Hi Kamal,
take a look at the Warning header in the 407: it tells you that the INVITE was
relayed to your server again (in a loop) and in the second round your script
replies with 407 (because this time it is not comming from the GW any more).
Nils
On Monday 06 November 2006 06:46, Kamal.Mann(a)t-systems.com wrote:
Hi Andrey
Please find ethereal packet capture enclosed. SER n/w dump is 'SER_SERVER'
and SIP_AS n/w dump is 'SAS_SERVER'. SER IP = 10.25.119.155
SIP AS IP = 10.25.119.156
To URI is registered at SER end (dilip)
From URI is Application Name (example) and neither
created nor registered
(WakeUpService) with SER.
Thanks in anticipation
Kamal Mann
-----Original Message-----
From: serusers-bounces(a)lists.iptel.org
[mailto:serusers-bounces@lists.iptel.org] On Behalf Of Andrey Kuprianov
Sent: Monday, November 06, 2006 11:04 AM
To: serusers(a)iptel.org
Subject: Re: [serusers]: trusted table(permissions module)
Hi Kamal,
Please (!), do network dump and send it here. Use tcpdump, ngrep,
Ethereal, anything to catch your network traffic on port 5060.
Waiting for your traces,
Andrey.
On 11/6/06, Kamal.Mann(a)t-systems.com <Kamal.Mann(a)t-systems.com> wrote:
> Hi Andrey,
> Yes you are right it not bypassing that part of code (route [3]).But why
> it is so? Its not trusting SIP AS IP! I had recompiled permissions module
> but still the same response!!
>
> Regards
> Kamal Mann
> -----Original Message-----
> From: serusers-bounces(a)lists.iptel.org
> [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Andrey Kuprianov
> Sent: Saturday, November 04, 2006 6:20 PM
> To: serusers(a)iptel.org
> Subject: Re: [serusers]: trusted table(permissions module)
>
> Hi Kamal,
>
> Really, there are only 2 places in your ser.cfg, where proxy_authorize
> is called. One is inside route[3] block, and one, which is commented
> out is inside the main route block. Since, one proxy_authorize is
> commented out, this leaves the only a single proxy_authorize - the one
> inside route[3] block. Now... In your previous mail you said,
> "allow_trusted results 'true' and it directly bypasses this
code."
> This means only one thing - there are *no more* proxy_authorize left
> to call...
>
> You also said "But after in route(1) its sending 407-proxy auth
> required to trusted ip of sip_AS". That is impossible. Your route[1]
> block cannot and does not send 407 response. There's simply no
> proxy_authorize code in there and SER does not do it automatically!
>
> I have several ideas (some of them were already presented in previous
> mails):
>
> 1. Something else (not SER) is sending 407 response. Catch network
> traffic (i.e. traces) and send them here to the list. Do it on both
> sides, SER and SIP-AS. This is critical.
> 2. Your SER is using some other configuration file (it's my best guess
> now), not the one that you've sent. Please, check thoroughly on this
> issue.
> 3. Do a fresh start with your configuration file. You will lose 1
> (maximum 2) hours, but at least it's gonna work.
>
> I really wish you best of luck on this one, man!
>
> Andrey.
>
> On 11/4/06, Kamal.Mann(a)t-systems.com <Kamal.Mann(a)t-systems.com> wrote:
> > Hi All
> > In current scenario when a sip invite message comes to SER from my
> > SIP_AS; SER take this massage trusted (as I defined in trusted table)
> > but after this in my INVITE route(3) it sends it to route(1) default
> > message handler. I am enclosing my ser.cfg; please take a glance on it.
> >
> > Thanks in anticipation
> > Kamal Mann
> > -----Original Message-----
> > From: John Shellhouse [mailto:jwshel@hotmail.com]
> > Sent: Friday, November 03, 2006 9:17 PM
> > To: Mann, Kamal
> > Subject: RE: [serusers]: trusted table(permissions module)
> >
> > Hi,
> >
> > you've already tried something more filled in like this...
