[OpenSER-Users] Need help with proxy_authorize for NATed UA

Bogdan-Andrei Iancu bogdan at voice-system.ro
Fri May 30 10:18:24 CEST 2008 

Hi Mark,

What exactly you mean by failed ? does openser receive the INVITE ? does 
openser sends back a reply? what reply is? also does the client receive 
the reply?

A wild guess - try to put force_rport() before the auth part....

Regards,
Bogdan

mark morreny wrote:
> Hi,
>
> I am using the same UA and Openser to do two tests.  For the first 
> case, UA is pointing to the external IP of openser.; the other test 
> points the UA to openser's local ip.  Registering is ok for both 
> cases, but when I try to do an INVITE, the UA pointing to the local IP 
> works whereas the one pointing to the external IP fails during 
> proxy_authorize. 
>
> 88.251.45.4 <http://88.251.45.4> -> external ip of the entire network
> 192.168.1.104 <http://192.168.1.104> -> openser's local ip
> 192.168.1.100 <http://192.168.1.100> -> UA's local ip
>
> Here is the INVITE with authentication digest from the UA pointing to 
> the external IP address of openser:
>
> U 88.251.45.4:59864 <http://88.251.45.4:59864> -> 192.168.1.104:5060 
> <http://192.168.1.104:5060>
> INVITE sip:1005 at 88.251.45.4 <mailto:sip%3A1005 at 88.251.45.4> SIP/2.0.
> Via: SIP/2.0/UDP 
> 192.168.1.100:17480;branch=z9hG4bK-d87543-ea31ca6af52bd14c-1--d87543-;rport.
> Max-Forwards: 70.
> Contact: <sip:1006 at 88.251.45.4:59864 <http://sip:1006@88.251.45.4:59864>>.
> To: "1005"<sip:1005 at 88.251.45.4 <mailto:sip%3A1005 at 88.251.45.4>>.
> From: "1006"<sip:1006 at 88.251.45.4 
> <mailto:sip%3A1006 at 88.251.45.4>>;tag=d21e4745.
> Call-ID: NGFlOTRmNTg3ZDFlYzJlYzdhNTlhNzZmMDRlOTJmOGY..
> CSeq: 2 INVITE.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, 
> SUBSCRIBE, INFO.
> Content-Type: application/sdp.
> Proxy-Authorization: Digest username="1006",realm="88.251.45.4 
> <http://88.251.45.4>",nonce="483edcaf82beda80a0c91fc75f486b8fd3f7bbc3",uri="sip:1005 at 88.251.45.4 
> <mailto:sip%3A1005 at 88.251.45.4>",response="4423a99e44bb7266912de3a4af752b3f",cnonce="ece582bf4b1708b67bd1e86952313a63",nc=00000001,qop=auth,algorithm=MD5.
> User-Agent: X-Lite release 1011s stamp 41150.
> Content-Length: 423.
> .
> v=0.
> o=- 1 2 IN IP4 192.168.1.100 <http://192.168.1.100>.
> s=CounterPath X-Lite 3.0.
> c=IN IP4 192.168.1.100 <http://192.168.1.100>.
> t=0 0.
> m=audio 34842 RTP/AVP 107 119 100 106 0 105 98 8 101.
> a=alt:1 1 : bIn/n4cp vm9zXwFh 192.168.1.100 <http://192.168.1.100> 34842.
> a=fmtp:101 0-15.
> a=rtpmap:107 BV32/16000.
> a=rtpmap:119 BV32-FEC/16000.
> a=rtpmap:100 SPEEX/16000.
> a=rtpmap:106 SPEEX-FEC/16000.
> a=rtpmap:105 SPEEX-FEC/8000.
> a=rtpmap:98 iLBC/8000.
> a=rtpmap:101 telephone-event/8000.
> a=sendrecv.
>
>
> Here is the INVITE resend from the UA pointing to openser's local IP:
>
> U 192.168.1.100:50314 <http://192.168.1.100:50314> -> 
> 192.168.1.104:5060 <http://192.168.1.104:5060>
> INVITE sip:1005 at 192.168.1.104 <mailto:sip%3A1005 at 192.168.1.104> SIP/2.0.
> Via: SIP/2.0/UDP 
> 192.168.1.100:50314;branch=z9hG4bK-d87543-c34be44e3704d673-1--d87543-;rport.
> Max-Forwards: 70.
> Contact: <sip:1006 at 192.168.1.100:50314 
> <http://sip:1006@192.168.1.100:50314>>.
> To: "1005"<sip:1005 at 192.168.1.104 <mailto:sip%3A1005 at 192.168.1.104>>.
> From: "1006"<sip:1006 at 192.168.1.104 
> <mailto:sip%3A1006 at 192.168.1.104>>;tag=d4048226.
> Call-ID: YTc4OTE2NmIyMWRkMjk3ZGNmYmY4OTg3NTQ5NWRhZDI..
> CSeq: 2 INVITE.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, 
> SUBSCRIBE, INFO.
> Content-Type: application/sdp.
> Proxy-Authorization: Digest username="1006",realm="192.168.1.104 
> <http://192.168.1.104>",nonce="483ede954fef336afd24141e99d516b0b7d9091a",uri="sip:1005 at 192.168.1.104 
> <mailto:sip%3A1005 at 192.168.1.104>",response="1b77bf191fef631049bd6d6b7dcc9094",cnonce="e96a7e7d9677c4c41952bce7ac2a36e2",nc=00000001,qop=auth,algorithm=MD5.
> User-Agent: X-Lite release 1011s stamp 41150.
> Content-Length: 423.
> .
> v=0.
> o=- 7 2 IN IP4 192.168.1.100 <http://192.168.1.100>.
> s=CounterPath X-Lite 3.0.
> c=IN IP4 192.168.1.100 <http://192.168.1.100>.
> t=0 0.
> m=audio 14816 RTP/AVP 107 119 100 106 0 105 98 8 101.
> a=alt:1 1 : SP8QJ5e9 96jlnBkg 192.168.1.100 <http://192.168.1.100> 14816.
> a=fmtp:101 0-15.
> a=rtpmap:107 BV32/16000.
> a=rtpmap:119 BV32-FEC/16000.
> a=rtpmap:100 SPEEX/16000.
> a=rtpmap:106 SPEEX-FEC/16000.
> a=rtpmap:105 SPEEX-FEC/8000.
> a=rtpmap:98 iLBC/8000.
> a=rtpmap:101 telephone-event/8000.
> a=sendrecv.
>
> The openser script associated wit proxy_authorize is :
>
> if (!proxy_authorize("","subscriber")) {
>                     xlog("not authorize need to do proxy challenge\n");
>                             proxy_challenge("","1");
>                             exit;
>                         }
>
> What could be wrong with my setup?
>
> Thanks in advance for your help.
>
> Thanks,
> Mark
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>

More information about the sr-users mailing list