20 Jan
2020
20 Jan
'20
1:19 a.m.
I have a setup where I have a fallback to a GSM number
I look up the GSM number and provider information in a database and sets
the headers.
dlg_manage();
$du = "sip:" + $dbr(ra=>[0,0]);
$tu = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
$ru = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
uac_replace_from("sip:"+$dbr(ra=>[0,1])+"@EXTERNALIP");
After this the call goes to a failure_route to do uac_auth()
Now my problem is that this works with the providers Asterisk server.
But if the call is send to the providers Kamailio server, authentication
is rejected.
Removing uac_replace_from makes the call accepted on the Kamailio server
The only possible problem I can see is that the first INVITE without
authentication, has correct From header.
But the second with the nonce and auth, uses the wrong From header. Thus
two different From headers in the same SIP dialog.
Unfortunately uac_replace_from is not allowed in failure_route, so I
could test if this is the problem.
Is the two different From headers a problem, and how could that be fixed.
--
-------------------- Med Liberalistiske Hilsner ----------------------
Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk
20 Jan
20 Jan
1:22 a.m.
In non-REGISTER requests, the From URI is the identity being asserted,
and supported by the authentication credentials.
If you have control over the upstream Kamailio server, you can tinker
with authentication options which enforce equivalence between the
authentication username/realm and the From URI user/domain --
specifically, by turning off this enforcement.
If you don't, then a modified From value will indeed be a problem
insofar as it may deviate from the authentication credentials.
-- Alex
On Sun, Jan 19, 2020 at 11:19:26PM +0100, Kjeld Flarup wrote:
I have a setup where I have a fallback to a GSM
number
I look up the GSM number and provider information in a database and sets the
headers.
dlg_manage();
$du = "sip:" + $dbr(ra=>[0,0]);
$tu = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
$ru = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
uac_replace_from("sip:"+$dbr(ra=>[0,1])+"@EXTERNALIP");
After this the call goes to a failure_route to do uac_auth()
Now my problem is that this works with the providers Asterisk server.
But if the call is send to the providers Kamailio server, authentication is
rejected.
Removing uac_replace_from makes the call accepted on the Kamailio server
The only possible problem I can see is that the first INVITE without
authentication, has correct From header.
But the second with the nonce and auth, uses the wrong From header. Thus two
different From headers in the same SIP dialog.
Unfortunately uac_replace_from is not allowed in failure_route, so I could
test if this is the problem.
Is the two different From headers a problem, and how could that be fixed.
--
-------------------- Med Liberalistiske Hilsner ----------------------
Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
1:34 a.m.
Thanks for confirming.
As there seems to be no way to correct the From header in
failure_dialog, then the From header has to be modified before I receive
the call then. Which could be done by cascading with a Cascading
Kamailio instance.
-------------------- Med Liberalistiske Hilsner ----------------------
Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk
On 1/19/20 11:22 PM, Alex Balashov wrote:
In non-REGISTER requests, the From URI is the identity
being asserted,
and supported by the authentication credentials.
If you have control over the upstream Kamailio server, you can tinker
with authentication options which enforce equivalence between the
authentication username/realm and the From URI user/domain --
specifically, by turning off this enforcement.
If you don't, then a modified From value will indeed be a problem
insofar as it may deviate from the authentication credentials.
-- Alex
On Sun, Jan 19, 2020 at 11:19:26PM +0100, Kjeld Flarup wrote:
> I have a setup where I have a fallback to a GSM number
>
> I look up the GSM number and provider information in a database and sets the
> headers.
>
> dlg_manage();
> $du = "sip:" + $dbr(ra=>[0,0]);
> $tu = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
> $ru = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
> uac_replace_from("sip:"+$dbr(ra=>[0,1])+"@EXTERNALIP");
>
> After this the call goes to a failure_route to do uac_auth()
>
> Now my problem is that this works with the providers Asterisk server.
