[Serusers] X-Lite and SER (again) New info
Marcelo Schmidt
mschmidt at equinix.com
Wed Jul 23 21:00:40 CEST 2003
Jesus: I found no changes between xten1.x and 2.0, both versions work
the same way. However if you're running your ser on 192.168.1.2, you
will need to set your xtem "Send Internal IP" field to "On". I'd tried
without any NAT involved first as Wasik mentioned below. Also double
check that your SIP_DOMAIN has the right value, otherwise the serctl add
will create an user that www_authorize() won't be able to match. In
short words, your SIP_DOMAIN has to be set to the same value (realm) you
set in ser.conf if (!www_authorize("myrealm.com", "subscriber")).
-m
-----Original Message-----
From: Wasik, Paul [mailto:Paul.Wasik at ipc.com]
Sent: Wednesday, July 23, 2003 10:57 AM
To: Maxim Sobolev; Jesus Rodriguez
Cc: serusers at lists.iptel.org
Subject: RE: [Serusers] X-Lite and SER (again) New info
The only way I have ever gotten Xten v1.0 or 2.0 to work with SER is to
set the "Send Internal IP" field to "On". Even without NAT involved.
Once I did that it worked fine ever since for me.
-----Original Message-----
From: Maxim Sobolev [mailto:sobomax at portaone.com]
Sent: Wednesday, July 23, 2003 1:51 PM
To: Jesus Rodriguez
Cc: serusers at lists.iptel.org
Subject: Re: [Serusers] X-Lite and SER (again) New info
You are better off to contact X-Ten instead, because it is clearly a
problem with X-Lite, not SER.
-Maxim
Jesus Rodriguez wrote:
> Hello,
>
> I'm sorry to come back again with this topic :( ... i've installed a
> new
SER
> from cvs (rel_0_8_11) and when trying to register X-Lite 2.0, X-Lite
> does
not
> send authentication information. As before, i can register an ATA186,
> a
SNOM
> 100 phone and SIPPS but no X-Lite. I think the problem is in my X-Lite
> configuration and that it's my fault but after looking up and down i
> can't find the problem.
>
> This is X-Lite configuration:
>
> SIP Proxy
> Enabled: yes
> User Name: 1000
> Authorization user: 1000
> Password: 1000
> Domain/Realm: voztelecom.net
> SIP Proxy: 192.168.1.2:5060
> Out Bound Proxy:
> Proxy Mode: Normal
> Send Internal IP: Off
>
>
> These are the X-Lite logs. The most strange thing is that it does not
answer
> the auth requests from SER (below is Cisco ATA REGISTER log and SER
> configuration):
>
> SEND >> 192.168.1.2:5060
> REGISTER sip:voztelecom.net SIP/2.0
> Via: SIP/2.0/UDP 192.168.1.203:5060
> From: <sip:1000 at voztelecom.net>
> To: <sip:1000 at voztelecom.net>
> Contact: "JesusR" <sip:1000 at 192.168.1.203:5060>
> Call-ID: 3148BBBEBC4F47F2A43768FD845E6663 at voztelecom.net
> CSeq: 11222 REGISTER
> Expires: 500
> User-Agent: X-Lite build 1047
> Content-Length: 0
>
>
> RECEIVE << 192.168.1.2:5060
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/UDP 192.168.1.203:5060
> From: <sip:1000 at voztelecom.net>
> To:
> <sip:1000 at voztelecom.net>;tag=b27e1a1d33761e85846fc98f5f3a7e58.d844
> Call-ID: 3148BBBEBC4F47F2A43768FD845E6663 at voztelecom.net
> CSeq: 11222 REGISTER
> WWW-Authenticate: Digest realm="voztelecom.net",
> nonce="3f1ebf0bae9c2713e34ed6c6c066884d61da2c46"
> Server: Sip EXpress router (0.8.11rc1 (i386/linux))
> Content-Length: 0
> Warning: 392 192.168.1.2:5060 "Noisy feedback tells: pid=27562
req_src_ip=192.168.1.203 req_src_port=5060 in_uri=sip:voztelecom.net
out_uri=sip:voztelecom.net via_cnt==1"
>
>
> RECEIVE << 192.168.1.2:5060
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/UDP 192.168.1.203:5060
> From: <sip:1000 at voztelecom.net>
> To:
> <sip:1000 at voztelecom.net>;tag=b27e1a1d33761e85846fc98f5f3a7e58.d844
> Call-ID: 3148BBBEBC4F47F2A43768FD845E6663 at voztelecom.net
> CSeq: 11222 REGISTER
> WWW-Authenticate: Digest realm="voztelecom.net",
> nonce="3f1ebf0bae9c2713e34ed6c6c066884d61da2c46"
> Server: Sip EXpress router (0.8.11rc1 (i386/linux))
> Content-Length: 0
> Warning: 392 192.168.1.2:5060 "Noisy feedback tells: pid=27563
req_src_ip=192.168.1.203 req_src_port=5060 in_uri=sip:voztelecom.net
