Hi Henning,
thank you! I will check that again.
In the mean time, I tried to get this running: http://kb.asipto.com/kamailio:presence:k43-blf
In my setup, the local node is also the presence server (... or should be). BLF is working perfectly fine if I disable AUTH (PUBLISH to local -> NOTIFY to phones).
If I enable AUTH, I can see "PUBLISH" sent to the node itself, getting denied by a 407 "Proxy Authentication Required".
Do I realy need a SIP message flowing to myself to "PUBLISH" the change detected by dlg_manage() + presence_dialoginfo + pua_dialoginfo? The behavior seems to be correct for external presence management where I do IP based auth. For my understanding, Kamailio could handle that internal without building a SIP message(?).
This is what I set up as params (pbx.example.com -> DOMAIN, 123.123.123.123 Public IP of node): =======================>%======================= #!ifdef WITH_PRESENCE # ----- presence params ----- modparam("presence", "db_url", DBURL) modparam("presence", "server_address","sip:123.123.123.123:5060") modparam("presence", "send_fast_notify", 0) modparam("presence", "db_update_period", 20) modparam("presence", "subs_db_mode", 2) modparam("presence", "fetch_rows", 1000)
# ----- presence_xml params ----- modparam("presence_xml", "db_url", DBURL) modparam("presence_xml", "force_active", 1)
# ----- presence_dialoginfo params ----- modparam("presence_dialoginfo", "force_single_dialog", 0)
# -- dialog params -- modparam("dialog", "db_url", DBURL) modparam("dialog", "db_mode", 1) modparam("dialog", "dlg_match_mode", 1) modparam("dialog", "enable_stats", 1) modparam("dialog", "dlg_flag", FLT_DLG)
# -- pua parameters -- modparam("pua", "db_url", DBURL) modparam("pua", "db_mode", 2) modparam("pua", "update_period", 60) modparam("pua", "dlginfo_increase_version", 0) modparam("pua", "reginfo_increase_version", 0) modparam("pua", "check_remote_contact", 1) modparam("pua", "fetch_rows", 1000)
# ----- pua_dialoginfo params ----- modparam("pua_dialoginfo", "include_callid", 1) modparam("pua_dialoginfo", "send_publish_flag", FLT_DLGINFO) modparam("pua_dialoginfo", "caller_confirmed", 0) modparam("pua_dialoginfo", "include_tags", 1) modparam("pua_dialoginfo", "override_lifetime", 124)
# CUSTOM modparam("pua_usrloc", "default_domain", "pbx.example.com") modparam("pua_reginfo", "server_address", "sip:123.123.123.123:5060") modparam("pua_reginfo", "default_domain", "pbx.example.com") #!endif =======================>%=======================
Kind regards Kevin
Am Mo., 18. März 2019 um 22:55 Uhr schrieb Henning Westerholt hw@kamailio.org:
Am Montag, 18. März 2019, 19:42:30 CET schrieb Kevin Olbrich:
I rolled back the change and Kamailio still sends the challenge. Seems I took the wrong transaction during debug...
Am Mo., 18. März 2019 um 19:16 Uhr schrieb Kevin Olbrich ko@sv01.de:
Hi!
I am implementing forwarding of SUBSCRIBE (BLF) to an Asterisk behind Kamailio. This works but Kamailio is not requesting for Auth.
I then added SUBSCRIBE to: https://github.com/kamailio/kamailio/blob/master/etc/kamailio.cfg#L746
And it now challenges the client correctly.
Why does this line only show REGISTER? Shouldn't it request a challenge for all messages? And why does it work with INVITES ootb?
Hi Kevin,
have a look to e.g. this page:
https://andrewjprokop.wordpress.com/2015/01/27/understanding-sip-authenticat...
"That means that messages like INVITE and BYE will receive 407 responses and REGISTER and SUBSCRIBE will receive 401 responses."
For this reasons they are two *challenge functions in the auth module available.
Cheers,
Henning
-- Henning Westerholt - https://skalatan.de/blog/ Kamailio services - https://skalatan.de/services Kamailio security assessment - https://skalatan.de/de/assessment