[Serusers] Routing users to other SIP server

Iqbal iqbal at gigo.co.uk
Mon Oct 10 17:34:24 CEST 2005


read

"I've just been playing with this myself." without the word "this"  :-)

My peering with alot is based on IP, but it would be nice if we could do 
what asterisk does, and allow a user/pass auth method, so you could just 
buy sip accounts from providers, and route to each account based upon 
prefix.

Iqbal

Mark Aiken wrote:

>
>
> On 10/10/05, *Iqbal* <iqbal at gigo.co.uk <mailto:iqbal at gigo.co.uk>> wrote:
>
>     I read the the first line without the word "this" almost fell
>     backwards
>     off my chair.....
>
>
> heh
>  
>
>     I have looked into this also, the second sip server you need to ensure
>     that no auth is done, but then this means you need to be able to
>     trust
>     what is coming from the first ser, which can be done in terms of
>     IP, but
>     then this can be spoofed.
>
>
> But if you are peering with an ITSP that does requires authentication 
> its a problem. Some do some dont.
>  
>
>     What would be nice is to have SER itself authenticate, i.e instead of
>     each call being authenticaterd, autheticate the entire box, and then
>     possibly have a open connection between the two, which if no traffic
>     passes for sometime is dropped, and then re-intiated when next call
>     comes in
>     Iqbal
>
>
> proxy-proxy SSL using stunnel + X.509 certs works great for this if 
> you own both proxies.
>  
>
>     Mark Aiken wrote:
>
>     > I've just been playing with this myself.
>     >
>     > There is a function, uac_auth, in the uac module which can be
>     used to
>     > authenticate a challenge from another SIP server. Unfortunately
>     it has
>     > the following problems:
>     >
>     > 1. Does not handle increment of the cseq. At least in my experience
>     > this causes authentication failure, you may have better luck.
>     > 2. Missing quotes in the auth header sent by the other server causes
>     > parse errors.
>     > 3. Digest comparison is case sensitive (DIGEST in auth header
>     causes
>     > parse error).
>     >
>     > 2 and 3 are easy to fix but 1 is a major problem for SER as there is
>     > no dialog state kept between requests.
>     >
>     >
>     > Mark
>     >
>     > On 10/7/05, *KaveH Aasaraai* < asi_ka at yahoo.com
>     <mailto:asi_ka at yahoo.com>
>     > <mailto:asi_ka at yahoo.com <mailto:asi_ka at yahoo.com>>> wrote:
>     >
>     >     Hi,
>     >
>     >     I was wondering how I can route my SER users to other
>     >     SIP servers, without need of authentication to  other
>     >     server.
>     >
>     >     I mean this:
>     >
>     >     My User -> Auth -> My SER
>     >
>     >     My SER -> Auth -> Other SIP Server
>     >
>     >
>     >     My User --------make call--------> My SER
>     >     --------route call-------> Other SIP Server
>     >
>     >
>     >     Thank you.
>     >
>     >     Kaveh
>     >
>     >
>     >
>     >
>     >     __________________________________
>     >     Yahoo! Mail - PC Magazine Editors' Choice 2005
>     >     http://mail.yahoo.com
>     >
>     >     _______________________________________________
>     >     Serusers mailing list
>     >     serusers at lists.iptel.org <mailto:serusers at lists.iptel.org>
>     <mailto:serusers at lists.iptel.org <mailto:serusers at lists.iptel.org>>
>     >     http://lists.iptel.org/mailman/listinfo/serusers
>     >
>     >
>     >------------------------------------------------------------------------
>     >
>     >_______________________________________________
>     >Serusers mailing list
>     >serusers at lists.iptel.org <mailto:serusers at lists.iptel.org>
>     >http://lists.iptel.org/mailman/listinfo/serusers
>     >
>     >
>
>




More information about the sr-users mailing list