Hello list!
I do have something like this in my ser.cfg: if (method=="REGISTER") { if (!www_authorize("domain.com", "subscriber")) { www_challenge("domain.com", "1"); break; }; break; };
It works perfectly.
And if I set a line in my snom with inexistant account, of course REGISTER fails: [2]8/6/2005 16:29:39: Registrar 9898@212.xxx.xxx.xxx refused with code 401
But, with the same un-REGISTERed phone, I can phone: INVITE works :(
I then tried something like this: if (method=="INVITE"){ if (src_ip != "212.xxx.xxx.xxx"){ if (!www_authorize("domain.com", "subscriber")) { www_challenge("domain.com", "1"); break; }; }; else{ route(1); }; };
And then, SER fail to restart: Starting SIP Express Router ERROR: bad config file (6 errors) startproc: exit status of parent of /usr/local/sbin/ser: 255
Is my approach wrong or am I doing a little typo-like error?
Best regards
Hello,
Lol Zimmerli lolzim@worldcom.ch écrit/wrote:
I then tried something like this: if (method=="INVITE"){ if (src_ip != "212.xxx.xxx.xxx"){ if (!www_authorize("domain.com", "subscriber")) { www_challenge("domain.com", "1"); break; }; }; else{ route(1); }; };
After reading more doc, I found proxy_*() functions, but this: if (method=="INVITE"){ if (src_ip != "212.xxx.xxx.xxx"){ if (!proxy_authorize("domain.com", "subscriber")) { proxy_challenge("domain.com", "1"); break; }; }; else{ route(1); }; };
Fails also: Starting SIP Express Router ERROR: bad config file (6 errors) startproc: exit status of parent of /usr/local/sbin/ser: 255
:(
On Jun 08, 2005 at 17:12, Lol Zimmerli lolzim@worldcom.ch wrote:
Hello,
Lol Zimmerli lolzim@worldcom.ch ?crit/wrote:
I then tried something like this: if (method=="INVITE"){ if (src_ip != "212.xxx.xxx.xxx"){ if (!www_authorize("domain.com", "subscriber")) { www_challenge("domain.com", "1"); break; }; }; else{ route(1); }; };
After reading more doc, I found proxy_*() functions, but this:
Yes, proxy_*() are better for authenticating non-REGISTERs (they are "more" correct).
if (method=="INVITE"){ if (src_ip != "212.xxx.xxx.xxx"){ if (!proxy_authorize("domain.com", "subscriber")) { proxy_challenge("domain.com", "1"); break; }; };
^^^ - try removing it
else{ route(1); }; };
Fails also: Starting SIP Express Router ERROR: bad config file (6 errors) startproc: exit status of parent of /usr/local/sbin/ser: 255
To check for config errors run: ser -f ser.cfg, or look in the log (you'll have more verbose reasons there).
Andrei
Hello,
Lol Zimmerli lolzim@worldcom.ch écrit/wrote:
But, with the same un-REGISTERed phone, I can phone: INVITE works :(
I have reset my ser.cfg as before (no auth in INVITE) and it still allow unREGISTERed lines to call. But there are differences between a unREGISTERed line making a call and a REGISTERed line making the same call (user 6767 does not exist in SER):
unREGISTERed making a call (my.snom.com was my phone IP and ser.ourdomain.com was our ser's IP): Jun 8 18:16:57 ser /usr/local/sbin/ser[8801]: INVITE sip:58@ser.ourdomain.com;user=phone SIP/2.0^M Via: SIP/2.0/UDP my.snom.com:2057;branch=z9hG4bK-iu1yvumdahv5;rport^M From: "6767" sip:6767@ser.ourdomain.com;tag=dczf0tjeat^M To: sip:58@ser.ourdomain.com;user=phone^M Call-ID: 3c3744f3bbfd-aybvd3uj7tzh@snom190^M CSeq: 1 INVITE^M Max-Forwards: 70^M Contact: sip:6767@my.snom.com:2057;line=xyngh2h4^M P-Key-Flags: keys="3"^M User-Agent: snom190/3.60b^M Accept-Language: en^M Accept: application/sdp^M Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, PRACK, MESSAGE, INFO^M Allow-Events: talk, hold, refer^M Supported: timer, 100rel, replaces^M Session-Expires: 1800^M Content-Type: application/sdp^M Content-Length: 436^M ^M v=0^M o=root 834608932 834608932 IN IP4 my.snom.com^M s=call^M c=IN IP4 my.snom.com^M t=0 0^M m=audio 56390 RTP/AVP 0 8 9 2 3 18 4 101^M a=rtpmap:0 pcmu/8000^M a=rtpmap:8 pcma/8000^M a=rtpmap:9 g722/8000^M a=rtpmap:2 g726-32/8000^M a=rtpmap:3 gsm/8000^M a=rtpmap:18 g729/8
Yes, only one packet. My Snom shows me the call is on its way and I hear the other side ringing.
