[Serusers] Routing users to other SIP server

Mark Aiken aiken.mark at gmail.com
Mon Oct 10 17:29:17 CEST 2005


On 10/10/05, Iqbal <iqbal at gigo.co.uk> wrote:
>
> I read the the first line without the word "this" almost fell backwards
> off my chair.....


heh

I have looked into this also, the second sip server you need to ensure
> that no auth is done, but then this means you need to be able to trust
> what is coming from the first ser, which can be done in terms of IP, but
> then this can be spoofed.


But if you are peering with an ITSP that does requires authentication its a
problem. Some do some dont.

What would be nice is to have SER itself authenticate, i.e instead of
> each call being authenticaterd, autheticate the entire box, and then
> possibly have a open connection between the two, which if no traffic
> passes for sometime is dropped, and then re-intiated when next call
> comes in
> Iqbal


proxy-proxy SSL using stunnel + X.509 certs works great for this if you own
both proxies.

Mark Aiken wrote:
>
> > I've just been playing with this myself.
> >
> > There is a function, uac_auth, in the uac module which can be used to
> > authenticate a challenge from another SIP server. Unfortunately it has
> > the following problems:
> >
> > 1. Does not handle increment of the cseq. At least in my experience
> > this causes authentication failure, you may have better luck.
> > 2. Missing quotes in the auth header sent by the other server causes
> > parse errors.
> > 3. Digest comparison is case sensitive (DIGEST in auth header causes
> > parse error).
> >
> > 2 and 3 are easy to fix but 1 is a major problem for SER as there is
> > no dialog state kept between requests.
> >
> >
> > Mark
> >
> > On 10/7/05, *KaveH Aasaraai* <asi_ka at yahoo.com
> > <mailto:asi_ka at yahoo.com>> wrote:
> >
> > Hi,
> >
> > I was wondering how I can route my SER users to other
> > SIP servers, without need of authentication to other
> > server.
> >
> > I mean this:
> >
> > My User -> Auth -> My SER
> >
> > My SER -> Auth -> Other SIP Server
> >
> >
> > My User --------make call--------> My SER
> > --------route call-------> Other SIP Server
> >
> >
> > Thank you.
> >
> > Kaveh
> >
> >
> >
> >
> > __________________________________
> > Yahoo! Mail - PC Magazine Editors' Choice 2005
> > http://mail.yahoo.com
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org <mailto:serusers at lists.iptel.org>
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers at lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20051010/5909e181/attachment.htm>


More information about the sr-users mailing list