Bogdan-Andrei Iancu wrote:
Hi Halomoan,
If openser receives the REGISTER and fwd it to Asterisk, then do not try to do authentication on Asterisk...do it only on openser
That is correct....proxy authentication is a challenge and response operation. If you defined a secret in a type=peer based context, asterisk would challenge the request (forwarded from OpenSER), which would not succeed. I believe you can limit access using permit/deny to only accept call setups from your own proxies.
On the other hand, my own OpenSER+Asterisk based systems all run with a very very dumb Asterisk configuration - very very minimal configuration. Attempting to keep all of the SIP type=peer's straight and a complex dialplan, especially in terms of scale, is still a big issue for Asterisk. Thus I have almost gone out of my way to ensure I don't ever require very complex (or even regularly changing) Asterisk configurations.
Remember Asterisk is not a SIP Proxy and only generally complies with what is called a B2B-UA. Asterisk very much does its own thing. So, let asterisk do what its good at.... media and application logic and then build the rest of the system accordingly.
Jeremy McNamara