Hi Cesc!
Nice to have those fixes in a package.
Is your cfg.y-patch to be applied *after* cfg.y.patch was applied or
*instead* of cfg.y.patch?
Or is your version a patched one which replaces the original
implementation as a whole? In that case where's cfg.lex.patch?
Alex Mack
Cesc Santasusana schrieb:
>Hi,
>
>I really hate to be so pushy, but i dont understand how such an important piece of code as TLS is not moving on into CVS ... or anywhere else by this matter. I will keep sending patches till i get tired (soon).
>
>Anyway ... i thought someone may be interested in a compilation fix for cfg.y introduced with the tls_domains (it would not compile if the cfg.y file had been patched but the tls-core files were not there); a bug fix for the session caching (fixed by turning session caching and resumption off); and an extension (the ability to choose the list of allowed ciphers from the config file). Oh, and all the files have been tabbed, instead of spaced (for indentation).
>
>Enjoy!
>
>Cesc
>
>Unclassified
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Serdev mailing list
>serdev(a)lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serdev
>
>
Thank you very much for your answer, Cesc.
Now I have an idea about this issue.
Regards
Victor
>From: "Cesc Santasusana" <cesc.santasusana(a)nl.thalesgroup.com>
>To: <vhuertas(a)hotmail.com>, <serusers(a)lists.iptel.org>
>Subject: Re: [Serusers] Proxy-to-Proxy authentication
>Date: Tue, 03 May 2005 10:53:06 +0200
>
>Hi,
>
>TLS was meant exactly for that. The RFC specifies it as a hop by hop
>security (auth + crypto) mechanism
>
>I think SER has a module that allows it to authenticate via Digest (UAC
>module). I have not tried it, because with the availability of a free TLS
>implementation for SER, and TLS being a mandatory feature for proxies ...
>why go along with such an simple mechanism as digest?
>
>The only poblem many people see with using tls is that it requires a tcp
>connection, thus for high traffic servers it may be a problem (though u can
>use force_tcp_alias, and reuse the same socket for same P2P connections,
>thus reducing the connection setup delay associated with tcp and specially
>with tls).
>
>If tcp/tls is not an option in your network, then probably you could think
>of IPSec (works for both tcp and udp) ... or maybe you want to implement
>something fancier ... say ... tunnel SIP messages withing S/MIME protected
>sip messages :D
>
>Regards,
>
>Cesc
>
> >>> "Victor Huertas Garcia" <vhuertas(a)hotmail.com> 05/02/05 06:01PM >>>
>
>
>Hi all!
>
>I'm newie in this mailing list and I am working with SER at this momen in a
>project.
>
>However I have a doubt I would like to clarify.
>
>Does anyone know if there is a way to perform SIP Proxy to SIP Proxy
>authentication (I mean in SIP protocol in general)?
>
>If a SIP proxy receives an INVITE from another SIP Proxy, how does the
>proxy
>which receives the INVITE that the originating proxy can be trusted?
>
>I have read something about TLS but I took it from an article of 2003...
>Which is the most used method nowadays?
>
>Thank you very much for your attentio
>
>Regards
>
>Victor
>Unclassified
>
>_______________________________________________
>Serusers mailing list
>serusers(a)lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
Cesc Santasusana writes:
> I really hate to be so pushy, but i dont understand how such an
> important piece of code as TLS is not moving on into CVS ... or
> anywhere else by this matter. I will keep sending patches till i get
> tired (soon).
before cesc gets tired, could someone please commit the tls code to CVS
HEAD. it is then much easier to patch against.
-- juha
Hi,
I really hate to be so pushy, but i dont understand how such an important piece of code as TLS is not moving on into CVS ... or anywhere else by this matter. I will keep sending patches till i get tired (soon).
Anyway ... i thought someone may be interested in a compilation fix for cfg.y introduced with the tls_domains (it would not compile if the cfg.y file had been patched but the tls-core files were not there); a bug fix for the session caching (fixed by turning session caching and resumption off); and an extension (the ability to choose the list of allowed ciphers from the config file). Oh, and all the files have been tabbed, instead of spaced (for indentation).
Enjoy!
Cesc
Unclassified
Hi all!
We've two SERs balanced via DNS-SRV, and Contacts are replicated via SIP
between the Registrars. Now I've implemented transparent NAT support,
but there's a "small" problem :o)
Let's say UAC-1 registers at SER-1, which replicates the contact to SER-2.
Outgoing calls from UAC-1 via SER-1 or SER-2 work great, and so do calls
from PSTN via SER-1 to UAC-1.
But since there's no NAT-binding for UAC-1 to SER-2, incoming calls from
SER-2 to UAC-1 can't work.
Does anybody know how to address this issue?
Thanks,
Andy
Hi,
has anybody came across this strange problem?
when I am using exec_dset to fork my request to more than 3 additional URIs (actually PSTN locations through my gateway), ser is only forking to the last three. Furthermore it seems that this limitation is not present when using the lookup function to fork a request to multiple registered sip locations. This leads me to think that this problem is not associated with the MAX_BRANCHES in config.h file
---------------------------------
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
Hi,
TLS was meant exactly for that. The RFC specifies it as a hop by hop security (auth + crypto) mechanism
I think SER has a module that allows it to authenticate via Digest (UAC module). I have not tried it, because with the availability of a free TLS implementation for SER, and TLS being a mandatory feature for proxies ... why go along with such an simple mechanism as digest?
