I want to authenticate in openser some users which are in asterisk conf (to do load balancing with another asterisk). If I delete the user from the asterisk config and insecure=invite for the openser, asterisk accept the call, but, I want that asterisk see that it is that user which is doing the call.
Cordialement, BERGANZ François
http://www.acropolistelecom.net Pensez à l'Environnement, n'imprimez ce mail que si nécessaire.
-----Message d'origine----- De : Andrew V.Statsenko [mailto:alter@siptalk.ru] Envoyé : jeudi 18 décembre 2008 11:00 À : BERGANZ François Objet : ***SPAM*** Re: [Kamailio-Users] openser and asterisk auth problem.
В Чтв, 18/12/2008 в 10:31 +0100, BERGANZ François пишет:
-----I have that error:
<--- SIP read from UDP://192.168.1.156:5060 ---> INVITE sip:33662971130@192.168.1.156 SIP/2.0 Record-Route: sip:192.168.1.156;lr=on;ftag=0c46027a Via: SIP/2.0/UDP 192.168.1.156;branch=z9hG4bK20d2.de427962.0 Via: SIP/2.0/UDP 192.168.1.60:43490;branch=z9hG4bK-d8754z-c15d2350d0742a11-1---d8754z-;rport=43490 Max-Forwards: 70 Contact: sip:6833211245@192.168.1.60:43490 To: "33662971130"sip:33662971130@192.168.1.156 From: "6833211245"sip:6833211245@192.168.1.156;tag=0c46027a Call-ID: YTkxOWU5MGJjZjJhMWFmODZhMzZkMTU1YzUzYjUyMTc. CSeq: 2 INVITE Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO Content-Type: application/sdp User-Agent: X-Lite release 1100l stamp 47546 Content-Length: 231
[..]
<-------------> --- (14 headers 10 lines) --- Sending to 192.168.1.156 : 5060 (no NAT) Using INVITE request as basis request - YTkxOWU5MGJjZjJhMWFmODZhMzZkMTU1YzUzYjUyMTc. Found user '6833211245' for '6833211245'
This is the key trouble in your configuration: Asterisk trying to authenticate this call as call from _user_ (INVITE->401->INVITE+auth), but not as _peer_.
Will you describe us where you want to authenticate you users :
- at the OpenSER frontend (BTW, I don't see auth headers in first INVITE) - or in the Asterisk backend ?
Which service logic you are building ?
-- WBR, Alter
18/12/2008 в 11:14 +0100, BERGANZ François wrote:
I want to authenticate in openser some users
OK, frontend will auth users - need some code in INVITE route in the kamailio config.
which are in asterisk conf (to do load balancing with another asterisk).
Also little code in kamailio config.
If I delete the user from the asterisk config and insecure=invite for the openser,
OK, also little code in kamailio for 'From' user must be same as 'Auth' user
asterisk accept the call, but, I want that asterisk see that it is
that user which is doing the call.
You can take this information (that it is that user) in your Asterisk dialplan through 'From' header
-- WBR, Alter
Can you explain me a little more please?
Cordialement, BERGANZ François
http://www.acropolistelecom.net Pensez à l'Environnement, n'imprimez ce mail que si nécessaire.
-----Message d'origine----- De : users-bounces@lists.kamailio.org [mailto:users-bounces@lists.kamailio.org] De la part de Andrew V.Statsenko Envoyé : jeudi 18 décembre 2008 11:27 À : users@lists.kamailio.org Objet : Re: [Kamailio-Users] openser and asterisk auth problem.
18/12/2008 в 11:14 +0100, BERGANZ François wrote:
I want to authenticate in openser some users
OK, frontend will auth users - need some code in INVITE route in the kamailio config.
which are in asterisk conf (to do load balancing with another asterisk).
Also little code in kamailio config.
If I delete the user from the asterisk config and insecure=invite for the openser,
OK, also little code in kamailio for 'From' user must be same as 'Auth' user
asterisk accept the call, but, I want that asterisk see that it is
that user which is doing the call.
You can take this information (that it is that user) in your Asterisk dialplan through 'From' header
-- WBR, Alter
_______________________________________________ Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
18/12/2008 в 11:31 +0100, BERGANZ François wrote:
Can you explain me a little more please?
Well, I will try, but I not sure that I can ;-) Also, sory for my bad english.