> >
> >
> > if (!proxy_authorize("somedomain.com","subscriber")) {
> > proxy_challenge("somedomain.com","0");
> > break;
> > } else if (method == "INVITE" & !check_from()) {
> > log("from!=digest\n");
> > sl_send_reply("403", "Use From=ID");
> >
> > break;
> > };
> > consume_credentials();
> >
> > T
> >
> > >From: <Kamal.Mann(a)t-systems.com>
> > >To: <andrey.kouprianov(a)gmail.com>om>, <serusers(a)iptel.org>
> > >Subject: RE: [serusers]: trusted table(permissions module)
> > >Date: Fri, 3 Nov 2006 15:40:26 +0100
> > >
> > >Hi All
> > >Now SER is trusting packates from trusted table IP and in the
> > > following part of route(3) of Invite message handler allow_trusted
> > > results 'true' and it directly bypasses this code.
> > >if (!allow_trusted())
> > >{
> > > if (!proxy_authorize("","subscriber"))
> > > {
> > > proxy_challenge("","0");
> > > break;
> > > }
> > > else if (!check_from())
> > > {
> > > sl_send_reply("403", "Use From=ID");
> > > break;
> > > };
> > > consume_credentials();
> > >};
> > >But after in route(1) its sending 407-proxy auth required to trusted
> > > ip of sip_AS. Please help me out of this dilemma.
> > >
> > >Thanks in anticipation
> > >Kamal Mann
> > >
> > >-----Original Message-----
> > >From: serusers-bounces(a)lists.iptel.org
> > >[mailto:serusers-bounces@lists.iptel.org] On Behalf Of Andrey
> > > Kuprianov Sent: Thursday, November 02, 2006 1:13 PM
> > >To: serusers(a)iptel.org
> > >Subject: Re: [serusers]: trusted table(permissions module)
> > >
> > >The one you attached, didnt have a semicolon. Anyway, try using a
> > >fresh copy of a ready made ser.cfg.
> > >
> > > Bests,
> > >
> > > Andrey.
> > >
> > >On 11/2/06, Kamal.Mann(a)t-systems.com <Kamal.Mann(a)t-systems.com>
wrote:
> > > > Yup I always do the same, Might be copy paste error. Its having
> > >
> > >semicolon & working fine here.
> > >
> > > > Regards
> > > > Kamal Mann
> > > >
> > > > -----Original Message-----
> > > > From: Andrey Kuprianov [mailto:andrey.kouprianov@gmail.com]
> > > > Sent: Thursday, November 02, 2006 10:34 AM
> > > > To: serusers(a)iptel.org
> > > > Subject: Re: [serusers]: trusted table(permissions module)
> > > >
> > > > Hi Kamal,
> > > >
> > > > Whenever you modified your ser.cfg did you restart SER after? Did
> > > > you check your ser.cfg for errors using "ser -c" command? I
found
> > > > some errors in your ser.cfg code. For instance, inside the main
> > > > route block, your "if", which processes INVITEs, is missing
a
> > > > semicolon at the end of the block.
> > > >
> > > > if (method=="INVITE")
> > > > {
> > > > # sl_send_reply("404", "INVITE ");
> > > > route(3);
> > > > break;
> > > > } <----- missing semicolon here
> > > >
> > > >
> > > > If you are comfortable with your current ser.cfg, that's ok, but
> > > > I'd suggest you start with a fresh one, make your trusted table
> > > > work, and then add a "REFER" processing, like in your
currect
> > > > ser.cfg. Just download one fresh ser.cfg from
iptel.org site and
> > > > add your allow_trusted() "if" clause there.
> > > >
> > > > Regards,
> > > >
> > > > Andrey.
> > > >
> > > > On 11/2/06, Kamal.Mann(a)t-systems.com <Kamal.Mann(a)t-systems.com>
> > > > > Hi
> > > > > Please find ser.cfg enclosed.
