[SR-Users] Re-invites from carrier breaks the call

Will Ferrer will.ferrer at switchsoft.com
Fri Feb 20 00:16:05 CET 2015 

Hi All

Wow, thanks so much for the conversation on sorting this out.

I think you are right, it is likely a session timer issue.

I found this tag on the 200 ok from the carrier:

Session-Expires: 300;refresher=uas

It may not help anything but I would like to try setting the session-timer
= refuse as Michael suggested.

I did a search for how to do this and came up empty, didn't see in the SST
module. I think I may be missing something simple.

Could any one tell me how to set this up?

Thanks again to every one.

All the best.

Will Ferrer

Switchsoft


On Thu, Feb 19, 2015 at 10:10 AM, Alex Balashov <abalashov at evaristesys.com>
wrote:

> Hi,
>
> On 02/19/2015 12:59 PM, Andres wrote:
>
>  We have struggled with this issue ourselves.  The problem was that we
>> did not want our SIP server to behave like an open relay.  We were
>> seeing that the session-timer Re-Invites have a  Request-URI with the IP
>> of the other
>> endpoint instead of the Proxy.  If the SIP server is an open relay then
>> no problem, but ours is not so the config file was very strict and
>> dropped the Re-Invite (since the Request-URI had an external IP) thus
>> dropping the call.  The config file could be enhanced by testing for
>> has_totag() since the Re-Invite has the totag but an original Invite
>> does not, but the hacker could put a bogus totag and make calls so its
>> more secure to leave it this way.  We ended up disabling session-timers
>> at some our clients PBXs.  Its always a balancing act between
>> convenience/services and more security.  We chose more security.
>>
>
> From a SIP point of view, this is a strange position to take. An "open
> relay" is an idea that normally applies to the unrestricted relay of
> _initial_ requests to foreign domains. Requests flowing within a dialog
> (i.e. loose-routed) are _supposed_ to have an RURI pointing to the
> endpoint's domain: this is known as the "remote target" of a dialog, and is
> set by the Contact URI of both dialog parties.
>
> I suppose it's true that one could compel your proxy to relay a sequential
> request (like a reinvite) to any domain by including a Route header and a
> To-tag, but what effect would this have on the far-end UA? It would not
> match the spoofed request to an existing dialog.
>
> -- Alex
>
> --
> Alex Balashov - Principal
> Evariste Systems LLC
> 235 E Ponce de Leon Ave
> Suite 106
> Decatur, GA 30030
> United States
>
> Tel: +1-678-954-0670
> Web: http://www.evaristesys.com/, http://www.alexbalashov.com/
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150219/ca42d0f3/attachment.html>

More information about the sr-users mailing list