[OpenSER-Users] Problem with otg proxy when service provider has two registrars

Robert Dyck rob.dyck at telus.net
Sun Oct 7 07:27:05 CEST 2007


I had already tried configuring the UA with the address of one of the servers 
( both IP and domain name ) as well as altering the openser config to force 
the address. The peculiar thing there is that the registrar does not 
challenge or even respond at all. It would seem that it ignores REGISTER 
requests that do not have callcentric.com as the domain name and realm.

The UA can register with this provider without difficulty when the UA is 
configured to use STUN and no outgoing proxy. The UA does not do a second DNS 
lookup. It simply uses the same address for both requests.

When the UA receives the challenge does it not use the received nonce to 
encrypt its credentials? I have to admit my knowledge of that subject is 
shakey. And would this not have to be delivered to the same server that sent 
the nonce?

On Saturday 06 October 2007, you wrote:
> Robert Dyck wrote:
> > I am more familiar with ethereal. I hope that is OK. Also I have not
> > edited the dumps so I am sending them privately. Attached are brief and
> > detailed dumps from ethereal.
>
> Your SIP provider is using DNS round-robin which is why openser is
> forwarding the requests to different IP addresses. This is the first
> provider I see that is doing DNS RR, this is rather unusual and not what
> is described by the SIP RFCs.
>
> Nevertheless, I still believe that your problem is related to wrong
> credentials. Both provider registrars should accept your REGISTER with
> Proxy-Auth header.
>
> You could also configure your SIP client with 204.11.192.22 instead of
> the provider's hostname, this will disable DNS RR and let openser
> forward the request always to the same host.
>
> /Christian
>
> > On Saturday 06 October 2007, you wrote:
> >> Robert Dyck wrote:
> >>> The second registrar does not send an error code, it simply issues its
> >>> own challenge. Openser is definitely alternating between registrars. It
> >>> does not send the credentials to the same registrar that requested
> >>> them.
> >>>
> >>> I could send a trace if it would be helpful.
> >>
> >> Yes, that would be helpful, I'd also like to have a look at the DNS
> >> traffic. Can you do
> >>
> >> tcpdump -i any -s 1500 -w /tmp/trace.pcap
> >>
> >> /Christian






More information about the Users mailing list