out_uri=sip:voztelecom.net via_cnt==1"
>
>
> SEND >> 192.168.1.2:5060
> REGISTER sip:voztelecom.net SIP/2.0
> Via: SIP/2.0/UDP 192.168.1.203:5060
> From: <sip:1000 at voztelecom.net>
> To: <sip:1000 at voztelecom.net>
> Contact: "JesusR" <sip:1000 at 192.168.1.203:5060>
> Call-ID: 3148BBBEBC4F47F2A43768FD845E6663 at voztelecom.net
> CSeq: 11224 REGISTER
> Expires: 500
> User-Agent: X-Lite build 1047
> Content-Length: 0
>
>
> RECEIVE << 192.168.1.2:5060
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/UDP 192.168.1.203:5060
> From: <sip:1000 at voztelecom.net>
> To:
> <sip:1000 at voztelecom.net>;tag=b27e1a1d33761e85846fc98f5f3a7e58.d844
> Call-ID: 3148BBBEBC4F47F2A43768FD845E6663 at voztelecom.net
> CSeq: 11224 REGISTER
> WWW-Authenticate: Digest realm="voztelecom.net",
> nonce="3f1ebf0fe0eb06e006bfa17508318525b23a1672"
> Server: Sip EXpress router (0.8.11rc1 (i386/linux))
> Content-Length: 0
> Warning: 392 192.168.1.2:5060 "Noisy feedback tells: pid=27562
req_src_ip=192.168.1.203 req_src_port=5060 in_uri=sip:voztelecom.net
out_uri=sip:voztelecom.net via_cnt==1"
>
>
> RECEIVE << 192.168.1.2:5060
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/UDP 192.168.1.203:5060
> From: <sip:1000 at voztelecom.net>
> To:
> <sip:1000 at voztelecom.net>;tag=b27e1a1d33761e85846fc98f5f3a7e58.d844
> Call-ID: 3148BBBEBC4F47F2A43768FD845E6663 at voztelecom.net
> CSeq: 11224 REGISTER
> WWW-Authenticate: Digest realm="voztelecom.net",
> nonce="3f1ebf0fe0eb06e006bfa17508318525b23a1672"
> Server: Sip EXpress router (0.8.11rc1 (i386/linux))
> Content-Length: 0
> Warning: 392 192.168.1.2:5060 "Noisy feedback tells: pid=27563
req_src_ip=192.168.1.203 req_src_port=5060 in_uri=sip:voztelecom.net
out_uri=sip:voztelecom.net via_cnt==1"
>
>
> This is Cisco ATA REGISTER log which send the reply to auth request
> from
SER:
>
>
>>>SIP <<
>
> Trying 1st IP ADDR c0a80102
> proxy=192.168.1.2:5060
> [0]REGISTER Retry 0
> [0:0] Tx Msg to 192.168.1.2:5060
>
> REGISTER sip:192.168.1.2 SIP/2.0
> Via: SIP/2.0/UDP 192.168.1.202:5060
> From: <sip:1001 at 192.168.1.2;user=phone>;tag=4183361925
> To: <sip:1001 at 192.168.1.2;user=phone>
> Call-ID: 2881434130 at 192.168.1.202
> CSeq: 1 REGISTER
> Contact:
> <sip:1001 at 192.168.1.202:5060;user=phone;transport=udp>;expires=60
> User-Agent: Cisco ATA 186 v2.16 ata18x (030401a)
> Content-Length: 0
>
>
> [0]Rx Msg from 192.168.1.2:5060
>
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/UDP 192.168.1.202:5060
> From: <sip:1001 at 192.168.1.2;user=phone>;tag=4183361925
> To:
<sip:1001 at 192.168.1.2;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.9
cf4
> Call-ID: 2881434130 at 192.168.1.202
> CSeq: 1 REGISTER
> WWW-Authenticate: Digest realm="voztelecom.net",
nonce="3f1ec1149f7590fd4532ba8c63a36a9123360fa0"
> Server: Sip EXpress router (0.8.11rc1 (i386/linux))
> Content-Length: 0
> Warning: 392 192.168.1.2:5060 "Noisy feedback tells: pid=27563
req_src_ip=192.168.1.202 req_src_port=5060 in_uri=sip:192.168.1.2
out_uri=sip:192.168.1.2 via_cnt==1"
>
>
> [0]Reg Resp 401; Unauthorized
> [0]REGISTER Retry 0
> [0:0] Tx Msg to 192.168.1.2:5060
>
> REGISTER sip:192.168.1.2 SIP/2.0
> Via: SIP/2.0/UDP 192.168.1.202:5060
> From: <sip:1001 at 192.168.1.2;user=phone>;tag=4183361925
> To: <sip:1001 at 192.168.1.2;user=phone>
> Call-ID: 2881434130 at 192.168.1.202
> CSeq: 2 REGISTER
> Contact:
> <sip:1001 at 192.168.1.202:5060;user=phone;transport=udp>;expires=60
> User-Agent: Cisco ATA 186 v2.16 ata18x (030401a)
> Authorization: Digest
>
username="1001",realm="voztelecom.net",nonce="3f1ec1149f7590fd4532ba8c63
a36a
9123360fa0",uri="sip:192.168.1.2",response="9cedb192d83009a19e3bf610c2d1
3b85
"
> Content-Length: 0
>
>
> [0]Rx Msg from 192.168.1.2:5060
>
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP 192.168.1.202:5060
> From: <sip:1001 at 192.168.1.2;user=phone>;tag=4183361925
> To:
<sip:1001 at 192.168.1.2;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.9
cf4
> Call-ID: 2881434130 at 192.168.1.202