> But if the call is send to the providers Kamailio server, authentication is
> rejected.
>
> Removing uac_replace_from makes the call accepted on the Kamailio server
>
> The only possible problem I can see is that the first INVITE without
> authentication, has correct From header.
> But the second with the nonce and auth, uses the wrong From header. Thus two
> different From headers in the same SIP dialog.
>
> Unfortunately uac_replace_from is not allowed in failure_route, so I could
> test if this is the problem.
>
> Is the two different From headers a problem, and how could that be fixed.
>
>
> --
> -------------------- Med Liberalistiske Hilsner ----------------------
> Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
> Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
> Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users(a)lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
6:27 a.m.
Have you tried setting $fU/$fd directly in failure_route before uac_auth()?
On Sun, Jan 19, 2020 at 14:35 Kjeld Flarup <kjeld.flarup(a)liberalismen.dk>
wrote:
Thanks for confirming.
As there seems to be no way to correct the From header in
failure_dialog, then the From header has to be modified before I receive
the call then. Which could be done by cascading with a Cascading
Kamailio instance.
-------------------- Med Liberalistiske Hilsner ----------------------
Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
Sofienlundvej 6B, 7560 Hjerm
<https://www.google.com/maps/search/Sofienlundvej+6B,+7560+Hjerm?entry=gmail&source=g>,
Tlf: 40 29 41 49
Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk
On 1/19/20 11:22 PM, Alex Balashov wrote:
In non-REGISTER requests, the From URI is the
identity being asserted,
and supported by the authentication credentials.
If you have control over the upstream Kamailio server, you can tinker
with authentication options which enforce equivalence between the
authentication username/realm and the From URI user/domain --
specifically, by turning off this enforcement.
If you don't, then a modified From value will indeed be a problem
insofar as it may deviate from the authentication credentials.
-- Alex
On Sun, Jan 19, 2020 at 11:19:26PM +0100, Kjeld Flarup wrote:
> I have a setup where I have a fallback to a GSM number
>
> I look up the GSM number and provider information in a database and
sets the
> headers.
>
> dlg_manage();
> $du = "sip:" + $dbr(ra=>[0,0]);
> $tu = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
> $ru = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
> uac_replace_from("sip:"+$dbr(ra=>[0,1])+"@EXTERNALIP");
>
> After this the call goes to a failure_route to do uac_auth()
>
> Now my problem is that this works with the providers Asterisk server.
> But if the call is send to the providers Kamailio server,
authentication is
> rejected.
>
> Removing uac_replace_from makes the call accepted on the Kamailio server
>
> The only possible problem I can see is that the first INVITE without
> authentication, has correct From header.
> But the second with the nonce and auth, uses the wrong From header.
Thus two
> different From headers in the same SIP
dialog.
>
> Unfortunately uac_replace_from is not allowed in failure_route, so I
could
> test if this is the problem.
>
> Is the two different From headers a problem, and how could that be
fixed.
>
>
> --
> -------------------- Med Liberalistiske Hilsner ----------------------
> Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min
tegnebog
> Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29
41 49
> Den ikke akademiske hjemmeside for liberalismen -
www.liberalismen.dk
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users(a)lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
12:22 p.m.
WE had an issue like with while using rtjson module. The solution for us, was to ensure
that the auc_replace was being done in new branches (t_on_branch). If it wasn’t, uac_auth
didn’t preserve any to/from changes between INVITE without and with auth.
https://www.mail-archive.com/sr-users@lists.kamailio.org/msg10808.html
Kind Regards,
Ben
From: sr-users <sr-users-bounces(a)lists.kamailio.org> On Behalf Of Joel Serrano
Sent: 20 January 2020 03:27
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: Re: [SR-Users] uac_replace_from and uac_auth fails to authenticate.
Have you tried setting $fU/$fd directly in failure_route before uac_auth()?