The only poblem many people see with using tls is that it requires a tcp connection, thus for high traffic servers it may be a problem (though u can use force_tcp_alias, and reuse the same socket for same P2P connections, thus reducing the connection setup delay associated with tcp and specially with tls).
If tcp/tls is not an option in your network, then probably you could think of IPSec (works for both tcp and udp) ... or maybe you want to implement something fancier ... say ... tunnel SIP messages withing S/MIME protected sip messages :D
Regards,
Cesc
>>> "Victor Huertas Garcia" <vhuertas(a)hotmail.com> 05/02/05 06:01PM >>>
Hi all!
I'm newie in this mailing list and I am working with SER at this momen in a
project.
However I have a doubt I would like to clarify.
Does anyone know if there is a way to perform SIP Proxy to SIP Proxy
authentication (I mean in SIP protocol in general)?
If a SIP proxy receives an INVITE from another SIP Proxy, how does the proxy
which receives the INVITE that the originating proxy can be trusted?
I have read something about TLS but I took it from an article of 2003...
Which is the most used method nowadays?
Thank you very much for your attentio
Regards
Victor
Unclassified
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Hi all,
I'm a newbie and I've been searching through the entire mailing (including
www.onsip.org) for a solution regarding landing of calls to a Cisco 3600 GW.
I've configured my SER based on the "Getting Started for mediaproxy" document
found on www.onsip.org, and it worked great between UAs. Based on all the info
I've found on this list + suggestions from others, I came up with the following
config file. I've managed to have the UAs to dial out via the cisco, yet once
the PSTN side picks up, no sound could be heard (both ways). I know the Cisco
is working for sure, since my friend is using AUVTECH SIP Server and is landing
calls properly via the same gateway.
I'm greatful for any help on this issue!!
==================================================================
route {
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
break;
};
if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
break;
};
if (method=="INVITE" && client_nat_test("1")) {
record_route_preset("202.67.215.28:5080;nat=yes"); # insert IP
address
} else if (method!="REGISTER") {
record_route();
};
end_media_session();
};
if (loose_route()) {
if (has_totag() && method=="INVITE") {
if (client_nat_test("1") || search("^Route:.*;nat=yes"))
{
setflag(6);
use_media_proxy();
};
};
route(1);
break;
};
# labeled all transaction for accounting
setflag(1);
setflag(2);
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri==myself) {
if (method=="INVITE") {
route(3);
break;
} else if (method=="REGISTER") {
route(2);
break;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
break;
};
route(1);
};
}
route[1] {
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
route[2] {
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
sl_send_reply("100", "Trying");
# -----------------------------------------------------------------
# Testing script for unconditional registration of PSTN gateway
# -----------------------------------------------------------------
#if (src_ip==61.234.124.150){
# save("location_cscisco3600");
#};
# -----------------------------------------------------------------
if (!search("^Contact: \*") && client_nat_test("1")) {
setflag(6);
fix_nated_register();
force_rport();
};
if (!www_authorize("","subscriber")) {
www_challenge("","0");
break;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
break;
};
consume_credentials();
if (!save("location")) {
sl_reply_error(route[3] {
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
if (client_nat_test("1")) {
setflag(7);
force_rport();
fix_nated_contact();
};
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
#if (lookup("location_cscisco3600"){
# t_relay_to_udp("61.234.124.150");
# }
# -----------------------------------------------------------------
lookup("aliases");
if (uri!=myself) {
route(1);
break;
};
# --------------------------------------------------------
# PSTN Gateway config for Call Landing
# --------------------------------------------------------
if (uri=~"^sip:8676[0-9]*@.*") {
#rewritehostport("211.147.240.67:5060");
#rewritehostport("210.21.105.91:5060");
setflag(1);
rewritehostport("61.234.124.150:5060");
force_rport();
#fix_nated_contact();
#force_rtp_proxy();
#t_relay();
#use_media_proxy();
# forward(uri:host, uri:port);
if (!t_relay()) {
sl_reply_error();
};
);
break;
}
# ---------------------------------------------------------
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
break;
};
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
break;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
break;
};
consume_credentials();
if (isflagset(6) || isflagset(7)) {
use_media_proxy();
};
route(1);
}
onreply_route[1] {
if ((isflagset(6) || isflagset(7)) &&
(status=~"(180)|(183)|2[0-9][0-9]")) {
if (!search("^Content-Length:\ 0")) {
use_media_proxy();
};
};
if (client_nat_test("1")) {
fix_nated_contact();
};
}
};
}
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Hello,
I desperately need to run a ser installation...
After reading through the instructions, I have finally managed to make
ser work. After that, I also followed the instructions and mysql seems
to be working fine as well. (at least I can see the users I added so
that should be a good sign!)
Now I am trying to configure serweb so that others can connect to my sip
server and add themselves etc but try as I may, I can not get it to
work... I have made all the changes to the php files as suggested by
the manual but when I try to open any of the webpages at the webserver's
address all I get is :
Database error: pconnect(localhost,administrator(a)oug.gr, $Password)
failed.
MYSQL Error: ()
Session halted.
What is this? Can someone please help?
Thanks you very much in advance,
Alexandros.
