[SR-Users] UAC Register Asterisk
Eric Koome
ekoome at yahoo.com
Thu Mar 31 11:49:02 CEST 2016
If using asterisk realtime, create a view of the sip users table with password set to null. This will scale if sharing databases which are replicated.
Then you can use Kamailio to authenticate and Asterisk to handle media.
> On 31 Mar 2016, at 10:21, Alberto Sagredo <alberto.sagredo at avanzada7.com> wrote:
>
> Thanks Daniel.
>
> Will take a look to that.
>
> 2016-03-31 11:06 GMT+02:00 Daniel-Constantin Mierla <miconda at gmail.com>:
>> If Asterisk is still do it the authentication, then likely it is not much gain on overall scalability. Maybe you can just use kamailio as an edge proxy with Path enabled.
>>
>> Otherwise, the requests generated with uac_req_send() don't get in failure_route. You have to set the auth user/password in the $uac_req(...) fields -- see the variables core cookbook for them. On the other hand, this is not enough, you have to deal also with authentication for other requests, such as INVITEs/SUBSCRIBEs/etc.
>>
>> Cheers,
>> Daniel
>>
>>
>>> On 31/03/16 10:57, Alberto Sagredo wrote:
>>> I have it working, authenticating in Kamailio. And just works.
>>>
>>> But there is a farm with lots of Asterisk and i was looking for an easy way to do not modify secret= and permit= on every Asterisk Machine... Thats why i was looking for that..
>>>
>>>
>>>
>>> 2016-03-31 10:55 GMT+02:00 Marrold <kamailio at marrold.co.uk>:
>>>> Why not just authenticate on Kamailio in that case?
>>>>
>>>> Also, be aware that the Authorization Username ($au) is included in SIP digest authentication. $au and $fu aren't necessarily the same, but on most end points the default is to use the same value for both. If you manipulate $fu or $au it may cause auth issues.
>>>>
>>>>> On Thu, Mar 31, 2016 at 9:49 AM, Alberto Sagredo <alberto.sagredo at avanzada7.com> wrote:
>>>>> Hi Marrold. I want to authenticate user on Kamailio but want Asterisk to see them registered with kamailio ip as contact.
>>>>>
>>>>> I making also some manipulations in $fu as users are different (emp_xxx_ext) in kamailio than in Asterisk xxx_ext
>>>>>
>>>>> Thanks
>>>>>
>>>>> 2016-03-31 10:48 GMT+02:00 Marrold <kamailio at marrold.co.uk>:
>>>>>> Why not just relay the registration messages to Asterisk itself? What's the use case?
>>>>>>
>>>>>> Cheers
>>>>>>
>>>>>> On Thu, Mar 31, 2016 at 9:34 AM, Alberto Sagredo <alberto.sagredo at avanzada7.com> wrote:
>>>>>>> Hi
>>>>>>>
>>>>>>> Im trying to modify example for Asterisk/Kamailio integration that miconda did, and trying to handle Forwarded register to Asterisk in an authenticated way instead removing secret in asterisk.
>>>>>>>
>>>>>>> I have made this changes
>>>>>>>
>>>>>>>
>>>>>>> route[REGFWD] {
>>>>>>> if(!is_method("REGISTER"))
>>>>>>> {
>>>>>>> return;
>>>>>>> }
>>>>>>>
>>>>>>> $var(rip) = $var(astip);
>>>>>>> $uac_req(method)="REGISTER";
>>>>>>> $uac_req(ruri)="sip:" + $var(rip) + ":" + $var(astport);
>>>>>>> $uac_req(furi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip);
>>>>>>> $uac_req(turi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip);
>>>>>>> $uac_req(hdrs)="Contact: <sip:" + $au + "@"
>>>>>>> + $sel(cfg_get.kamailio.bindip)
>>>>>>> + ":" + $sel(cfg_get.kamailio.bindport) + ">\r\n";
>>>>>>> if($sel(contact.expires) != $null)
>>>>>>> $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $sel(contact.expires) + "\r\n";
>>>>>>> else
>>>>>>> $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $hdr(Expires) + "\r\n";
>>>>>>>
>>>>>>> xlog("Dentro de REGFWD");
>>>>>>>
>>>>>>> t_on_failure("REG_AST");
>>>>>>>
>>>>>>> uac_req_send();
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> failure_route[REG_AST] {
>>>>>>>
>>>>>>> if (t_is_canceled()) {
>>>>>>> exit;
>>>>>>> }
>>>>>>>
>>>>>>> xlog("Dentro de REG AST");
>>>>>>>
>>>>>>> if(t_check_status("401|407")) {
>>>>>>> xlog("Dentro de 401");
>>>>>>> $avp(auser) = "test";
>>>>>>> $avp(apass) = "test";
>>>>>>> uac_auth();
>>>>>>> t_relay();
>>>>>>> exit;
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>>>> What i see on traces:
>>>>>>>
>>>>>>> U x.x.x..240:5060 -> x.x.x..56:5060
>>>>>>> REGISTER sip:x.x.x.56:5060 SIP/2.0.
>>>>>>> Via: SIP/2.0/UDP x.x.x.240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0.
>>>>>>> To: <sip:200 at x.x.x.56>.
>>>>>>> From: <sip:200 at x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f.
>>>>>>> CSeq: 10 REGISTER.
>>>>>>> Call-ID: 09dc120d65932ed7-16044 at 127.0.0.1.
>>>>>>> Max-Forwards: 70.
>>>>>>> Content-Length: 0.
>>>>>>> User-Agent: ANY.
>>>>>>> Contact: <sip:emp_001_200 at x.x.x.240:5060>.
>>>>>>> Expires: 3600.
>>>>>>> .
>>>>>>>
>>>>>>> #
>>>>>>> U x.x.x.56:5060 -> x.x.x..240:5060
>>>>>>> SIP/2.0 401 Unauthorized.
>>>>>>> Via: SIP/2.0/UDP x.x.x..240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0;received=x.x.x..240;rport=5060.
>>>>>>> From: <sip:200 at x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f.
>>>>>>> To: <sip:200 at x.x.x.56>;tag=as62b47138.
>>>>>>> Call-ID: 09dc120d65932ed7-16044 at 127.0.0.1.
>>>>>>> CSeq: 10 REGISTER.
>>>>>>> Server: FPBX-2.11.0(11.17.1).
>>>>>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE.
>>>>>>> Supported: replaces, timer.
>>>>>>> WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="59e39692".
>>>>>>> Content-Length: 0.
>>>>>>> .
>>>>>>>
>>>>>>>
>>>>>>> But Kamailio is not sending authentication .
>>>>>>>
>>>>>>> Any idea what could be wrong? Or any tip to do what i try.
>>>>>>>
>>>>>>> The idea is that a sip endpoint register with authentication on kamailio and it sends register with authentication to asterisk.
>>>>>>>
>>>>>>> Thanks in advance
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>>>> sr-users at lists.sip-router.org
>>>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>>> sr-users at lists.sip-router.org
>>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>> sr-users at lists.sip-router.org
>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>> --
>> Daniel-Constantin Mierla
>> http://www.asipto.com
>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160331/a9898dce/attachment.html>
More information about the sr-users
mailing list