10 Oct
2005
10 Oct
'05
6:34 p.m.
read
"I've just been playing with this myself." without the word "this"
:-)
My peering with alot is based on IP, but it would be nice if we could do
what asterisk does, and allow a user/pass auth method, so you could just
buy sip accounts from providers, and route to each account based upon
prefix.
Iqbal
Mark Aiken wrote:
On 10/10/05, *Iqbal* <iqbal(a)gigo.co.uk <mailto:iqbal@gigo.co.uk>> wrote:
I read the the first line without the word "this" almost fell
backwards
off my chair.....
heh
I have looked into this also, the second sip server you need to ensure
that no auth is done, but then this means you need to be able to
trust
what is coming from the first ser, which can be done in terms of
IP, but
then this can be spoofed.
But if you are peering with an ITSP that does requires authentication
its a problem. Some do some dont.
What would be nice is to have SER itself authenticate, i.e instead of
each call being authenticaterd, autheticate the entire box, and then
possibly have a open connection between the two, which if no traffic
passes for sometime is dropped, and then re-intiated when next call
comes in
Iqbal
proxy-proxy SSL using stunnel + X.509 certs works great for this if
you own both proxies.
Mark Aiken wrote:
I've just been playing with this myself.
There is a function, uac_auth, in the uac module which can be
used to
authenticate a challenge from another SIP server.
Unfortunately
it has
the following problems:
1. Does not handle increment of the cseq. At least in my experience
this causes authentication failure, you may have better luck.
2. Missing quotes in the auth header sent by the other server causes
parse errors.
3. Digest comparison is case sensitive (DIGEST in auth header
causes
parse error).
2 and 3 are easy to fix but 1 is a major problem for SER as there is
no dialog state kept between requests.
Mark
On 10/7/05, *KaveH Aasaraai* < asi_ka(a)yahoo.com
<mailto:asi_ka@yahoo.com>
<mailto:asi_ka@yahoo.com
<mailto:asi_ka@yahoo.com>>> wrote:
Hi,
I was wondering how I can route my SER users to other
SIP servers, without need of authentication to other
server.
I mean this:
My User -> Auth -> My SER
My SER -> Auth -> Other SIP Server
My User --------make call--------> My SER
--------route call-------> Other SIP Server
Thank you.
Kaveh
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org <mailto:serusers@lists.iptel.org>
<mailto:serusers@lists.iptel.org <mailto:serusers@lists.iptel.org>>
http://lists.iptel.org/mailman/listinfo/serusers
------------------------------------------------------------------------
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org <mailto:serusers@lists.iptel.org>
http://lists.iptel.org/mailman/listinfo/serusers