "Klaus Darilion" <klaus.mailinglists(a)pernau.at>
To: "Padmaja" <padmaja.rv(a)vodcalabs.com>
Cc: <users(a)lists.openser.org>
Sent: Wednesday, January 23, 2008 3:36 PM
Subject: Re: [OpenSER-Users] Reg. Proxy authentication
Padmaja schrieb:
Hi all,
Please see the call flow below:
GW1 Proxy GW2
|-----invite----------->| |
|<------407-----------| |
|-----invite w/cred--->| |
| |-----Invite------->|
|<------------200 Ok---------------------|
|----------------Ack--------------------->|
| |
| |<----ReInvite -----|
|
When the proxy receives the Reinvite below from GW 2, should it again
challenge it for proxy authentication or simply forward the call to the
GW1? The openser proxy in our lab simply forwards the Invite without
asking for authentication this time. However, I need to test the
situation, where the proxy asks for authentication for the Reinvite. Is
this possible?
This is a difficult question. If GW2 is known to your proxy, the proxy can
challenge GW2. (if the GW supports authentication at all).
Often the domain in the From URI is used to find out if a SIP client is a
"local" user or from another domain. Local users will get challenged,
external users not. But using From header domain works only for initial
INVITE and can not be used reliable for reINVITEs.
Thus, usually in-dialog requests will not be challenged. Thus, its a
matter of your policy and depends if you provide an open SIP service (like
e.g. iptel.org, FWD ...) or if you are in a closed environment were every
SIP client is known to have credentials to authenticate against the proxy.
regards
klaus
Please let me know.
Thanks,
Padmaja _______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users