28 Nov
2005
28 Nov
'05
7:43 a.m.
hi Christoffer!
Please always cc to the list.
Christoffer Soop wrote:
Thank you very much! This is more than enough to get
me started.
One small remaining question though:
Klaus Darilion wrote:
In my scenario our proxy is the only one which should be able to
authenticate to the PSTN gateway. If the client talks directly to the
PSTN gateway will it have to re-supply the credentials?
There are different credentials:
1. The credentials between your SIP proxy and your clients.
2. The credentials needed to authenticate to the remote proxy/GW.
Digest authentication is normally used between clients and proxies.
Thus, if you want to be standard conform, the clients would need
additional credentials (a second set of realm/username/password) to
authenticate also against the GW. But this is not supported by most
clients, and you also do not want to give the GW credentials to you clients.
The problem arises when using digest authentication between proxies.
This is usually not possible. You would need a B2BUA, which receives the
calls from your clients, and forward them to the GW with proper
credentials. openser includes the uac module which can be used for this,
but you might experience problems using this module as it is not
standard conform.
Another way to authentication against the GW would be with TLS or based
on IP addresses (do not use UDP here as it can be spoofed easily).
regards
klaus
- after
the session with the remote proxy has been set up OpenSER either
works as proxy between the client and the remote proxy, or better
transfers the session to the client
If you use record_route your proxy stays inbetween the client and the
PSTN GW. If not, your proxy stays out of the folowing conversations. But
you will loose the ability to account BYE messages, and will have
problem when doing NAT traversal.