Hi mates,
I still need your pointers regarding my problem in this post, today i have attached  the routes suspected to be involved in this saga. From my config file plz see below.

        # -----------------------------------------------------------------
        # Unauthorized relay
        # -----------------------------------------------------------------

        if (!is_uri_host_local()) {
                        if (is_from_local()) { # We prevent unauthorised relays "clever guys we got u"
                                append_hf("P-hint: outbound\r\n");

                route(10);
                                # need to be authenticated
                        } else {
                                sl_send_reply("403", "Forbidden");
                        };
                        return;
        };

route[10] {
        #-------------------------------------------------------------
        # Default Message Handler with  Proxy Authentication
        # -----------------------------------------------------------------

        if(method=="ACK") {   #these you never proxy authenticate
                route(1);
                return;
        };
        if(method=="BYE" || method=="CANCEL") {   #these you never proxy authenticate
                route(1);
                return;
        };

        xlog("L_INFO", "Proxy auth $fd $dP destination:$du $dd $ds");#

        if (!route(7)) { #verify the user
                return(0);
        };
 if (!is_user_in("From", "noauth")) { #no authentication required
                if (!proxy_authorize("","subscriber")) {
        proxy_challenge("","0");
                        return;
        } else if (!check_from()) {
                        sl_send_reply("403", "Use From=ID");
                        return;
                };
       #        consume_credentials();

        };

#       if (is_user_in("Credentials", "local")) {       # Uncomment to use the group options
                route(1);
#       }else{
#               sl_send_reply("403", "Busted!!!, you are not allowed this route");
#       };

return;
}

With Best Regards,
LU.



Message: 3
Date: Tue, 20 May 2008 17:38:50 +0200
From: "luzango mfupe" <luzango.mfupe@gmail.com>
Subject: [OpenSER-Users] Call failed 403 Forbiden
To: users@lists.openser.org
Message-ID:
       <9cdd611a0805200838oc11cfedg9762b7451bf543c4@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi mates,
Everytime i do try to make my 2 xlite clients talk (which i correctly added
them into the database), i encountered with the same problm, Openser perfoms
authentication and return call failed 403 forbiden signal.

My setup comprise of the first box with openser 1.3 and mediaproxy the
second box with Mysql and two Xlite clients in two other boxes all are in an
internal network, as far as am concerned my NetAdmin have already opened
ports 5060 and 3306 for me. I need your right direction on this probm.
below is my ngrep snapshot

mzee:/# ngrep -d eth1 -W byline port 5060
interface: eth1 (168.172.200.0/255.255.255.0)
filter: (ip or ip6) and ( port 5060 )
#
U 168.172.200.70:1824 -> 168.172.200.87:5060
INVITE sip:musketeerm@168.172.200.87 <sip%3Amusketeerm@168.172.200.87>SIP/2.0.
Via: SIP/2.0/UDP 168.172.200.70:1824
;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.
Max-Forwards: 70.
Contact: <sip:dreamteam@168.172.200.70:1824>.
To: "musk"<sip:musketeerm@168.172.200.87 <sip%3Amusketeerm@168.172.200.87>>.
From: "dream"<sip:dreamteam@168.172.200.87 <sip%3Adreamteam@168.172.200.87>
>;tag=af4bd714.
Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..
CSeq: 1 INVITE.
Session-Expires: 95.
Min-SE: 90.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE,
INFO.
Content-Type: application/sdp.
Supported: timer.
User-Agent: X-Lite release 1011s stamp 41150.
Content-Length: 426.
.
v=0.
o=- 9 2 IN IP4 168.172.200.70.
s=CounterPath X-Lite 3.0.
c=IN IP4 168.172.200.70.
t=0 0.
m=audio 52166 RTP/AVP 107 119 100 106 0 105 98 8 101.
a=alt:1 1 : uZB2dYm+ NKBRK8Ep 168.172.200.70 52166.
a=fmtp:101 0-15.
a=rtpmap:107 BV32/16000.
a=rtpmap:119 BV32-FEC/16000.
a=rtpmap:100 SPEEX/16000.
a=rtpmap:106 SPEEX-FEC/16000.
a=rtpmap:105 SPEEX-FEC/8000.
a=rtpmap:98 iLBC/8000.
a=rtpmap:101 telephone-event/8000.
a=sendrecv.
#
U 168.172.200.87:5060 -> 168.172.200.70:1824
SIP/2.0 403 Forbidden.
Via: SIP/2.0/UDP 168.172.200.70:1824
;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.
To: "musk"<sip:musketeerm@168.172.200.87 <sip%3Amusketeerm@168.172.200.87>
>;tag=9a17bd4180f96d7136f8b30b25c6947e.d7e9.
From: "dream"<sip:dreamteam@168.172.200.87 <sip%3Adreamteam@168.172.200.87>
>;tag=af4bd714.
Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..
CSeq: 1 INVITE.
Server: OpenSER (1.3.0-notls (i386/linux)).
Content-Length: 0.
.
#
U 168.172.200.70:1824 -> 168.172.200.87:5060
ACK sip:musketeerm@168.172.200.87 <sip%3Amusketeerm@168.172.200.87> SIP/2.0.
Via: SIP/2.0/UDP 168.172.200.70:1824
;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.
To: "musk"<sip:musketeerm@168.172.200.87 <sip%3Amusketeerm@168.172.200.87>
>;tag=9a17bd4180f96d7136f8b30b25c6947e.d7e9.
From: "dream"<sip:dreamteam@168.172.200.87 <sip%3Adreamteam@168.172.200.87>
>;tag=af4bd714.
Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..
CSeq: 1 ACK.
Content-Length: 0.

WBR,
LU.