Hi,
I was wondering how I can route my SER users to other SIP servers, without need of authentication to other server.
I mean this:
My User -> Auth -> My SER
My SER -> Auth -> Other SIP Server
My User --------make call--------> My SER --------route call-------> Other SIP Server
Thank you.
Kaveh
__________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
I've just been playing with this myself.
There is a function, uac_auth, in the uac module which can be used to authenticate a challenge from another SIP server. Unfortunately it has the following problems:
1. Does not handle increment of the cseq. At least in my experience this causes authentication failure, you may have better luck. 2. Missing quotes in the auth header sent by the other server causes parse errors. 3. Digest comparison is case sensitive (DIGEST in auth header causes parse error).
2 and 3 are easy to fix but 1 is a major problem for SER as there is no dialog state kept between requests.
Mark
On 10/7/05, KaveH Aasaraai asi_ka@yahoo.com wrote:
Hi,
I was wondering how I can route my SER users to other SIP servers, without need of authentication to other server.
I mean this:
My User -> Auth -> My SER
My SER -> Auth -> Other SIP Server
My User --------make call--------> My SER --------route call-------> Other SIP Server
Thank you.
Kaveh
Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I read the the first line without the word "this" almost fell backwards off my chair.....
I have looked into this also, the second sip server you need to ensure that no auth is done, but then this means you need to be able to trust what is coming from the first ser, which can be done in terms of IP, but then this can be spoofed.
What would be nice is to have SER itself authenticate, i.e instead of each call being authenticaterd, autheticate the entire box, and then possibly have a open connection between the two, which if no traffic passes for sometime is dropped, and then re-intiated when next call comes in.
Iqbal
Mark Aiken wrote:
I've just been playing with this myself.
There is a function, uac_auth, in the uac module which can be used to authenticate a challenge from another SIP server. Unfortunately it has the following problems:
- Does not handle increment of the cseq. At least in my experience
this causes authentication failure, you may have better luck. 2. Missing quotes in the auth header sent by the other server causes parse errors. 3. Digest comparison is case sensitive (DIGEST in auth header causes parse error).
2 and 3 are easy to fix but 1 is a major problem for SER as there is no dialog state kept between requests.
Mark
On 10/7/05, *KaveH Aasaraai* <asi_ka@yahoo.com mailto:asi_ka@yahoo.com> wrote:
Hi, I was wondering how I can route my SER users to other SIP servers, without need of authentication to other server. I mean this: My User -> Auth -> My SER My SER -> Auth -> Other SIP Server My User --------make call--------> My SER --------route call-------> Other SIP Server Thank you. Kaveh __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com _______________________________________________ Serusers mailing list serusers@lists.iptel.org <mailto:serusers@lists.iptel.org> http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
On 10/10/05, Iqbal iqbal@gigo.co.uk wrote:
I read the the first line without the word "this" almost fell backwards off my chair.....
heh
I have looked into this also, the second sip server you need to ensure
that no auth is done, but then this means you need to be able to trust what is coming from the first ser, which can be done in terms of IP, but then this can be spoofed.
But if you are peering with an ITSP that does requires authentication its a problem. Some do some dont.
What would be nice is to have SER itself authenticate, i.e instead of
each call being authenticaterd, autheticate the entire box, and then possibly have a open connection between the two, which if no traffic passes for sometime is dropped, and then re-intiated when next call comes in Iqbal
proxy-proxy SSL using stunnel + X.509 certs works great for this if you own both proxies.
Mark Aiken wrote:
I've just been playing with this myself.
There is a function, uac_auth, in the uac module which can be used to authenticate a challenge from another SIP server. Unfortunately it has the following problems:
- Does not handle increment of the cseq. At least in my experience
this causes authentication failure, you may have better luck. 2. Missing quotes in the auth header sent by the other server causes parse errors. 3. Digest comparison is case sensitive (DIGEST in auth header causes parse error).
2 and 3 are easy to fix but 1 is a major problem for SER as there is no dialog state kept between requests.
Mark
On 10/7/05, *KaveH Aasaraai* <asi_ka@yahoo.com mailto:asi_ka@yahoo.com> wrote:
Hi,
I was wondering how I can route my SER users to other SIP servers, without need of authentication to other server.
I mean this:
My User -> Auth -> My SER
My SER -> Auth -> Other SIP Server
My User --------make call--------> My SER --------route call-------> Other SIP Server
Thank you.
