[OpenSER-Users] Reg. Proxy authentication

Padmaja padmaja.rv at vodcalabs.com
Wed Jan 23 14:10:22 CET 2008


Hi,

Thanks for the reply. Both the gateways in the set up are in the same domain 
as the proxy and everything is inside LAN. So either gateway is challenged 
depending upon whichever has intiated the invite. Is there a logic I can use 
to change the openser config file so the in-dialog invite is also 
challenged?

Thanks,
Padmaja
----- Original Message ----- 
From: "Klaus Darilion" <klaus.mailinglists at pernau.at>
To: "Padmaja" <padmaja.rv at vodcalabs.com>
Cc: <users at lists.openser.org>
Sent: Wednesday, January 23, 2008 3:36 PM
Subject: Re: [OpenSER-Users] Reg. Proxy authentication


>
>
> Padmaja schrieb:
>> Hi all,
>> Please see the call flow below:
>>
>> GW1                        Proxy                    GW2
>> |-----invite----------->|                             |
>> |<------407-----------|                             |
>> |-----invite w/cred--->|                             |
>> |                                  |-----Invite------->|
>> |<------------200 Ok---------------------|
>> |----------------Ack--------------------->|
>> |                                                                |
>> |                                  |<----ReInvite -----|
>> |
>>
>> When the proxy receives the Reinvite below from GW 2, should it again 
>> challenge it for proxy authentication or simply forward the call to the 
>> GW1? The openser proxy in our lab simply forwards the Invite without 
>> asking for authentication this time. However, I need to test the 
>> situation, where the proxy asks for authentication for the Reinvite. Is 
>> this possible?
>
> This is a difficult question. If GW2 is known to your proxy, the proxy can 
> challenge GW2. (if the GW supports authentication at all).
>
> Often the domain in the From URI is used to find out if a SIP client is a 
> "local" user or from another domain. Local users will get challenged, 
> external users not. But using From header domain works only for initial 
> INVITE and can not be used reliable for reINVITEs.
>
> Thus, usually in-dialog requests will not be challenged. Thus, its a 
> matter of your policy and depends if you provide an open SIP service (like 
> e.g. iptel.org, FWD ...) or if you are in a closed environment were every 
> SIP client is known to have credentials to authenticate against the proxy.
>
> regards
> klaus
>
>>
>> Please let me know.
>>
>> Thanks,
>> Padmaja _______________________________________________
>> Users mailing list
>> Users at lists.openser.org
>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
> 





More information about the sr-users mailing list