5 Oct
2005
5 Oct
'05
7:42 a.m.
Situation:
client1 ----->openser1 ----> openser2 ---->client2
Both openser have same accounts (user/pass)
When im not using proxy authentification it works ok.
If i use it it gives me 407
i have tried to use following
http://www.voice-system.ro/docs/uac/ar01s06.html#ex_auth
and always goes executing this part
if (isflagset(7)) {
t_reply("503","Authentication failed");
break;
}
I look at ngrep log, and it is some thing like this
ser1 -> ser2 INVITE
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
It seems to me that openser1 cannot authentificate on openser2.
Thanks in advance
5 Oct
5 Oct
8:02 a.m.
proxy2proxy authentication is usually done by TLS.
The problem is that both proxies use different nonce to authenticate.
You can try to set the secret on both proxies:
http://openser.org/docs/modules/0.10.x/auth.html#AEN62
regards
klaus
Taras Bendik wrote:
Situation:
client1 ----->openser1 ----> openser2 ---->client2
Both openser have same accounts (user/pass)
When im not using proxy authentification it works ok.
If i use it it gives me 407
i have tried to use following
http://www.voice-system.ro/docs/uac/ar01s06.html#ex_auth
and always goes executing this part
if (isflagset(7)) {
t_reply("503","Authentication failed");
break;
}
I look at ngrep log, and it is some thing like this
ser1 -> ser2 INVITE
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
It seems to me that openser1 cannot authentificate on openser2.
Thanks in advance
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
8:40 a.m.
Hi Klaus,
TLS: Is this feature already tested with version 0.10.x? Is it necessary that
both proxies are under the same root-CA or is it possible to define different
trust anchors by distributing root certificates? Or do I need a cross-path
mechanism to deal with this problem?
proxy2proxy authentication is usually done by TLS.
The problem is that both proxies use different nonce to authenticate.
You can try to set the secret on both proxies:
http://openser.org/docs/modules/0.10.x/auth.html#AEN62
regards
klaus
Taras Bendik wrote:
Situation:
client1 ----->openser1 ----> openser2 ---->client2
Both openser have same accounts (user/pass)
When im not using proxy authentification it works ok.
If i use it it gives me 407
i have tried to use following
http://www.voice-system.ro/docs/uac/ar01s06.html#ex_auth
and always goes executing this part
if (isflagset(7)) {
t_reply("503","Authentication failed");
break;
}
I look at ngrep log, and it is some thing like this
ser1 -> ser2 INVITE
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
It seems to me that openser1 cannot authentificate on openser2.
Thanks in advance
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
8:53 a.m.
Alexander Philipp Lintenhofer wrote:
Hi Klaus,
TLS: Is this feature already tested with version 0.10.x? Is it necessary
that
both proxies are under the same root-CA or is it possible to define
different
up to now I did not tested it, I just read the README. If I understand
it correctly, than you can import as man CA certs as you like.
trust anchors by distributing root certificates? Or do
I need a cross-path
mechanism to deal with this problem?
At the moment I'm having problems figuring out how the server
certificate must look like.
e.g. a lookup for sip:klaus@example.net may lead to another domain using
SRV. Which domain must be in the certificate? Where in the certificate
(Subject? Subject alternative name? ...)
regards
klaus
proxy2proxy authentication is usually done by
TLS.
The problem is that both proxies use different nonce to authenticate.
You can try to set the secret on both proxies:
http://openser.org/docs/modules/0.10.x/auth.html#AEN62
regards
klaus
Taras Bendik wrote:
Situation:
client1 ----->openser1 ----> openser2 ---->client2
Both openser have same accounts (user/pass)
When im not using proxy authentification it works ok.
If i use it it gives me 407
i have tried to use following
http://www.voice-system.ro/docs/uac/ar01s06.html#ex_auth
and always goes executing this part
if (isflagset(7)) {
t_reply("503","Authentication failed");
break;
}
I look at ngrep log, and it is some thing like this
ser1 -> ser2 INVITE
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
It seems to me that openser1 cannot authentificate on openser2.
Thanks in advance
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
10 a.m.
On 10/5/05, Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Alexander Philipp Lintenhofer wrote:
In principle, it should work. You must append the public key of the trusted
root to the "trusted CAs" file specified in the config file ... I have
tested with only one, but there should be no problem.
If you want to use the UAC module instead, yes, all the proxies should
share the same secret. Check also that the proxies time is not too skewed
... if you have big time differences (more than a few minutes, the nonce
provided becomes invalid).
Cesc
Hi Klaus,
TLS: Is this feature already tested with version 0.10.x? Is it necessary
that
both proxies are under the same root-CA or is it possible to define
different
up to now I did not tested it, I just read the README. If I understand
it correctly, than you can import as man CA certs as you like.
6839
days inactive
6839
days old
4 comments
4 participants
participants (4)
-
Alexander Philipp Lintenhofer -
Cesc -
Klaus Darilion -
Taras Bendik