> CSeq: 2 REGISTER
> Contact:
<sip:1001 at 192.168.1.202:5060;user=phone;transport=udp>;q=0.00;expires=60
> Server: Sip EXpress router (0.8.11rc1 (i386/linux))
> Content-Length: 0
> Warning: 392 192.168.1.2:5060 "Noisy feedback tells: pid=27562
req_src_ip=192.168.1.202 req_src_port=5060 in_uri=sip:192.168.1.2
out_uri=sip:192.168.1.2 via_cnt==1"
>
> [0]Reg Resp 200; OK
> [0]Reg OK (60)
>
>
>
> And this is SER configuration:
>
> #
> # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
> #
> # simple quick-start config script
> #
>
> # ----------- global configuration parameters ------------------------
>
> debug=3 # debug level (cmd line: -dddddddddd)
> fork=yes
> log_stderror=yes # (cmd line: -E)
>
> /* Uncomment these lines to enter debugging mode
> debug=7
> fork=no
> log_stderror=yes
> */
>
> check_via=no # (cmd. line: -v)
> dns=no # (cmd. line: -r)
> rev_dns=no # (cmd. line: -R)
> port=5060
> children=4
> fifo="/tmp/ser_fifo"
>
> # ------------------ module loading ----------------------------------
>
> # Uncomment this if you want to use SQL database
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
>
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
>
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
>
> # ----------------- setting module-specific parameters ---------------
>
> # -- usrloc params --
>
> #modparam("usrloc", "db_mode", 0)
>
> # Uncomment this if you want to use SQL database
> # for persistent storage and comment the previous line
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc","db_url","sql://ser:heslo@192.168.1.3/ser")
>
> # -- auth params --
> # Uncomment if you are using auth module
> #
> modparam("auth_db","db_url","sql://ser:heslo@192.168.1.3/ser")
> modparam("auth_db", "calculate_ha1", yes)
> #
> # If you set "calculate_ha1" parameter to yes (which true in this
> config), # uncomment also the following parameter) #
> modparam("auth_db", "password_column", "password")
>
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy modparam("rr",
> "enable_full_lr", 1)
>
> # ------------------------- request routing logic -------------------
>
> # main routing logic
>
> alias="voztelecom.net"
> alias="devel.voztelecom.net"
> alias="192.168.1.2"
>
> route{
>
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if (len_gt( max_len )) {
> sl_send_reply("513", "Message too big");
> break;
> };
>
> # we record-route all messages -- to make sure that
> # subsequent messages will go through our proxy; that's
> # particularly good if upstream and downstream entities
> # use different transport protocol
> record_route();
> # loose-route processing
> if (loose_route()) {
> t_relay();
> break;
> };
>
> # if the request is for other domain use UsrLoc
> # (in case, it does not work, use the following command
> # with proper names and addresses in it)
> if (uri==myself) {
> # if (uri=~"voztelecom.net" || uri=~"192\.168\.1\.2") {
>
> if (method=="REGISTER") {
>
> # Uncomment this if you want to use digest authentication
> if (!www_authorize("voztelecom.net",
"subscriber")) {
> www_challenge("voztelecom.net", "0");
> break;
> };
>
> save("location");
> break;
> };
>
> # native SIP destinations are handled using our USRLOC
DB
> if (!lookup("location")) {
> sl_send_reply("404", "Not Found");
> break;
> };
> };
> # forward to current uri now; use stateful forwarding; that
> # works reliably even if we forward from TCP to UDP
> if (!t_relay()) {
> sl_reply_error();
> };
>
> }
>
>
> Thanks in advance for your help.
>
> Saludos
> JesusR.
>
> -------------------------------
> Jesus Rodriguez
> VozTelecom Sistemas, S.L.
> jesusr at voztele.com
> http://www.voztele.com
> Tel. 902360305
> -------------------------------
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
_______________________________________________
Serusers mailing list
serusers at lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers at lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list