[Serusers] NAT vs. NoNat authentication
Bart Van Daal
B.Vandaal at edpnet.net
Mon Jul 19 11:38:49 CEST 2004
Thank you Andrei,
this is the ngrep output from 'ngrep bart port 5060'. I'm only
connecting the natted phone:
#
U 213.219.137.148:5060 -> 212.71.0.90:5060
REGISTER sip:ser.edpnet.net:5060 SIP/2.0..Via: SIP/2.0/UDP
213.219.137.148:50198..Supported: replaces..User-Agent: SIP201
(lp201sip.100a)..Contact: <sip:bart at 10.0.0.2:5060>;expires=60..From:
<sip:bart at ser.edpnet.net> ;tag=a000002-13c4-0-42e-7
fea..To: <sip:bart at ser.edpnet.net>..Call-ID:
a000002-13c4-0-406-79bf-1..CSeq: 1 REGISTER..Content-Length:0....
#
U 212.71.0.90:5060 -> 213.219.137.148:5060
SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
213.219.137.148:50198;rport=5060..From: <sip:bart at ser.edpnet.net>
;tag=a000002 -13c4-0-42e-7fea..To:
<sip:bart at ser.edpnet.net>;tag=61a88e7fd5f0561d96cde0cc9ecba6d7.9adf..Call-ID
: a000002-13c4-0-406-79
bf-1..CSeq: 1 REGISTER..WWW-Authenticate: Digest realm="ser.edpnet.net",
nonce="40fb952b226d9f0726f09c5fda8db0fe3b9a47d2"
..Server: Sip EXpress router (0.8.13-dev-33-usrloc
(i386/linux))..Content-Length: 0..Warning: 392 212.71.0.90:5060 "Noisy
feedback tells: pid=17817 req_src_ip=213.219.137.148 req_src_port=5060
in_uri=sip:ser.edpnet.net:5060 out_uri=sip:ser.edpnet.net:5060
via_cnt==1"....
--- the second register:
U 213.219.137.148:5060 -> 212.71.0.90:5060
REGISTER sip:ser.edpnet.net:5060 SIP/2.0..Via: SIP/2.0/UDP
213.219.137.148:50198..Supported: replaces..User-Agent: SIP201
(lp201sip.100a)..Contact: <sip:bart at 10.0.0.2:5060>;expires=60..From:
<sip:bart at ser.edpnet.net> ;tag=a000002-13c4-0-42e-7
fea..To: <sip:bart at ser.edpnet.net>..Call-ID:
a000002-13c4-0-406-79bf-1..CSeq: 1 REGISTER..Content-Length:0....
#
U 212.71.0.90:5060 -> 213.219.137.148:5060
SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
213.219.137.148:50198;rport=5060..From: <sip:bart at ser.edpnet.net>
;tag=a000002-13c4-0-42e-7fea..To:
<sip:bart at ser.edpnet.net>;tag=61a88e7fd5f0561d96cde0cc9ecba6d7.9adf..Call-ID
: a000002-13c4-0-406-79
bf-1..CSeq: 1 REGISTER..WWW-Authenticate: Digest realm="ser.edpnet.net",
nonce="40fb952cf1352a491276a2e811642001d3698340"
..Server: Sip EXpress router (0.8.13-dev-33-usrloc
(i386/linux))..Content-Length: 0..Warning: 392 212.71.0.90:5060 "Noisy
feedback tells: pid=17817 req_src_ip=213.219.137.148 req_src_port=5060
in_uri=sip:ser.edpnet.net:5060 out_uri=sip:ser.edpnet.net:5060
via_cnt==1"....
#
So I guess my UA doesn't resend the request with the proper auth?
thanks,
Bart
> -----Original Message-----
> From: Andrei Pelinescu-Onciul
> [mailto:pelinescu-onciul at fokus.fraunhofer.de]
> Sent: vrijdag 16 juli 2004 17:22
> To: Bart Van Daal
> Cc: serusers at lists.iptel.org
> Subject: Re: [Serusers] NAT vs. NoNat authentication
>
> On Jul 16, 2004 at 13:38, Bart Van Daal <B.Vandaal at edpnet.net> wrote:
> > Hi,
> >
> > Is there a difference in authenticating a natted or
> non-nated UA using
> > www_authen? The reason i'm asking is because when my UA is directly
> > connected to the internet it authenticates fine but when
> NATed I get
> > the following error:
> >
> > parse_headers: flags=4096
> > 0(12877) pre_auth(): Credentials with given realm not found
> > 0(12877) ---:: didn't authorize
> > 0(12877) build_auth_hf(): 'WWW-Authenticate: Digest
> > realm="ser.edpnet.net",
> nonce="40f7be4edbd22e214821f2a3937968fc049ae290" '
> > 0(12877) parse_headers: flags=-1
>
>
> This is normal if it happens only for the first request. Your
> UA sends the first request without auth. info., the server
> sends back a negative reply with and auth. header and then
> your UA is supposed to retry to send the request with proper auth.
>
> In the future please include network dumps.
>
> Andrei
>
More information about the sr-users
mailing list