If I understand your task correctly (not sure) , in my point of view you can make this service logic:
- user 1001 send initial INVITE to your service - Kamailio frontend ask your OSS/BSS and check that user 1001 in service (if not - reply Forbidden) - Kamailio send 407 Proxy authorize to the user - user send INVITE with Authorization header - Kamailio check authorization & verify that Authorization: Digest username="1001".. header & From: 1001@... headers have same user. - Kamailio make a decision to which Asterisk backend send this call and proxy it
Here the end of Kamailio frontend tasks.
- Asterisk start to execute dialplan - Asterisk take user info 1001 from 'From' header and write this to CDR - Asterisk terminate this call to the needed peer, IVR, queue or other App Server as you need.
Here the end of Asterisk backend tasks.
In this case Asterisk working only as transit switch, codes translator or application server.
If you are not very familiar with Kamailio, may be you take a look for http://siprouter.teigre.com/doc/gettingstarted/ - we are need to talk at same language ;-)
P.S. BTW, this backend (Asterisk) is not very scalable. IMHO.
-- WBR, Alter
Hi, in asterisk sip.conf file ...
[openser] type = friend host=ip_address_of_open insecure = very username=dummy_name proxy= host outbound_proxy=host nat = yes; canreinvnit =no;
And In Asterisk CTL > show sip peers You will see the openser peer is registered....
And See openSER debug whether Option Header and Signaling Happing properly or not. In openSER.cfg check asterisk ip is restricting or not ?
Thanks &Regards Ravi Prakash Sunkara VoIP Architect & JAVA-SIP Developer +91-9999882776
2008/12/18 BERGANZ François francois@acropolistelecom.net
I want to authenticate in openser some users which are in asterisk conf (to do load balancing with another asterisk). If I delete the user from the asterisk config and insecure=invite for the openser, asterisk accept the call, but, I want that asterisk see that it is that user which is doing the call.
Cordialement, BERGANZ François
http://www.acropolistelecom.net Pensez à l'Environnement, n'imprimez ce mail que si nécessaire.
-----Message d'origine----- De : Andrew V.Statsenko [mailto:alter@siptalk.ru] Envoyé : jeudi 18 décembre 2008 11:00 À : BERGANZ François Objet : ***SPAM*** Re: [Kamailio-Users] openser and asterisk auth problem.
В Чтв, 18/12/2008 в 10:31 +0100, BERGANZ François пишет:
-----I have that error:
<--- SIP read from UDP://192.168.1.156:5060 ---> INVITE sip:33662971130@192.168.1.156 sip%3A33662971130@192.168.1.156SIP/2.0 Record-Route: sip:192.168.1.156;lr=on;ftag=0c46027a Via: SIP/2.0/UDP 192.168.1.156;branch=z9hG4bK20d2.de427962.0 Via: SIP/2.0/UDP 192.168.1.60:43490
;branch=z9hG4bK-d8754z-c15d2350d0742a11-1---d8754z-;rport=43490
Max-Forwards: 70 Contact: sip:6833211245@192.168.1.60:43490 To: "33662971130"<sip:33662971130@192.168.1.156sip%3A33662971130@192.168.1.156
From: "6833211245"<sip:6833211245@192.168.1.156sip%3A6833211245@192.168.1.156 ;tag=0c46027a Call-ID: YTkxOWU5MGJjZjJhMWFmODZhMzZkMTU1YzUzYjUyMTc. CSeq: 2 INVITE Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
Content-Type: application/sdp User-Agent: X-Lite release 1100l stamp 47546 Content-Length: 231
[..]
<-------------> --- (14 headers 10 lines) --- Sending to 192.168.1.156 : 5060 (no NAT) Using INVITE request as basis request -
YTkxOWU5MGJjZjJhMWFmODZhMzZkMTU1YzUzYjUyMTc.
Found user '6833211245' for '6833211245'
This is the key trouble in your configuration: Asterisk trying to authenticate this call as call from _user_ (INVITE->401->INVITE+auth), but not as _peer_.
Will you describe us where you want to authenticate you users :
- at the OpenSER frontend (BTW, I don't see auth headers in first
INVITE)
- or in the Asterisk backend ?
Which service logic you are building ?
-- WBR, Alter
Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
-
Andrew V.Statsenko -
BERGANZ François -
LetMeKnow