[Users] Remote PSTN gateway

[Klaus Darilion]

hi Christoffer!

Please always cc to the list.

Christoffer Soop wrote:
> Thank you very much! This is more than enough to get me started.
> 
> One small remaining question though:
> 
> Klaus Darilion wrote:
> 
>>>- after the session with the remote proxy has been set up OpenSER either
>>>works as proxy between the client and the remote proxy, or better
>>>transfers the session to the client
>>
>>If you use record_route your proxy stays inbetween the client and the
>>PSTN GW. If not, your proxy stays out of the folowing conversations. But
>>you will loose the ability to account BYE messages, and will have
>>problem when doing NAT traversal.
> 
> In my scenario our proxy is the only one which should be able to
> authenticate to the PSTN gateway.  If the client talks directly to the
> PSTN gateway will it have to re-supply the credentials?

There are different credentials:
1. The credentials between your SIP proxy and your clients.
2. The credentials needed to authenticate to the remote proxy/GW.

Digest authentication is normally used between clients and proxies. 
Thus, if you want to be standard conform, the clients would need 
additional credentials (a second set of realm/username/password) to 
authenticate also against the GW. But this is not supported by most 
clients, and you also do not want to give the GW credentials to you clients.

The problem arises when using digest authentication between proxies. 
This is usually not possible. You would need a B2BUA, which receives the 
calls from your clients, and forward them to the GW with proper 
credentials. openser includes the uac module which can be used for this, 
but you might experience problems using this module as it is not 
standard conform.

Another way to authentication against the GW would be with TLS or based 
on IP addresses (do not use UDP here as it can be spoofed easily).

regards
klaus