hi Christoffer!
Please always cc to the list.
Christoffer Soop wrote:
Thank you very much! This is more than enough to get me started.
One small remaining question though:
Klaus Darilion wrote:
- after the session with the remote proxy has been set up OpenSER either
works as proxy between the client and the remote proxy, or better transfers the session to the client
If you use record_route your proxy stays inbetween the client and the PSTN GW. If not, your proxy stays out of the folowing conversations. But you will loose the ability to account BYE messages, and will have problem when doing NAT traversal.
In my scenario our proxy is the only one which should be able to authenticate to the PSTN gateway. If the client talks directly to the PSTN gateway will it have to re-supply the credentials?
There are different credentials: 1. The credentials between your SIP proxy and your clients. 2. The credentials needed to authenticate to the remote proxy/GW.
Digest authentication is normally used between clients and proxies. Thus, if you want to be standard conform, the clients would need additional credentials (a second set of realm/username/password) to authenticate also against the GW. But this is not supported by most clients, and you also do not want to give the GW credentials to you clients.
The problem arises when using digest authentication between proxies. This is usually not possible. You would need a B2BUA, which receives the calls from your clients, and forward them to the GW with proper credentials. openser includes the uac module which can be used for this, but you might experience problems using this module as it is not standard conform.
Another way to authentication against the GW would be with TLS or based on IP addresses (do not use UDP here as it can be spoofed easily).
regards klaus
-
Klaus Darilion