On Sun, Jan 19, 2020 at 14:35 Kjeld Flarup
<kjeld.flarup@liberalismen.dk<mailto:kjeld.flarup@liberalismen.dk>> wrote:
Thanks for confirming.
As there seems to be no way to correct the From header in
failure_dialog, then the From header has to be modified before I receive
the call then. Which could be done by cascading with a Cascading
Kamailio instance.
-------------------- Med Liberalistiske Hilsner ----------------------
Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
Sofienlundvej 6B, 7560
Hjerm<https://www.google.com/maps/search/Sofienlundvej+6B,+7560+Hjerm?en…urce=g>,
Tlf: 40 29 41 49
Den ikke akademiske hjemmeside for liberalismen -
www.liberalismen.dk<http://www.liberalismen.dk>
On 1/19/20 11:22 PM, Alex Balashov wrote:
In non-REGISTER requests, the From URI is the identity
being asserted,
and supported by the authentication credentials.
If you have control over the upstream Kamailio server, you can tinker
with authentication options which enforce equivalence between the
authentication username/realm and the From URI user/domain --
specifically, by turning off this enforcement.
If you don't, then a modified From value will indeed be a problem
insofar as it may deviate from the authentication credentials.
-- Alex
On Sun, Jan 19, 2020 at 11:19:26PM +0100, Kjeld Flarup wrote:
> I have a setup where I have a fallback to a GSM number
>
> I look up the GSM number and provider information in a database and sets the
> headers.
>
> dlg_manage();
> $du = "sip:" + $dbr(ra=>[0,0]);
> $tu = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
> $ru = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
> uac_replace_from("sip:"+$dbr(ra=>[0,1])+"@EXTERNALIP");
>
> After this the call goes to a failure_route to do uac_auth()
>
> Now my problem is that this works with the providers Asterisk server.
> But if the call is send to the providers Kamailio server, authentication is
> rejected.
>
> Removing uac_replace_from makes the call accepted on the Kamailio server
>
> The only possible problem I can see is that the first INVITE without
> authentication, has correct From header.
> But the second with the nonce and auth, uses the wrong From header. Thus two
> different From headers in the same SIP dialog.
>
> Unfortunately uac_replace_from is not allowed in failure_route, so I could
> test if this is the problem.
>
> Is the two different From headers a problem, and how could that be fixed.
>
>
> --
> -------------------- Med Liberalistiske Hilsner ----------------------
> Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
> Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
> Den ikke akademiske hjemmeside for liberalismen -
www.liberalismen.dk<http://www.liberalismen.dk>
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
23 Jan
23 Jan
11:02 p.m.
Thanks for the suggestions.
Much to my surprise just setting $fu did the trick.
-------------------- Med Liberalistiske Hilsner ----------------------
Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk
On 1/20/20 4:27 AM, Joel Serrano wrote:
Have you tried setting $fU/$fd directly in
failure_route before
uac_auth()?
On Sun, Jan 19, 2020 at 14:35 Kjeld Flarup
<kjeld.flarup(a)liberalismen.dk <mailto:kjeld.flarup@liberalismen.dk>>
wrote:
Thanks for confirming.
As there seems to be no way to correct the From header in
failure_dialog, then the From header has to be modified before I
receive
the call then. Which could be done by cascading with a Cascading
Kamailio instance.
-------------------- Med Liberalistiske Hilsner ----------------------
Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min
tegnebog
Sofienlundvej 6B, 7560 Hjerm
<https://www.google.com/maps/search/Sofienlundvej+6B,+7560+Hjerm?entry=gmail&source=g>,
Tlf: 40 29 41 49
Den ikke akademiske hjemmeside for liberalismen -
www.liberalismen.dk <http://www.liberalismen.dk>
On 1/19/20 11:22 PM, Alex Balashov wrote:
In non-REGISTER requests, the From URI is the
identity being
asserted,
and supported by the authentication credentials.
