This seems to be fine. The user MUST authenticate to Kamailio, only then Kamailio will create REGISTER request that is send to asterisk. That's the key security feature behind the idea.

Look at the register architecture diagram,

http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb#registration

Thank you.



On Sat, Nov 15, 2014 at 10:31 PM, Mahmoud Ramadan Ali <cisco.and.more.blog@gmail.com> wrote:
Hi Dears,
I'm trying to configure Kamailio as SBC in multi home mode for Asterisk by authenticating the inbound SIP registration requests,i'm following this tutorial http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb  to achieve this goal. i have modified the necessary changes like the Asterisk DB URL and the SIP table name and Username and password column and verified the connection.

My topology like this Asterisk (192.168.100.10)  <----Internal:192.168.100.1---->Kamailio<---External:192.168.50.1-----> SIP Phone (192.168.50.2)
But when trying to register a SIP phone Kamailio does NOT forward the authentication request to Asterisk and sends 401 Unauthorized error message.I've attached my config file if any one wants to check it and thanks in advance.
Best Regards


U 192.168.50.2:37297 -> 192.168.50.1:5060
REGISTER sip:192.168.50.1;transport=UDP SIP/2.0.
Via: SIP/2.0/UDP 192.168.50.2:37297;branch=z9hG4bK-d8754z-a46e0c7c9d98fe52-1---d8754z-;rport;transport=UDP.
Max-Forwards: 70.
Contact: <sip:1001@192.168.50.2:37297;rinstance=1d7c44dbcb8a7a2f;transport=UDP>.
To: <sip:1001@192.168.50.1;transport=UDP>.
From: <sip:1001@192.168.50.1;transport=UDP>;tag=1d222e19.
Call-ID: NTc2NDBjMGQ2YWFmZjdmNWI0MzVmN2Y4NzYyODJlMTc..
CSeq: 2 REGISTER.
Expires: 70.
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE.
Supported: replaces, norefersub, extended-refer, timer, X-cisco-serviceuri.
User-Agent: Z 3.2.21357 r21367.
Authorization: Digest username="1001",realm="192.168.50.1",nonce="VGfAuFRnv4wMvoTG7wA9tqYD9fgZDe3D",uri="sip:192.168.50.1;transport=UDP",response="8bbd01d879250585eafee4f510689f73",algorithm=MD5.
Allow-Events: presence, kpml.
Content-Length: 0.
#
U 192.168.50.1:5060 -> 192.168.50.2:37297
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP 192.168.50.2:37297;branch=z9hG4bK-d8754z-a46e0c7c9d98fe52-1---d8754z-;rport=37297;transport=UDP.
To: <sip:1001@192.168.50.1;transport=UDP>;tag=b27e1a1d33761e85846fc98f5f3a7e58.fe8b.
From: <sip:1001@192.168.50.1;transport=UDP>;tag=1d222e19.
Call-ID: NTc2NDBjMGQ2YWFmZjdmNWI0MzVmN2Y4NzYyODJlMTc..
CSeq: 2 REGISTER.
WWW-Authenticate: Digest realm="192.168.50.1", nonce="VGfAuFRnv4wMvoTG7wA9tqYD9fgZDe3D".
Server: kamailio (4.1.6 (i386/linux)).
Content-Length: 0.

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users