[Serusers] NAT vs. NoNat authentication
Andrei Pelinescu-Onciul
pelinescu-onciul at fokus.fraunhofer.de
Mon Jul 19 16:17:21 CEST 2004
On Jul 19, 2004 at 11:38, Bart Van Daal <B.Vandaal at edpnet.net> wrote:
> Thank you Andrei,
>
> this is the ngrep output from 'ngrep bart port 5060'. I'm only
> connecting the natted phone:
>
> #
> U 213.219.137.148:5060 -> 212.71.0.90:5060
> REGISTER sip:ser.edpnet.net:5060 SIP/2.0..Via: SIP/2.0/UDP
> 213.219.137.148:50198..Supported: replaces..User-Agent: SIP201
> (lp201sip.100a)..Contact: <sip:bart at 10.0.0.2:5060>;expires=60..From:
> <sip:bart at ser.edpnet.net> ;tag=a000002-13c4-0-42e-7
> fea..To: <sip:bart at ser.edpnet.net>..Call-ID:
> a000002-13c4-0-406-79bf-1..CSeq: 1 REGISTER..Content-Length:0....
Does the phone use STUN?
It's strange it puts the nat ip in Via, but it leaves a private ip in
Contact.
Also the port in via it's not correct (packet comes from
213.219.137.148:5060 but in via you have 213.219.137.148:50198).
Looks like broken nat traversal.
> #
> U 212.71.0.90:5060 -> 213.219.137.148:5060
> SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
> 213.219.137.148:50198;rport=5060..From: <sip:bart at ser.edpnet.net>
> ;tag=a000002 -13c4-0-42e-7fea..To:
> <sip:bart at ser.edpnet.net>;tag=61a88e7fd5f0561d96cde0cc9ecba6d7.9adf..Call-ID
> : a000002-13c4-0-406-79
> bf-1..CSeq: 1 REGISTER..WWW-Authenticate: Digest realm="ser.edpnet.net",
> nonce="40fb952b226d9f0726f09c5fda8db0fe3b9a47d2"
> ..Server: Sip EXpress router (0.8.13-dev-33-usrloc
> (i386/linux))..Content-Length: 0..Warning: 392 212.71.0.90:5060 "Noisy
> feedback tells: pid=17817 req_src_ip=213.219.137.148 req_src_port=5060
> in_uri=sip:ser.edpnet.net:5060 out_uri=sip:ser.edpnet.net:5060
> via_cnt==1"....
>
[...]
> So I guess my UA doesn't resend the request with the proper auth?
Yes. Now the question is if it ever receives the 401 reply (dropped at
the nat?). If it receives it, it might not like it (e.g. it's a buggy UA
which doesn't like rport).
Andrei
More information about the sr-users
mailing list