Meantime snomlog: [8]8/6/2005 18:16:57: No special routing, routing to sip:58@212.74.174.213;user=phone [8]8/6/2005 18:16:57: route_pending_packet 1182940: entry=url ? sip:58@212.74.174.213;user=phone [8]8/6/2005 18:16:57: route_pending_packet 1182940: entry=udp 212.74.174.213 5060 [8]8/6/2005 18:16:57: Send Packet INVITE [5]8/6/2005 18:16:57: Dialog 157/186 going to trying [5]8/6/2005 18:16:57: Dialog 157/186 going to proceeding [5]8/6/2005 18:16:57: Dialog 157/186 going to early
Now, for the same result, here's what I have for the REGISTERed line:
Jun 8 18:18:31 ser /usr/local/sbin/ser[8798]: INVITE sip:58@ser.ourdomain.com;user=phone SIP/2.0^M Via: SIP/2.0/UDP my.snom.com:2057;branch=z9hG4bK-g5147wx5hvc8;rport^M From: "58010" sip:58010@ser.ourdomain.com;tag=uj3e0k67xk^M To: sip:58@ser.ourdomain.com;user=phone^M Call-ID: 3c3745513f7a-ymr19tx0k88i@snom190^M CSeq: 1 INVITE^M Max-Forwards: 70^M Contact: sip:58010@my.snom.com:2057;line=d1t5gidy^M P-Key-Flags: keys="3"^M User-Agent: snom190/3.60b^M Accept-Language: en^M Accept: application/sdp^M Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, PRACK, MESSAGE, INFO^M Allow-Events: talk, hold, refer^M Supported: timer, 100rel, replaces^M Session-Expires: 1800^M Content-Type: application/sdp^M Content-Length: 436^M ^M v=0^M o=root 907199353 907199353 IN IP4 my.snom.com^M s=call^M c=IN IP4 my.snom.com^M t=0 0^M m=audio 56308 RTP/AVP 0 8 9 2 3 18 4 101^M a=rtpmap:0 pcmu/8000^M a=rtpmap:8 pcma/8000^M a=rtpmap:9 g722/8000^M a=rtpmap:2 g726-32/8000^M a=rtpmap:3 gsm/8000^M a=rtpmap:18 g72 Jun 8 18:18:31 ser /usr/local/sbin/ser[8803]: ACK sip:58@ser.ourdomain.com;user=phone SIP/2.0^M Via: SIP/2.0/UDP my.snom.com:2057;branch=z9hG4bK-g5147wx5hvc8;rport^M From: "58010" sip:58010@ser.ourdomain.com;tag=uj3e0k67xk^M To: sip:58@ser.ourdomain.com;user=phone;tag=as39d5cec5^M Call-ID: 3c3745513f7a-ymr19tx0k88i@snom190^M CSeq: 1 ACK^M Max-Forwards: 70^M Contact: sip:58010@my.snom.com:2057;line=d1t5gidy^M Content-Length: 0^M ^M Jun 8 18:18:31 ser /usr/local/sbin/ser[8798]: INVITE sip:58@ser.ourdomain.com;user=phone SIP/2.0^M Via: SIP/2.0/UDP my.snom.com:2057;branch=z9hG4bK-gl1d555d7r8i;rport^M From: "58010" sip:58010@ser.ourdomain.com;tag=uj3e0k67xk^M To: sip:58@ser.ourdomain.com;user=phone^M Call-ID: 3c3745513f7a-ymr19tx0k88i@snom190^M CSeq: 2 INVITE^M Max-Forwards: 70^M Contact: sip:58010@my.snom.com:2057;line=d1t5gidy^M P-Key-Flags: keys="3"^M User-Agent: snom190/3.60b^M Accept-Language: en^M Accept: application/sdp^M Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, PRACK, MESSAGE, INFO^M Allow-Events: talk, hold, refer^M Supported: timer, 100rel, replaces^M Session-Expires: 1800^M Proxy-Authorization: Digest username="58010",realm="worldcom.ch",nonce="09fe6ec3",uri="sip:58@ser .ourdomain.com;user=phone",response="b85f4e22f3c1d5c1584e2240fa41542f ",algorithm=md5^M Content-Type: application/sdp^M Content-Length: 436^M ^M v=0^M o=root 907199353 907199353 IN IP4 my.snom.com^M s=call^M c=IN IP4 my.snom.com^M t= Jun 8 18:18:31 ser /usr/local/sbin/ser[8801]: ACK sip:58@ser.ourdomain.com;user=phone SIP/2.0^M Via: SIP/2.0/UDP my.snom.com:2057;branch=z9hG4bK-g5147wx5hvc8;rport^M From: "58010" sip:58010@ser.ourdomain.com;tag=uj3e0k67xk^M To: sip:58@ser.ourdomain.com;user=phone;tag=as39d5cec5^M Call-ID: 3c3745513f7a-ymr19tx0k88i@snom190^M CSeq: 1 ACK^M Max-Forwards: 70^M Contact: sip:58010@my.snom.com:2057;line=d1t5gidy^M Content-Length: 0^M ^M
Meantime snomlog: [8]8/6/2005 18:18:31: No special routing, routing to sip:58@212.74.174.213;user=phone [8]8/6/2005 18:18:31: route_pending_packet 1182961: entry=url ? sip:58@212.74.174.213;user=phone [8]8/6/2005 18:18:31: route_pending_packet 1182961: entry=udp 212.74.174.213 5060 [8]8/6/2005 18:18:31: Send Packet INVITE [5]8/6/2005 18:18:31: Dialog 158/187 going to trying [5]8/6/2005 18:18:31: Dialog 158/187 going to proceeding [8]8/6/2005 18:18:31: Routing to explicit plan udp 212.74.174.213 5060 [8]8/6/2005 18:18:31: route_pending_packet 1182962: entry=udp 212.74.174.213 5060 [8]8/6/2005 18:18:31: Send Packet ACK [5]8/6/2005 18:18:31: Match challenge for user=58010, realm=worldcom.ch [8]8/6/2005 18:18:31: Routing to explicit plan udp 212.74.174.213 5060 [8]8/6/2005 18:18:31: route_pending_packet 1182963: entry=udp 212.74.174.213 5060 [8]8/6/2005 18:18:31: Send Packet INVITE [5]8/6/2005 18:18:31: Dialog 158/187 going to early
I guess there should be something in ser.cfg to disallow the call in the first case, but what?
-
Andrei Pelinescu-Onciul -
Lol Zimmerli