Hello,
I have made some progress since my previous post, but not enough :).
------------- -------- --- -------- |Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk| ------------- -------- --- -------- IP addresses: a.b.c.d q.w.e.r
The SIP softphone(x-lite) is configured to register with the asterisk server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup as the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090). Authentication credentials for the softphone match the user registered in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio listening on port 5060.
The asterisk server is setup to listen on port 5060.
The Firewall(F.W), uses a libnetfilter_queue based program to :
(a) Rewrite the destination port 9090 as 5060, and rewrite all other occurrences of 9090 as 5060 in the SIP message, for packets from the softphone to the asterisk server.
(b) Rewrite the source port 5060 as 9090, and rewrite all other occurrences of 5060 as 9090 in the SIP message, for packets from the asterisk server to the softphone.
The following exchange of SIP messages take place -Sip softphone sends a REGISTER message to asterisk -Asterisk responds with a 401 UNAUTHORIZED -Sip softphone replies with a REGISTER message containing auth. info. -Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION
The above setup works when the softphone uses port 5060, so there problem here does not have anything to do with Authorization credentials.
Is it possible i might be modifying parts of the packet that shouldn't be modified or i might not be modifying some relevant parts of the packet ?
Thanks in advance, Vikram.
Hello,
On 1/21/10 4:18 AM, Vikram Ragukumar wrote:
Hello,
I have made some progress since my previous post, but not enough :).
|Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk|
IP addresses: a.b.c.d q.w.e.rThe SIP softphone(x-lite) is configured to register with the asterisk server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup as the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090). Authentication credentials for the softphone match the user registered in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio listening on port 5060.
The asterisk server is setup to listen on port 5060.
The Firewall(F.W), uses a libnetfilter_queue based program to :
(a) Rewrite the destination port 9090 as 5060, and rewrite all other occurrences of 9090 as 5060 in the SIP message, for packets from the softphone to the asterisk server.
(b) Rewrite the source port 5060 as 9090, and rewrite all other occurrences of 5060 as 9090 in the SIP message, for packets from the asterisk server to the softphone.
The following exchange of SIP messages take place -Sip softphone sends a REGISTER message to asterisk -Asterisk responds with a 401 UNAUTHORIZED -Sip softphone replies with a REGISTER message containing auth. info. -Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION
The above setup works when the softphone uses port 5060, so there problem here does not have anything to do with Authorization credentials.
Is it possible i might be modifying parts of the packet that shouldn't be modified or i might not be modifying some relevant parts of the packet ?
You should run asterisk with debug enabled and see the printed messages for some hints. Probably people on asterisk ML can help better.
Cheers, Daniel
Maybe you have rewritten parts of the message which are used during calculation of the digest response, e.g. request URI.
regards klaus
Vikram Ragukumar schrieb:
Hello,
I have made some progress since my previous post, but not enough :).
|Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk|
IP addresses: a.b.c.d q.w.e.rThe SIP softphone(x-lite) is configured to register with the asterisk server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup as the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090). Authentication credentials for the softphone match the user registered in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio listening on port 5060.
The asterisk server is setup to listen on port 5060.
The Firewall(F.W), uses a libnetfilter_queue based program to :
(a) Rewrite the destination port 9090 as 5060, and rewrite all other occurrences of 9090 as 5060 in the SIP message, for packets from the softphone to the asterisk server.
(b) Rewrite the source port 5060 as 9090, and rewrite all other occurrences of 5060 as 9090 in the SIP message, for packets from the asterisk server to the softphone.
The following exchange of SIP messages take place -Sip softphone sends a REGISTER message to asterisk -Asterisk responds with a 401 UNAUTHORIZED -Sip softphone replies with a REGISTER message containing auth. info. -Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION
The above setup works when the softphone uses port 5060, so there problem here does not have anything to do with Authorization credentials.
Is it possible i might be modifying parts of the packet that shouldn't be modified or i might not be modifying some relevant parts of the packet ?
Thanks in advance, Vikram.
Kamailio (OpenSER) - Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
Klaus,Daniel.
Thank you for your responses. Seems like i was overwriting fields used in computation of the digest response. The call flow works perfectly when i disable authentication. Will make necessary modifications to work with digest authentication.
Once again, thank you for your help.
Regards, Vikram.
Klaus Darilion wrote:
Maybe you have rewritten parts of the message which are used during calculation of the digest response, e.g. request URI.
regards klaus
Vikram Ragukumar schrieb:
Hello,
I have made some progress since my previous post, but not enough :).
|Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk|
IP addresses: a.b.c.d q.w.e.rThe SIP softphone(x-lite) is configured to register with the asterisk server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup as the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090). Authentication credentials for the softphone match the user registered in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio listening on port 5060.
The asterisk server is setup to listen on port 5060.
The Firewall(F.W), uses a libnetfilter_queue based program to :
(a) Rewrite the destination port 9090 as 5060, and rewrite all other occurrences of 9090 as 5060 in the SIP message, for packets from the softphone to the asterisk server.
(b) Rewrite the source port 5060 as 9090, and rewrite all other occurrences of 5060 as 9090 in the SIP message, for packets from the asterisk server to the softphone.
The following exchange of SIP messages take place -Sip softphone sends a REGISTER message to asterisk -Asterisk responds with a 401 UNAUTHORIZED -Sip softphone replies with a REGISTER message containing auth. info. -Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION
The above setup works when the softphone uses port 5060, so there problem here does not have anything to do with Authorization credentials.
Is it possible i might be modifying parts of the packet that shouldn't be modified or i might not be modifying some relevant parts of the packet ?
Thanks in advance, Vikram.
Kamailio (OpenSER) - Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
-
Daniel-Constantin Mierla -
Klaus Darilion -
Vikram Ragukumar