[Serusers] SER + Asterisk

sip sip at infinideas.com
Thu May 25 21:17:29 CEST 2006 

You have a proxy authorize block in your INVITE block, which will require the
client to send auth credentials. If it doesn't, it gets that error (which
usually is a signal to the client to then go ahead and send the credentials). 




On Thu, 25 May 2006 19:43:46 +0100, Edgar Barbosa wrote
> Hi all,
> 
> I'm trying to deploy a scenario where I have an openser as a sip proxy
> (taking care of registrations) in front of an asterisk (to handle 
> pstn call routing/billing/etc).
> 
> Both openser and asterisk authenticate users on the same database, 
> and I'm able to register a UA on both.
> 
> The problem is when I try to relay calls from openser to asterisk. I 
> always get the following error: SIP/2.0 407 Proxy Authentication Required
> 
> What am I missing here?
> 
> My openser.cfg is the following:
> 
> debug=3         # debug level (cmd line: -dddddddddd)
> fork=yes
> #log_stderror=no # (cmd line: -E)
> 
> # Uncomment these lines to enter debugging mode 
> #fork=no
> log_stderror=yes
> 
> listen=192.168.64.102
> sip_warning=no
> 
> #advertised_address=192.168.1.102
> 
> reply_to_via=no
> check_via=no    # (cmd. line: -v)
> dns=no           # (cmd. line: -r)
> rev_dns=no      # (cmd. line: -R)
> port=5060
> children=4
> fifo="/tmp/ser_fifo"
> 
> # ------------------ module loading ----------------------------------
> 
> # Uncomment this if you want to use SQL database
> loadmodule "/usr/lib/openser/modules/mysql.so"
> 
> loadmodule "/usr/lib/openser/modules/sl.so"
> loadmodule "/usr/lib/openser/modules/tm.so"
> loadmodule "/usr/lib/openser/modules/rr.so"
> loadmodule "/usr/lib/openser/modules/maxfwd.so"
> loadmodule "/usr/lib/openser/modules/usrloc.so"
> loadmodule "/usr/lib/openser/modules/registrar.so"
> loadmodule "/usr/lib/openser/modules/nathelper.so"
> loadmodule "/usr/lib/openser/modules/textops.so"
> loadmodule "/usr/lib/openser/modules/xlog.so"
> loadmodule "/usr/lib/openser/modules/auth.so"
> loadmodule "/usr/lib/openser/modules/auth_db.so"
> 
> # -- usrloc params --
> # Flush every 60 sec
> modparam("usrloc", "db_mode", 0)
> 
> # -- auth params --
> modparam("auth_db", "db_url", "XXX")
> modparam("auth_db", "user_column", "accountcode")
> #modparam("auth_db", "domain_column", "accountcode")
> modparam("auth_db", "calculate_ha1", 1)
> modparam("auth_db", "password_column", "secret")
> 
> # -- replication auth param --
> modparam("auth", "secret", "mysecret")
> 
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy
> modparam("rr", "enable_full_lr", 1)
> 
> route{
> 
>         # initial sanity checks -- messages with
>         # max_forwards==0, or excessively long requests
>         if (!mf_process_maxfwd_header("10")) {
>                 sl_send_reply("483","Too Many Hops");
>                 return;
>         };
>         if ( msg:len > max_len ) {
>                 sl_send_reply("513", "Message too big");
>                 return;
>         };
> 
>         force_rport();
>         fix_nated_contact();
> 
>         if(uri == myself)
>         { 
>                 if(method == "REGISTER") 
>                 {
>                         # Make sure they are a valid user on our 
> proxy                        if(!www_authorize("", "astaccount"))    
>                      {                                xlog("L_INFO", 
> "Req Auth For %ct, URI = %ru\n");                                
> www_challenge("", "1");                                return;       
>                  };
> 
>                         xlog("L_INFO", "Registered Contact %ct,  URI 
> = %ru\n");                        save("location");
> 
>                         return;
>                 };
>         };
> 
>         record_route();
> 
>         # -----------------------------------------------------------
> -------
> 
>         # loose-route processing
>         if(loose_route())
>         {
>                 xlog("L_INFO", "loose_route(): Looking up %rm URI 
> %ru from %is\n");                lookup("location");               
>  xlog("L_INFO", "loose_route(): t_relay() %rm to URI %ru\n");        
>         t_relay();                return;        };
> 
>         if(method == "INVITE")
>             {
> 
>                 # Assume it came from one of our VoIP phones, all 
> routing is done by Asterisk                        xlog("L_INFO",
>  "%rm came from a VoIP phone (%is), attempting to authorize %fu\n");
> 
>                         # Make sure they are a valid user on our 
> proxy                        if (!www_authorize("", "astaccount"))   
>                      {                                   
> www_challenge("", "0");                                  
>  xlog("L_INFO", "Failed to authorize %fu
> (%is)\n");                                   return;                 
>        };
> 
>                         # Found a match, this is going to a VoIP 
> phone                        xlog("L_INFO", "Auth OK, sending URI 
> %ru to Asterisk for routing\n");                       
>  rewritehostport("192.168.64.103:5060");
> 
>                 xlog("L_INFO", "INVITE New URI = %ru, t_relay()ing 
> now\n");                t_relay();                # forward(uri:host,
>  uri:port);                return;        };
> 
>         # -----------------------------------------------------------
> -------
> 
>         # forward to current uri now; use stateful forwarding; that
>         # works reliably even if we forward from TCP to UDP
>         lookup("location");
>         xlog("L_INFO", "Default t_relay() (method = %rm, URI = %ru,
>  >From = %is)\n");        if(!t_relay())         {               
>  xlog("L_INFO", "Failed sending requesting %rm URI (%ru)\n");        
>         sl_reply_error();        }; }
> 
> Thanks for your help
> 
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list