If you have control over the upstream Kamailio server, you can
tinker
with authentication options which enforce
equivalence between the
authentication username/realm and the From URI user/domain --
specifically, by turning off this enforcement.
If you don't, then a modified From value will indeed be a problem
insofar as it may deviate from the authentication credentials.
-- Alex
On Sun, Jan 19, 2020 at 11:19:26PM +0100, Kjeld Flarup wrote:
> I have a setup where I have a fallback to a GSM number
>
> I look up the GSM number and provider information in a database
and sets
the
> headers.
>
> dlg_manage();
> $du = "sip:" + $dbr(ra=>[0,0]);
> $tu = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
> $ru = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
> uac_replace_from("sip:"+$dbr(ra=>[0,1])+"@EXTERNALIP");
>
> After this the call goes to a failure_route to do uac_auth()
>
> Now my problem is that this works with the providers Asterisk
server.
> But if the call is send to the providers
Kamailio server,
authentication is
> rejected.
>
> Removing uac_replace_from makes the call accepted on the
Kamailio server
>
> The only possible problem I can see is that the first INVITE
without
> authentication, has correct From header.
> But the second with the nonce and auth, uses the wrong From
header. Thus
two
> different From headers in the same SIP
dialog.
>
> Unfortunately uac_replace_from is not allowed in failure_route,
so I
could
> test if this is the problem.
>
> Is the two different From headers a problem, and how could that
be fixed.
>
>
> --
> -------------------- Med Liberalistiske Hilsner
----------------------
> Civilingeniør, Kjeld Flarup - Mit sind er
mere åbent end
min tegnebog
> Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29
41 49
> Den ikke akademiske hjemmeside for liberalismen -
www.liberalismen.dk
<http://www.liberalismen.dk>
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users(a)lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
20 Jan
20 Jan
10:44 a.m.
God morgen Kjeld,
You can use uac_replace_from/_to in a branch route, e.g.:
[...]
$avp(from_uri) = "sip:"+$dbr(ra=>[0,1])+"@EXTERNALIP";
t_on_branch("UPDATE_FROM");
[...]
branch_route(UPDATE_FROM) {
uac_replace_from("$avp(from_uri)");
}
This should solve your issue.
Med venlig hilsen,
Carsten Bock (lidt Vendelbo)
--
Carsten Bock I CTO & Founder
ng-voice GmbH
Trostbrücke 1 I 20457 Hamburg I Germany
T +49 40 524 75 93-40 | M +49 179 2021244 I www.ng-voice.com
Registry Office at Local Court Hamburg, HRB 120189
Managing Directors: Dr. David Bachmann, Carsten Bock
Am So., 19. Jan. 2020 um 23:20 Uhr schrieb Kjeld Flarup <
kjeld.flarup(a)liberalismen.dk>gt;:
I have a setup where I have a fallback to a GSM
number
I look up the GSM number and provider information in a database and sets
the headers.
dlg_manage();
$du = "sip:" + $dbr(ra=>[0,0]);
$tu = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
$ru = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
uac_replace_from("sip:"+$dbr(ra=>[0,1])+"@EXTERNALIP");
After this the call goes to a failure_route to do uac_auth()
Now my problem is that this works with the providers Asterisk server.
But if the call is send to the providers Kamailio server, authentication
is rejected.
Removing uac_replace_from makes the call accepted on the Kamailio server
The only possible problem I can see is that the first INVITE without
authentication, has correct From header.
But the second with the nonce and auth, uses the wrong From header. Thus
two different From headers in the same SIP dialog.
Unfortunately uac_replace_from is not allowed in failure_route, so I
could test if this is the problem.
Is the two different From headers a problem, and how could that be fixed.
--
-------------------- Med Liberalistiske Hilsner ----------------------
Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
1767
days inactive
1771
days old
6 comments
5 participants
participants (5)
-
Alex Balashov -
Ben Merrills -
Carsten Bock -
Joel Serrano -
Kjeld Flarup