Hi Ovidiu, I´m currently configured on this way on my openser:
if (!www_authorize("ser.ip-tel.com.ar",
"subscriber")) {
www_challenge("ser.ip-tel.com.ar",
"0");
break;
};
Is it right?
Thanks
Diego
----- Original Message -----
From: "Ovidiu Sas" <sip.nslu(a)gmail.com>
To: "Diego Valencia" <dvalencia(a)ip-tel.com.ar>
Cc: <users(a)openser.org>
Sent: Tuesday, February 20, 2007 4:39 PM
Subject: Re: [Users] SER behind PIX
Hi Diego,
When you challenge the SIP UA from openSER, provide the realm and
configure the SIP UA to use that particular realm for authorization.
see:
http://openser.org/docs/modules/1.2.x/auth_db.html#AEN170
(do not use an empty string for realm)
Regards,
Ovidiu Sas
On 2/20/07, Diego Valencia <dvalencia(a)ip-tel.com.ar> wrote:
Hi everybody. In the topology:
INTERNET
|
PIX (NAT static translate 200.x.x.2 to 10.1.1.2)
|
SER (10.1.1.2)
I can´t register UA from internet.(unauthorized)
The PIX is configured with the "fixup SIP" and "fixup udp SIP"
commands.
I guess there is a problem when UA generates HA1 with the external IP,
then
de PIX translates this to internal IP, and the SER can´t authenticate it
by
the erroneous hash.
Anybody know some solution for it?
Thanks!
Diego
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users