[SR-Users] INVITE proxy auth

Daniel-Constantin Mierla miconda at gmail.com
Tue Mar 4 21:57:26 CET 2014 

Hello,

a proxy cannot authenticate itself with username and password without 
breaking RFC (respectively cseq sequence numbers). The best and the 
standard practice is to accept the traffic from the proxy based on 
source IP.

Cheers,
Daniel

On 04/03/14 20:38, Marc Soda wrote:
> Hey all,
>
> I have a pretty general SIP question that I'm hoping some of you can
> shed some light on.  I hope this ok for the list.
>
> I am setting up a SIP proxy with Kamailio.  The backend server
> (Asterisk in my case) requires authentication.  Is it standard/best
> practice to require a proxy to authenticate to a backend server for
> INVITEs?
>
> I am already registering, with authentication, on behalf of the
> client, i.e, the client registers to the proxy, then the proxy
> registers to the backend server, all with authentication.  I was
> hoping not to have to do this on INVITEs, but if I don't I'm left with
> the following:
>
> client                        proxy                        backend
>    |     -------INVITE------->   |                             |
>    |     <--------407---------   |                             |
>    |     ---------ACK-------->   |                             |
>    |     ----INVITE(auth)---->   |                             |
>    |     <--------100---------   |                             |
>    |                             |     -------INVITE------->   |
>    |                             |     <--------401---------   |
>    |                             |     ---------ACK-------->   |
>    |     <--------401---------   |                             |
>    |     ---------ACK-------->   |                             |
>    |     ----INVITE(auth)---->   |                             |
>    |     <--------100---------   |                             |
>    |                             |     ----INVITE(auth)---->   |
>    |                             |     <--------100---------   |
>    |                             |     <---------OK---------   |
>    |     <---------OK---------   |                             |
>    |     ---------ACK-------->   |                             |
>    |                             |     ---------ACK-------->   |
>
> It works, but, it's terrible...
>
> Before I try to make it work differently, what do you all think it should do?
>
> Marc
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

More information about the sr-users mailing list