20 Sep
2007
20 Sep
'07
7:06 p.m.
Bogdan-Andrei Iancu wrote:
Hi Halomoan,
If openser receives the REGISTER and fwd it to Asterisk, then do not
try to do authentication on Asterisk...do it only on openser
That is correct....proxy authentication is a challenge and response
operation. If you defined a secret in a type=peer based context,
asterisk would challenge the request (forwarded from OpenSER), which
would not succeed. I believe you can limit access using permit/deny
to only accept call setups from your own proxies.
On the other hand, my own OpenSER+Asterisk based systems all run with a
very very dumb Asterisk configuration - very very minimal
configuration. Attempting to keep all of the SIP type=peer's straight
and a complex dialplan, especially in terms of scale, is still a big
issue for Asterisk. Thus I have almost gone out of my way to ensure I
don't ever require very complex (or even regularly changing) Asterisk
configurations.
Remember Asterisk is not a SIP Proxy and only generally complies with
what is called a B2B-UA. Asterisk very much does its own thing. So,
let asterisk do what its good at.... media and application logic and
then build the rest of the system accordingly.
Jeremy McNamara