> > > > >
> > > > > Trusted table entry:
> > > > > +---------------+-------+--------------+
> > > > >
> > > > > | src_ip | proto | from_pattern |
> > > > >
> > > > > +---------------+-------+--------------+
> > > > >
> > > > > | 10.25.119.156 | any | ^sip:.*$ |
> > > > >
> > > > > +---------------+-------+--------------+
> > > > > 1 row in set (0.00 sec)
> > > > >
> > > > > Thanks in anticipation
> > > > > Kamal Mann
> > > > > -----Original Message-----
> > > > > From: serusers-bounces(a)lists.iptel.org
> > >
> > >[mailto:serusers-bounces@lists.iptel.org] On Behalf Of Andrey
> > > Kuprianov
> > >
> > > > > Sent: Wednesday, November 01, 2006 7:03 PM
> > > > > To: serusers(a)iptel.org
> > > > > Subject: Re: [serusers]: trusted table(permissions module)
> > > > >
> > > > > Hi Kamal,
> > > > >
> > > > > I understand your setup. Nevertheless, it will be difficult to
> > > > > figure out your problem, w/o your ser.cfg file at hand. Also,
> > > > > send a trusted table query result (i.e. that row which contains
> > > > > entry for your SIP-AS).
> > > > >
> > > > > Regards,
> > > > >
> > > > > Andrey.
> > > > >
> > > > > On 11/1/06, Kamal.Mann(a)t-systems.com
<Kamal.Mann(a)t-systems.com>
> > >
Hi All
> > > In my scenario I need ser to communicate with my SIP-AS. This
> > > SIP-AS
is having an application xyz running on it. This XYZ sends an invite
to URI "A(a)xcv.de" which is a subscriber in SER and this is in TO
header of Invite msg & FROM header contains another URI test(a)xcv.de
but this URI (test(a)xcv.de) isn't registered / subscribed to SER. I
need SER trust all packets from SIP-AS ip. BUT SER is sending 407
reply of INVITE to XYZ application! IP in trusted table is of SIP-AS
on top of which XYZ application is running.
> > > Thanks in anticipation
> > > Kamal Mann
> > >
> > > -----Original Message-----
> > > From: Maciej ¯wirski [mailto:mzwirek@poczta.fm]
> > > Sent: Wednesday, November 01, 2006 3:20 PM
> > > To: serusers(a)lists.iptel.org
> > > Subject: Re: [serusers]: trusted table(permissions module)
> > >
> > > Kamal.Mann(a)t-systems.com wrote:
> > > > Hi All
> > > >
> > > > I made an entry /"10.25.119.156, any, ^sip:.*$"/ into
trusted
table so
> > > > that any packet sent from 10.25.119.156 would be trusted by
> > > > SER
and
> > > > don't ask for its credentials. But SER is replying *407-
> > > > proxy*
auth
> > > > needed!! After this I tried with permissions.allow file:
> > >
> > > Hi,
> > > I had the same issue while interconnecting SER and Asterisk. It
turned
> > > out to be an issue on Asterisk side (I had the same user added
> > > for
SER
> > > and Asterisk, so the poor thing couldn't authorize either :))
> > > So you could check if the 407 you're getting is from SER or
> > > from the remote
host.
> > > Regards,
> > > Maciej Zwirski
----------------------------------------------------------------------
> > > Jestes kierowca? To poczytaj! >>>
http://link.interia.pl/f199e
> > >
> > > _______________________________________________
> > > Serusers mailing list
> > > Serusers(a)lists.iptel.org
> > >
http://lists.iptel.org/mailman/listinfo/serusers
> > > _______________________________________________
> > > Serusers mailing list
> > > Serusers(a)lists.iptel.org
> > >
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_________________________________________________________________
Get FREE company branded e-mail accounts and business Web site from
Microsoft Office Live
http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers