[serusers]: trusted table(permissions module)

Kamal.Mann at t-systems.com Kamal.Mann at t-systems.com
Fri Nov 3 15:40:26 CET 2006


Hi All
Now SER is trusting packates from trusted table IP and in the following part of route(3) of Invite message handler allow_trusted results 'true' and it directly bypasses this code. 
if (!allow_trusted()) 
{ 
	if (!proxy_authorize("","subscriber")) 
	{
		proxy_challenge("","0");
		break;
	} 
	else if (!check_from()) 
	{
		sl_send_reply("403", "Use From=ID");
		break;
	};
	consume_credentials();
};
But after in route(1) its sending 407-proxy auth required to trusted ip of sip_AS. Please help me out of this dilemma.

Thanks in anticipation
Kamal Mann

-----Original Message-----
From: serusers-bounces at lists.iptel.org [mailto:serusers-bounces at lists.iptel.org] On Behalf Of Andrey Kuprianov
Sent: Thursday, November 02, 2006 1:13 PM
To: serusers at iptel.org
Subject: Re: [serusers]: trusted table(permissions module)

The one you attached, didnt have a semicolon. Anyway, try using a
fresh copy of a ready made ser.cfg.

  Bests,

   Andrey.

On 11/2/06, Kamal.Mann at t-systems.com <Kamal.Mann at t-systems.com> wrote:
> Yup I always do the same, Might be copy paste error. Its having semicolon & working fine here.
>
> Regards
> Kamal Mann
>
> -----Original Message-----
> From: Andrey Kuprianov [mailto:andrey.kouprianov at gmail.com]
> Sent: Thursday, November 02, 2006 10:34 AM
> To: serusers at iptel.org
> Subject: Re: [serusers]: trusted table(permissions module)
>
> Hi Kamal,
>
> Whenever you modified your ser.cfg did you restart SER after? Did you
> check your ser.cfg for errors using "ser -c" command? I found some
> errors in your ser.cfg code. For instance, inside the main route
> block, your "if", which processes INVITEs, is missing a semicolon at
> the end of the block.
>
> if (method=="INVITE")
> {
> #       sl_send_reply("404", "INVITE  ");
>        route(3);
>                break;
> }   <----- missing semicolon here
>
>
> If you are comfortable with your current ser.cfg, that's ok, but I'd
> suggest you start with a fresh one, make your trusted table work, and
> then add a "REFER" processing, like in your currect ser.cfg. Just
> download one fresh ser.cfg from iptel.org site and add your
> allow_trusted() "if" clause there.
>
>  Regards,
>
>    Andrey.
>
>
> On 11/2/06, Kamal.Mann at t-systems.com <Kamal.Mann at t-systems.com> wrote:
> > Hi
> > Please find ser.cfg enclosed.
> >
> > Trusted table entry:
> > +---------------+-------+--------------+
> > | src_ip        | proto | from_pattern |
> > +---------------+-------+--------------+
> > | 10.25.119.156 | any   | ^sip:.*$     |
> > +---------------+-------+--------------+
> > 1 row in set (0.00 sec)
> >
> > Thanks in anticipation
> > Kamal Mann
> > -----Original Message-----
> > From: serusers-bounces at lists.iptel.org [mailto:serusers-bounces at lists.iptel.org] On Behalf Of Andrey Kuprianov
> > Sent: Wednesday, November 01, 2006 7:03 PM
> > To: serusers at iptel.org
> > Subject: Re: [serusers]: trusted table(permissions module)
> >
> >  Hi Kamal,
> >
> > I understand your setup. Nevertheless, it will be difficult to figure
> > out your problem, w/o your ser.cfg file at hand. Also, send a trusted
> > table query result (i.e. that row which contains entry for your
> > SIP-AS).
> >
> >   Regards,
> >
> >     Andrey.
> >
> > On 11/1/06, Kamal.Mann at t-systems.com <Kamal.Mann at t-systems.com> wrote:
> > > Hi All
> > > In my scenario I need ser to communicate with my SIP-AS. This SIP-AS is having an application xyz running on it. This XYZ sends an invite to URI "A at xcv.de" which is a subscriber in SER and this is in TO header of Invite msg & FROM header contains another URI test at xcv.de but this URI (test at xcv.de) isn't registered / subscribed to SER. I need SER trust all packets from SIP-AS ip. BUT SER is sending 407 reply of INVITE to XYZ application! IP in trusted table is of SIP-AS on top of which XYZ application is running.
> > >
> > > Thanks in anticipation
> > > Kamal Mann
> > >
> > > -----Original Message-----
> > > From: Maciej Żwirski [mailto:mzwirek at poczta.fm]
> > > Sent: Wednesday, November 01, 2006 3:20 PM
> > > To: serusers at lists.iptel.org
> > > Subject: Re: [serusers]: trusted table(permissions module)
> > >
> > > Kamal.Mann at t-systems.com wrote:
> > >
> > > > Hi All
> > > >
> > > > I made an entry /"10.25.119.156, any, ^sip:.*$"/ into trusted table so
> > > > that any packet sent from 10.25.119.156 would be trusted by SER and
> > > > don't ask for its credentials. But SER is replying *407- proxy* auth
> > > > needed!!  After this I tried with permissions.allow file:
> > > >
> > > Hi,
> > > I had the same issue while interconnecting SER and Asterisk. It turned
> > > out to be an issue on Asterisk side (I had the same user added for SER
> > > and Asterisk, so the poor thing couldn't authorize either :)) So you
> > > could check if the 407 you're getting is from SER or from the remote host.
> > >
> > > Regards,
> > > Maciej Zwirski
> > >
> > > ----------------------------------------------------------------------
> > > Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
> > >
> > > _______________________________________________
> > > Serusers mailing list
> > > Serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
> > > _______________________________________________
> > > Serusers mailing list
> > > Serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
> > >
> >
> >
> >
>



More information about the sr-users mailing list