[Serusers] SER and the SPA3000

Klaus Darilion klaus.mailinglists at pernau.at
Tue Aug 10 02:11:28 CEST 2004 


Greg Fausak wrote:
> This is an interesting problem.
> I would venture to say that if you did NOT authenticate
> for those calls that you pass to a spa-3000, then that would work...
> that is, if your SERPROXY doesn't authenticate.
> 
> is it possible that the problem is trying to authorize
> twice...once for your UAC<->SERPROXY and then the
> UAC<->SERPROXY<->UAS(SPA3000)
> 
> Can you have multiple credentials in the same SIP packet?
> Seems like it should work...

SIP allows multiple credentials in one request. These credentials differ 
in the realm string. So using the same realm for 2 hops does not work as 
long as the hops are not synchronized in producing the nonce. Maybe it 
can work if the proxy uses proxy-authentication and the SIPURA uses 
www_authentication.

Nevertheless I don't have any glue why ser blocks the 401 response from 
the SIPURA. Please post a SIP message dump.

regards,
klaus

> 
> Sorry, not much help I know.  Do you have a packet trace?
> 
> ---greg
> 
> 
> On Aug 9, 2004, at 3:39 PM, Andres wrote:
> 
>>
>> Juha Heinanen wrote:
>>
>>> andres,
>>>
>>> how about selecting the gw in ser based on caller's domain?
>>>
>>>
>> There is just one domain (all our subs belong to one domain).  And the 
>> gateways are the SPA3000 which register dynamically as simply another 
>> UA.  So gateways cannot be thought of as in the traditional sense.  
>> Even if they had static IPs, it would be a nightmare to manage say 
>> 1000 FXO personal gateways.
>>
>> The way this works for example is a sub purchases 2 accounts.  Account 
>> 1000 is for UA1(ATA186 for example) and account 1001 is for the 
>> FXO1(Sipura 3000).  Both are separate hardware devices located in 
>> different places(and both register with SER).  UA1 places a call to 
>> 1001, the FXO port will answer and give him local dial tone.  UA1 then 
>> passess DTMF digits to the local telco attached to the FXO1.  But the 
>> sub does not want anybody on our network to access line 1001, just 
>> those predefined on the FXO1 username/password digest definition 
>> (inside the SPA3000 config).
>>
>> UA1 (1000) ------>SER--------->FXO1 (1001) ----> PSTN
>>
>> There are other ways to authenticate the caller like via a PIN or 
>> Caller ID.  But we are trying to see if digest authentication is also 
>> possible.
>>
>>> -- juha
>>>
>>>
>>
>> -- 
>> Andres
>> Network Admin
>> http://www.telesip.net
>>
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
> Greg Fausak
> www.AddaBrand.com
> (US) 469-546-1265
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
>

More information about the sr-users mailing list