Hello,

a proxy cannot authenticate itself with username and password without breaking RFC (respectively cseq sequence numbers). The best and the standard practice is to accept the traffic from the proxy based on source IP.

Cheers, Daniel

On 04/03/14 20:38, Marc Soda wrote:

Hey all,

I have a pretty general SIP question that I'm hoping some of you can shed some light on. I hope this ok for the list.

I am setting up a SIP proxy with Kamailio. The backend server (Asterisk in my case) requires authentication. Is it standard/best practice to require a proxy to authenticate to a backend server for INVITEs?

I am already registering, with authentication, on behalf of the client, i.e, the client registers to the proxy, then the proxy registers to the backend server, all with authentication. I was hoping not to have to do this on INVITEs, but if I don't I'm left with the following:

client proxy backend | -------INVITE-------> | | | <--------407--------- | | | ---------ACK--------> | | | ----INVITE(auth)----> | | | <--------100--------- | | | | -------INVITE-------> | | | <--------401--------- | | | ---------ACK--------> | | <--------401--------- | | | ---------ACK--------> | | | ----INVITE(auth)----> | | | <--------100--------- | | | | ----INVITE(auth)----> | | | <--------100--------- | | | <---------OK--------- | | <---------OK--------- | | | ---------ACK--------> | | | | ---------ACK--------> |

It works, but, it's terrible...

Before I try to make it work differently, what do you all think it should do?

Marc

---

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users