19 Mar
2019
19 Mar
'19
6:40 p.m.
Hi Henning,
thank you! I will check that again.
In the mean time, I tried to get this running:
http://kb.asipto.com/kamailio:presence:k43-blf
In my setup, the local node is also the presence server (... or should be).
BLF is working perfectly fine if I disable AUTH (PUBLISH to local ->
NOTIFY to phones).
If I enable AUTH, I can see "PUBLISH" sent to the node itself, getting
denied by a 407 "Proxy Authentication Required".
Do I realy need a SIP message flowing to myself to "PUBLISH" the
change detected by dlg_manage() + presence_dialoginfo +
pua_dialoginfo?
The behavior seems to be correct for external presence management
where I do IP based auth.
For my understanding, Kamailio could handle that internal without
building a SIP message(?).
This is what I set up as params (pbx.example.com -> DOMAIN,
123.123.123.123 Public IP of node):
=======================>%=======================
#!ifdef WITH_PRESENCE
# ----- presence params -----
modparam("presence", "db_url", DBURL)
modparam("presence",
"server_address","sip:123.123.123.123:5060")
modparam("presence", "send_fast_notify", 0)
modparam("presence", "db_update_period", 20)
modparam("presence", "subs_db_mode", 2)
modparam("presence", "fetch_rows", 1000)
# ----- presence_xml params -----
modparam("presence_xml", "db_url", DBURL)
modparam("presence_xml", "force_active", 1)
# ----- presence_dialoginfo params -----
modparam("presence_dialoginfo", "force_single_dialog", 0)
# -- dialog params --
modparam("dialog", "db_url", DBURL)
modparam("dialog", "db_mode", 1)
modparam("dialog", "dlg_match_mode", 1)
modparam("dialog", "enable_stats", 1)
modparam("dialog", "dlg_flag", FLT_DLG)
# -- pua parameters --
modparam("pua", "db_url", DBURL)
modparam("pua", "db_mode", 2)
modparam("pua", "update_period", 60)
modparam("pua", "dlginfo_increase_version", 0)
modparam("pua", "reginfo_increase_version", 0)
modparam("pua", "check_remote_contact", 1)
modparam("pua", "fetch_rows", 1000)
# ----- pua_dialoginfo params -----
modparam("pua_dialoginfo", "include_callid", 1)
modparam("pua_dialoginfo", "send_publish_flag", FLT_DLGINFO)
modparam("pua_dialoginfo", "caller_confirmed", 0)
modparam("pua_dialoginfo", "include_tags", 1)
modparam("pua_dialoginfo", "override_lifetime", 124)
# CUSTOM
modparam("pua_usrloc", "default_domain", "pbx.example.com")
modparam("pua_reginfo", "server_address",
"sip:123.123.123.123:5060")
modparam("pua_reginfo", "default_domain",
"pbx.example.com")
#!endif
=======================>%=======================
Kind regards
Kevin
Am Mo., 18. März 2019 um 22:55 Uhr schrieb Henning Westerholt <hw(a)kamailio.org>rg>:
Am Montag, 18. März 2019, 19:42:30 CET schrieb Kevin Olbrich:
I rolled back the change and Kamailio still sends
the challenge. Seems
I took the wrong transaction during debug...
Am Mo., 18. März 2019 um 19:16 Uhr schrieb Kevin Olbrich <ko(a)sv01.de>de>:
> Hi!
>
> I am implementing forwarding of SUBSCRIBE (BLF) to an Asterisk behind
> Kamailio. This works but Kamailio is not requesting for Auth.
>
> I then added SUBSCRIBE to:
> https://github.com/kamailio/kamailio/blob/master/etc/kamailio.cfg#L746
>
> And it now challenges the client correctly.
>
> Why does this line only show REGISTER?
> Shouldn't it request a challenge for all messages?
> And why does it work with INVITES ootb?
Hi Kevin,
have a look to e.g. this page:
https://andrewjprokop.wordpress.com/2015/01/27/understanding-sip-authentica…
"That means that messages like INVITE and BYE will receive 407 responses and
REGISTER and SUBSCRIBE will receive 401 responses."
For this reasons they are two *challenge functions in the auth module
available.
Cheers,
Henning
--
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://skalatan.de/services
Kamailio security assessment - https://skalatan.de/de/assessment