[Users] trusted IP with accounting

Max Gregorian gregorian442 at googlemail.com
Thu Sep 28 13:15:20 CEST 2006 

Perhaps you misunderstood what I meant.

You were meant to configure XLite directly with provider, then capture a
trace. In the trace you will see the format of the INVITE message and the
format of the 'from' header within the INVITE being sent to provider.

Then use this format exactly as is in your 'uac_replace_from' statement in
OpenSER.


XLite ---> OpenSER (do replace from using IP and Provider Acct. details)
---> Provider ---> PSTN



On 9/28/06, ram <talk2ram at gmail.com> wrote:
>
> Hi
>
> thanks for the reply
>
> its working with Provider, iam able to make calls out
> if i use directly X-lite with provider
> when iam using with openser iam getting the problem
>
> is there any other thing i need to do other than this settings
>
> any suggestions
> Ram
>
>
>  On 9/27/06, Max Gregorian <gregorian442 at googlemail.com> wrote:
> >
> > In my case it was all together as one word, hence:
> >
> > uac_replace_from("sip:* usernamepassword*@foobar.com<usernamepassword at foobar.com>
> > ");
> >
> > It will be whatever your provider asks you to send.
> >
> > Try uac_replace_from("sip:1234554321 at provider.com<1234554321 at provider.com>
> > ");
> >
> > 403 is Forbidden, which basically means the server did not recognise the
> > account number and password combination. Xlite gets a 408 Timeout back as
> > the call fails to connect, again because of the aforementioned. Just in
> > case, also check to make sure you have enough calling credit on the provider
> > account.
> >
> > You can do a quick test by just configuring XLite to connect directly to
> > the Provider and see what it is sending out in the INVITE. Then simply put
> > that in your uac_replace_from statement.
> >
> >
> >
> > On 9/27/06, ram <talk2ram at gmail.com> wrote:
> > >
> > > Hi
> > >
> > > is this valid command ?
> > >
> > > uac_replace_from("sip:username+password at foobar.com ");
> > >
> > >
> > > in my case, i given  ("sip:12345:54321 at provider.com");
> > >
> > > 1234 username
> > > 54321 password
> > > I get message when i debug
> > >
> > > SIP/2.0 403 Payment required. ( on Ser)
> > >
> > > X-lite client i get 408
> > >
> > > Ram
> > >
> > >
> > >
> > > On 9/26/06, Max Gregorian <gregorian442 at googlemail.com > wrote:
> > > >
> > > > We have a similar setup where in our case we send username:password
> > > > together, as in:
> > > >
> > > > uac_replace_from("sip:username+password at foobar.com<username+password at foobar.com>
> > > > ");
> > > >
> > > > The whole idea in using the prepaid account setup, as I described to
> > > > you, was to have the prepaid account do the authentication for you, such
> > > > that the local accounts created from the end user point are not forwarded
> > > > onto your provider as your provider will not know what to do with them, and
> > > > so they will not authenticate..
> > > >
> > > > What I would suggest is to find out how (in what form) the provider
> > > > expects to receive from you (i.e. Openser2 --->Provider). If you are
> > > > already using their service you could probably run a trace on a call or use
> > > > a tool such as ngrep to see what the packet is doing. You can then reproduce
> > > > this functionality however you choose.
> > > >
> > > > The scenario I was reffering to was:
> > > >
> > > >
> > > > user1 ---
> > > >             |
> > > > user2 --- ---> Openser1 (local accts) ---> replace 'From' with
> > > > Provider details (username, etc) ---> Provider ---> PSTN
> > > >             |
> > > > user3 ---
> > > >
> > > > Since the account sent to the Provider is a valid account any way,
> > > > yo then should not have to worry about authentication.
> > > >
> > > > There may be a possibility that the provider is doing a SIP
> > > > Authentication challenge (e.g. sending a 407 or similar back), in
> > > > which case you may need to then send a valid response back. Again you really
> > > > will have to confirm this. You will then at least know how to proceed from
> > > > there.
> > > >
> > > >
> > > > On 9/26/06, ram <talk2ram at gmail.com> wrote:
> > > > >
> > > > > Hi
> > > > >
> > > > > thanks for the reply
> > > > >
> > > > > but when iam replacing the username with provider username,
> > > > > account is rejecting
> > > > > and authorisation failure coming
> > > > >
> > > > > my setup looks like below
> > > > >
> > > > > user----Openser1---Openser2------Provider----PSTN
> > > > >
> > > > > so when the user register locally openser1,
> > > > > when  he dial to us PSTN
> > > > >
> > > > > Openser1 sending calls to openser2, its accepting since i made
> > > > > trusted IP relation
> > > > >
> > > > > but i got account from provider example XXXXXX password YYYYYY
> > > > >
> > > > > when iam replacing and sedning
> > > > >
> > > > > uac_replace_from("sip:XXXXXX at foobar.com <XXXXXX at foobar.com>");
> > > > >
> > > > > i dont mention password, so how will the user authenticate ?
> > > > >  from the provider
> > > > >
> > > > > any help on this case
> > > > >
> > > > > Ram
> > > > >
> > > > >
> > > > >
> > > > > On 9/23/06, Max Gregorian <gregorian442 at googlemail.com > wrote:
> > > > > >
> > > > > > Not sure how you would do this on Asterisk, but what I am doing
> > > > > > with mine (billing by IP) is replacing the from header in the SIP INVITE
> > > > > > with a pre-paid account number for the customer. You will need to load the
> > > > > > UAC module for this, then do something like
> > > > > >
> > > > > > if (src_ip=xxx.xxx.xxx.xxx)
> > > > > > {
> > > > > >   uac_replace_from("sip:PREPAIDACCTNO at foobar.com");
> > > > > > }
> > > > > >
> > > > > > This means that any calls made inbound to OpenSER from that IP
> > > > > > address will have the account number replaced with the pre-paid account
> > > > > > number. How you do billing is then up to you - whether using the Acc module
> > > > > > or whether something can be done on Asterisk, or even a third-party
> > > > > > application. I have heard Asterisk can send DIDs. You can then do something
> > > > > > similar for inbound DIDs from Asterisk.
> > > > > >
> > > > > > Just beware this has some rather obvious security issues, so as
> > > > > > a start, you can try having the customer add a prefix to their local account
> > > > > > numbers which you can then authenticate against. If anyone knows of a better
> > > > > > way, please don't hesitate to share.
> > > > > >
> > > > > >
> > > > > >
> > > > > >  On 9/22/06, ram < talk2ram at gmail.com> wrote:
> > > > > >
> > > > > > >  Hi all
> > > > > > >
> > > > > > > iam trying to deploy trusted IP and Accounting
> > > > > > > so iam bit confused can some one clarify me how can i achive
> > > > > > > this
> > > > > > >
> > > > > > > PSTN--OpenerSER(myserver)------------------Customer(Asterisk or
> > > > > > > ser or any predictive Dialers)---their clients
> > > > > > >
> > > > > > > 1.  how can i give access to the customer to call using his
> > > > > > > IP, and he can creat internal Number of users
> > > > > > > 2. how can i account to his IP address billing in Acc
> > > > > > > 3. how can i forward to DID from myserver to his server
> > > > > > > blindly
> > > > > > > 4. how can i bill that DID billing also, for incoming.
> > > > > > >
> > > > > > > any suggestiong will be great
> > > > > > >
> > > > > > > Ram
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Users mailing list
> > > > > > > Users at openser.org
> > > > > > > http://openser.org/cgi-bin/mailman/listinfo/users
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060928/5aa9673d/attachment.htm>

More information about the sr-users mailing list