20 Jan
2010
20 Jan
'10
10:18 p.m.
Hello,
I have made some progress since my previous post, but not enough :).
------------- -------- --- --------
|Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk|
------------- -------- --- --------
IP addresses: a.b.c.d q.w.e.r
The SIP softphone(x-lite) is configured to register with the asterisk
server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup as
the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090).
Authentication credentials for the softphone match the user registered
in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio
listening on port 5060.
The asterisk server is setup to listen on port 5060.
The Firewall(F.W), uses a libnetfilter_queue based program to :
(a) Rewrite the destination port 9090 as 5060, and rewrite all other
occurrences of 9090 as 5060 in the SIP message, for packets from the
softphone to the asterisk server.
(b) Rewrite the source port 5060 as 9090, and rewrite all other
occurrences of 5060 as 9090 in the SIP message, for packets from the
asterisk server to the softphone.
The following exchange of SIP messages take place
-Sip softphone sends a REGISTER message to asterisk
-Asterisk responds with a 401 UNAUTHORIZED
-Sip softphone replies with a REGISTER message containing auth. info.
-Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION
The above setup works when the softphone uses port 5060, so there
problem here does not have anything to do with Authorization credentials.
Is it possible i might be modifying parts of the packet that shouldn't
be modified or i might not be modifying some relevant parts of the packet ?
Thanks in advance,
Vikram.
21 Jan
21 Jan
3:54 a.m.
New subject: [Kamailio-Users] Asterisk 403 Forbidden error with port translation
Hello,
On 1/21/10 4:18 AM, Vikram Ragukumar wrote:
Hello,
I have made some progress since my previous post, but not enough :).
------------- -------- --- --------
|Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk|
------------- -------- --- --------
IP addresses: a.b.c.d q.w.e.r
The SIP softphone(x-lite) is configured to register with the asterisk
server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup
as the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090).
Authentication credentials for the softphone match the user registered
in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio
listening on port 5060.
The asterisk server is setup to listen on port 5060.
The Firewall(F.W), uses a libnetfilter_queue based program to :
(a) Rewrite the destination port 9090 as 5060, and rewrite all other
occurrences of 9090 as 5060 in the SIP message, for packets from the
softphone to the asterisk server.
(b) Rewrite the source port 5060 as 9090, and rewrite all other
occurrences of 5060 as 9090 in the SIP message, for packets from the
asterisk server to the softphone.
The following exchange of SIP messages take place
-Sip softphone sends a REGISTER message to asterisk
-Asterisk responds with a 401 UNAUTHORIZED
-Sip softphone replies with a REGISTER message containing auth. info.
-Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION
The above setup works when the softphone uses port 5060, so there
problem here does not have anything to do with Authorization credentials.
Is it possible i might be modifying parts of the packet that shouldn't
be modified or i might not be modifying some relevant parts of the
packet ?
You should run asterisk with debug enabled and see the printed messages
for some hints. Probably people on asterisk ML can help better.
Cheers,
Daniel
--
Daniel-Constantin Mierla
* http://www.asipto.com/
4:18 a.m.
New subject: [Kamailio-Users] Asterisk 403 Forbidden error with port translation
Maybe you have rewritten parts of the message which are used during
calculation of the digest response, e.g. request URI.
regards
klaus
Vikram Ragukumar schrieb:
Hello,
I have made some progress since my previous post, but not enough :).
------------- -------- --- --------
|Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk|
------------- -------- --- --------
IP addresses: a.b.c.d q.w.e.r
The SIP softphone(x-lite) is configured to register with the asterisk
server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup as
the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090).
Authentication credentials for the softphone match the user registered
in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio
listening on port 5060.
The asterisk server is setup to listen on port 5060.
The Firewall(F.W), uses a libnetfilter_queue based program to :
(a) Rewrite the destination port 9090 as 5060, and rewrite all other
occurrences of 9090 as 5060 in the SIP message, for packets from the
softphone to the asterisk server.
(b) Rewrite the source port 5060 as 9090, and rewrite all other
occurrences of 5060 as 9090 in the SIP message, for packets from the
asterisk server to the softphone.
The following exchange of SIP messages take place
-Sip softphone sends a REGISTER message to asterisk
-Asterisk responds with a 401 UNAUTHORIZED
-Sip softphone replies with a REGISTER message containing auth. info.
-Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION
The above setup works when the softphone uses port 5060, so there
problem here does not have anything to do with Authorization credentials.
Is it possible i might be modifying parts of the packet that shouldn't
be modified or i might not be modifying some relevant parts of the packet ?
Thanks in advance,
Vikram.
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
4:56 p.m.
New subject: [Kamailio-Users] Asterisk 403 Forbidden error with port translation
Klaus,Daniel.
Thank you for your responses. Seems like i was overwriting fields used
in computation of the digest response. The call flow works perfectly
when i disable authentication.
Will make necessary modifications to work with digest authentication.
Once again, thank you for your help.
Regards,
Vikram.
Klaus Darilion wrote:
Maybe you have rewritten parts of the message which
are used during
calculation of the digest response, e.g. request URI.
regards
klaus
Vikram Ragukumar schrieb:
> Hello,
>
> I have made some progress since my previous post, but not enough :).
>
> ------------- -------- --- --------
> |Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk|
> ------------- -------- --- --------
> IP addresses: a.b.c.d q.w.e.r
>
> The SIP softphone(x-lite) is configured to register with the asterisk
> server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup
> as the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090).
> Authentication credentials for the softphone match the user registered
> in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio
> listening on port 5060.
>
> The asterisk server is setup to listen on port 5060.
>
> The Firewall(F.W), uses a libnetfilter_queue based program to :
>
> (a) Rewrite the destination port 9090 as 5060, and rewrite all other
> occurrences of 9090 as 5060 in the SIP message, for packets from the
> softphone to the asterisk server.
>
> (b) Rewrite the source port 5060 as 9090, and rewrite all other
> occurrences of 5060 as 9090 in the SIP message, for packets from the
> asterisk server to the softphone.
>
> The following exchange of SIP messages take place
> -Sip softphone sends a REGISTER message to asterisk
> -Asterisk responds with a 401 UNAUTHORIZED
> -Sip softphone replies with a REGISTER message containing auth. info.
> -Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION
>
> The above setup works when the softphone uses port 5060, so there
> problem here does not have anything to do with Authorization credentials.
>
> Is it possible i might be modifying parts of the packet that shouldn't
> be modified or i might not be modifying some relevant parts of the
> packet ?
>
> Thanks in advance,
> Vikram.
>
>
>
> _______________________________________________
> Kamailio (OpenSER) - Users mailing list
> Users(a)lists.kamailio.org
> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
5241
days inactive
5241
days old
3 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
Klaus Darilion -
Vikram Ragukumar