[OpenSER-Users] Problem with otg proxy when service provider has two registrars

Christian Schlatter cs at unc.edu
Sun Oct 7 22:57:31 CEST 2007


While there is are no NAPTR records for callcentric.com, there are SRV 
records:

;; ANSWER SECTION:
_sip._udp.callcentric.com. 331  IN      SRV     10 5 5080 
alpha1.callcentric.com.
_sip._udp.callcentric.com. 331  IN      SRV     10 5 5080 
alpha2.callcentric.com.
_sip._udp.callcentric.com. 331  IN      SRV     10 5 5060 
alpha1.callcentric.com.
_sip._udp.callcentric.com. 331  IN      SRV     10 5 5060 
alpha2.callcentric.com.

Your trace doesn't show any DNS SRV queries. What version of openser are 
you using? Versions before 1.1 didn't support NAPTR/SRV queries.

Instead of hard-coding the outbound proxy to the callcentric proxy IP 
address, you could instead use either 'alpha1.callcentric.com' or 
'alpha2.callcentric.com'.

/Christian






Robert Dyck wrote:
> I had already tried configuring the UA with the address of one of the servers 
> ( both IP and domain name ) as well as altering the openser config to force 
> the address. The peculiar thing there is that the registrar does not 
> challenge or even respond at all. It would seem that it ignores REGISTER 
> requests that do not have callcentric.com as the domain name and realm.
> 
> The UA can register with this provider without difficulty when the UA is 
> configured to use STUN and no outgoing proxy. The UA does not do a second DNS 
> lookup. It simply uses the same address for both requests.
> 
> When the UA receives the challenge does it not use the received nonce to 
> encrypt its credentials? I have to admit my knowledge of that subject is 
> shakey. And would this not have to be delivered to the same server that sent 
> the nonce?
> 
> On Saturday 06 October 2007, you wrote:
>> Robert Dyck wrote:
>>> I am more familiar with ethereal. I hope that is OK. Also I have not
>>> edited the dumps so I am sending them privately. Attached are brief and
>>> detailed dumps from ethereal.
>> Your SIP provider is using DNS round-robin which is why openser is
>> forwarding the requests to different IP addresses. This is the first
>> provider I see that is doing DNS RR, this is rather unusual and not what
>> is described by the SIP RFCs.
>>
>> Nevertheless, I still believe that your problem is related to wrong
>> credentials. Both provider registrars should accept your REGISTER with
>> Proxy-Auth header.
>>
>> You could also configure your SIP client with 204.11.192.22 instead of
>> the provider's hostname, this will disable DNS RR and let openser
>> forward the request always to the same host.
>>
>> /Christian
>>
>>> On Saturday 06 October 2007, you wrote:
>>>> Robert Dyck wrote:
>>>>> The second registrar does not send an error code, it simply issues its
>>>>> own challenge. Openser is definitely alternating between registrars. It
>>>>> does not send the credentials to the same registrar that requested
>>>>> them.
>>>>>
>>>>> I could send a trace if it would be helpful.
>>>> Yes, that would be helpful, I'd also like to have a look at the DNS
>>>> traffic. Can you do
>>>>
>>>> tcpdump -i any -s 1500 -w /tmp/trace.pcap
>>>>
>>>> /Christian
> 
> 





More information about the Users mailing list