[Serusers] Advice needed

Michael Ulitskiy mdu113 at acedsl.com
Mon May 23 18:26:26 CEST 2005 

Yes, I guess it's another option. Not that I like it much though :)
BTW I haven't seen providers that support it. 
2all: Have you seen any?
Thanks,

Michael

On Monday 23 May 2005 04:50 am, you wrote:
> just an idea:
> 
> does any PSTN provider supports TLS? If some does you have your auth
> problem solved with the TLS support from SER.
> 
> Samuel
> 
> 
> Unclassified.
> >>> "Greger V. Teigre" <greger at teigre.com> 05/22/05 08:57AM >>>
> See inline.
> 
> Michael Ulitskiy wrote:
> > On Saturday 21 May 2005 02:31 am, you wrote:
> >> I would say SER is what you need, except that you struggle with the
> >> authentication.  You have the following scenarios:
> >> 1. PSTN termination with IP-based access control (easiest)
> >> 2. PSTN termination with authentication of all INVITEs (yes, that's
> >> the UAC module. You should contact the maintainer,  Ramona-Elena
> >> Modroiu about the status. I thought it was reported to work, but
> >> haven't tried myself)
> >> 3. PSTN termination with registration and authentication of
> REGISTER
> >> (but not INVITEs).  Use sipsak to generate a REGISTER for your box.
> >>
> >> #2 requires that all INVITEs are sent twice and is not a very good
> >> option. I would seek out PSTN providers who will give you #1.
> >> g-)
> >
> > UAC module doesn't work and I think won't work unless ser is made
> > call-statefull, 'cause it needs to adjust cseq within dialog. I
> > posted my findings to this list
> > several days ago (UAC module (backport to 0.9.0). Nobody replied so
> I
> > guess
> > nobody knows the way to make it work.
> 
> I saw your post on serusers, yes, but not on serdev. Because you cannot
> make 
> a module work, doesn't mean it doesn't work for all, so as I said, if
> you 
> have found a bug, post it to serdev (preferably) or directly to the 
> maintainer. That's the way open source software work...
> 
> > As for ip auth I guess it's just not good enough. UDP invites don't
> > require any handshake it's not hard at all to spoof ip address. I
> > believe sending 2 invites worth the security it actually adds.
> 
> Yes, but you can also do TCP.
> 
> > Also I don't understand what you mean by #3. Taking ip address from
> > authenticated REGISTER and then doing IP auth on that?
> 
> No, using sipsak to actually do a REGISTER on behalf of your ser. No IP
> 
> auth, basically it makes your ser a registered client of the GW.  Of
> course, 
> if INVITEs still must be authenticated, you are back to the UAC module
> 
> problem.
> 
> g-)
> 
> 
> > Thanks,
> >
> > Michael
> >
> >> Michael Ulitskiy wrote:
> >>> Hello,
> >>>
> >>> I'd like ask for advice on what is in your opinion the best
> solution
> >>> in the following scenario.
> >>> I have a bunch of sip servers (asterisk boxes as my users need pbx
> >>> functionality) that can make sip call to each other and my PSTN
> >>> gateway. Now I want to purchase PSTN terminitaion in several
> >>> different markets (and probably more in the future). All those
> >>> terminations will require authentication.
> >>> I want all my boxes when they see non-local call to send it to a
> >>> central routing server that would determine where this call should
> >>> be sent and authenticate to the appropriate provider so that I
> don't
> >>> have to configure all credentials on all asterisk boxes. Also I
> want
> >>> it not to deal with the media at all. All media streams should go
> >>> directly from asterisk box to the PSTN termination provider.
> >>> So basically it should be central SIP router that is able to
> >>> authenticate calls if neccessary.
> >>> I thought I could do it with SER and its UAC module, but it
> appears
> >>> UAC module doesn't work and probably won't work (see my previous
> >>> post in this list about UAC backport to 0.9.0).
> >>> Also I don't want to use asterisk in this place as asterisk always
> >>> wants to stay in media path and I'd really like to avoid of
> getting
> >>> into hassle with re-invites.
> >>> So the question is what are my options and what you would advice
> >>> as a solution. Are there any software out there that can do it
> >>> (preferably open-source, of course) or what else you could suggest
> >>> to do to get desired results.
> >>> Thanks a lot,
> >>
> >>
> >
> > --
> > See you later,
> >                    Michael
> >
> >
> > ------------------------------------------------------- 
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org 
> http://lists.iptel.org/mailman/listinfo/serusers
>

More information about the sr-users mailing list