Kaveh
Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Serusers mailing list serusers@lists.iptel.org mailto:serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
read
"I've just been playing with this myself." without the word "this" :-)
My peering with alot is based on IP, but it would be nice if we could do what asterisk does, and allow a user/pass auth method, so you could just buy sip accounts from providers, and route to each account based upon prefix.
Iqbal
Mark Aiken wrote:
On 10/10/05, *Iqbal* <iqbal@gigo.co.uk mailto:iqbal@gigo.co.uk> wrote:
I read the the first line without the word "this" almost fell backwards off my chair.....heh
I have looked into this also, the second sip server you need to ensure that no auth is done, but then this means you need to be able to trust what is coming from the first ser, which can be done in terms of IP, but then this can be spoofed.But if you are peering with an ITSP that does requires authentication its a problem. Some do some dont.
What would be nice is to have SER itself authenticate, i.e instead of each call being authenticaterd, autheticate the entire box, and then possibly have a open connection between the two, which if no traffic passes for sometime is dropped, and then re-intiated when next call comes in Iqbalproxy-proxy SSL using stunnel + X.509 certs works great for this if you own both proxies.
Mark Aiken wrote: > I've just been playing with this myself. > > There is a function, uac_auth, in the uac module which can be used to > authenticate a challenge from another SIP server. Unfortunately it has > the following problems: > > 1. Does not handle increment of the cseq. At least in my experience > this causes authentication failure, you may have better luck. > 2. Missing quotes in the auth header sent by the other server causes > parse errors. > 3. Digest comparison is case sensitive (DIGEST in auth header causes > parse error). > > 2 and 3 are easy to fix but 1 is a major problem for SER as there is > no dialog state kept between requests. > > > Mark > > On 10/7/05, *KaveH Aasaraai* < asi_ka@yahoo.com <mailto:asi_ka@yahoo.com> > <mailto:asi_ka@yahoo.com <mailto:asi_ka@yahoo.com>>> wrote: > > Hi, > > I was wondering how I can route my SER users to other > SIP servers, without need of authentication to other > server. > > I mean this: > > My User -> Auth -> My SER > > My SER -> Auth -> Other SIP Server > > > My User --------make call--------> My SER > --------route call-------> Other SIP Server > > > Thank you. > > Kaveh > > > > > __________________________________ > Yahoo! Mail - PC Magazine Editors' Choice 2005 > http://mail.yahoo.com > > _______________________________________________ > Serusers mailing list > serusers@lists.iptel.org <mailto:serusers@lists.iptel.org> <mailto:serusers@lists.iptel.org <mailto:serusers@lists.iptel.org>> > http://lists.iptel.org/mailman/listinfo/serusers > > >------------------------------------------------------------------------ > >_______________________________________________ >Serusers mailing list >serusers@lists.iptel.org <mailto:serusers@lists.iptel.org> >http://lists.iptel.org/mailman/listinfo/serusers > >
Hi,
I have same call scheme with Kaveh. Does any body have implement it or have experience for this scheme. Please sahre to me / us (in ser.cfg sample will be appreciated).
> On 10/7/05, *KaveH Aasaraai* < asi_ka@yahoo.com<mailto:asi_ka@yahoo.com> > <mailto: asi_ka@yahoo.com <mailto:asi_ka@yahoo.com>>> wrote: > > Hi, > > I was wondering how I can route my SER users to other > SIP servers, without need of authentication to other > server. > > I mean this: > > My User -> Auth -> My SER > > My SER -> Auth -> Other SIP Server > > > My User --------make call--------> My SER > --------route call-------> Other SIP Server > > > Thank you. > > Kaveh > > _______________________________________________ > Serusers mailing list > Serusers@iptel.org <mailto:Serusers@iptel.org> <mailto:Serusers@iptel.org <mailto:Serusers@iptel.org>> > http://mail.iptel.org/mailman/listinfo/serusers > >
> >_______________________________________________ >Serusers mailing list >Serusers@iptel.org <mailto:Serusers@iptel.org> > http://mail.iptel.org/mailman/listinfo/serusers > >
Serusers mailing list Serusers@iptel.org http://mail.iptel.org/mailman/listinfo/serusers
-
Asep Saifudin -
Iqbal -
KaveH Aasaraai -
Mark Aiken