I have SER setup on 10.9.8.7 which is on the internet. I have a Cisco ATA at home beind a linksys router. The ATA has an non-routeable ip of 192.168.1.107, while the public IP of my linksys router is 1.2.3.4 I can not get the cisco ATA to register, and i dont know why. I have posted results on Ngrep, also some debugging info from SER and my acutal ser.cfg In the setup for the ATA I gave it the proxy as an IP address (10.9.8.7), there is no place in the cisco config (that I can find) to specify a domain/realm. And the DNS server that my linksys router has doesnt have a route to sip1.jmusa.com Is that the problem, if so whats the best way around it?
Results of ngrep:
U 1.2.3.4:5060 -> 10.9.8.7:5060 REGISTER sip:10.9.8.7SIP/2.0..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6 a..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <sip:8306@10.9.8.7; user=phone>..Call-ID: 2834281883@192.168.1.107..CSeq: 3 REGISTER..Contact: Aaron <sip:8306@192.168.1. 107:5060;user=phone;transport=udp>;expires=3600..User-Agent: Cisco ATA 188 v3.2.0 atasip (041111A).. Authorization: Digest username="8306",realm="sip1.jmusa.com",nonce="427023d34e56189a2adcddfb16228dde9 f51f0eb",uri="sip:10.9.8.7",response="7b9e7ec34e8d4f8157fb66e140f95cbe"..Content-Length: 0.... # U 10.9.8.7:5060 -> 1.2.3.4:5060 SIP/2.0 100 Trying..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;received=69.14 2.66.52..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <sip:8306@65.199.1 91.83;user=phone>..Call-ID: 2834281883@192.168.1.107..CSeq: 3 REGISTER..Server: Sip EXpress router (0 .9.0 (i386/linux))..Content-Length: 0..Warning: 392 10.9.8.7:5060 "Noisy feedback tells: pid=91 53 req_src_ip=1.2.3.4 req_src_port=5060 in_uri=sip:10.9.8.7out_uri=sip:10.9.8.7via_c nt==1".... # U 10.9.8.7:5060 -> 1.2.3.4:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;rport=50 60;received=1.2.3.4..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron < sip:8306@10.9.8.7;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.a0aa..Call-ID: 2834281883@192 .168.1.107..CSeq: 3 REGISTER..WWW-Authenticate: Digest realm="jmusa.com", nonce="427147ef446cc27cc8b6 502323243e02f9b5dfb6"..Server: Sip EXpress router (0.9.0 (i386/linux))..Content-Length: 0..Warning: 3 92 10.9.8.7:5060 "Noisy feedback tells: pid=9153 req_src_ip=1.2.3.4 req_src_port=5060 in_u ri=sip:10.9.8.7out_uri=sip:10.9.8.7via_cnt==1"....
My messages: Apr 28 16:26:33 sip1 /sbin/ser[9148]: CLIENT NAT TEST 7 IS TRUE: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 Apr 28 16:26:33 sip1 /sbin/ser[9148]: BEGIN WWW AUTH: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 Apr 28 16:26:33 sip1 /sbin/ser[9148]: WWW AUTHFAIL PRE CHALLEGE: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 ---Then nothing else......
My ser.cfg (snipped) ----snip---- if (method=="INVITE") { route(3); break; } else if (method=="REGISTER") { route(2); break; ----snip---- route[2] { # ----------------------------------------------------------------- # REGISTER Message Handler # ---------------------------------------------------------------- sl_send_reply("100", "Trying"); if (!search("^Contact: *") && client_nat_test("7")) { xlog("L_ERR","CLIENT NAT TEST 7 IS TRUE: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); setflag(6); fix_nated_register(); force_rport(); }; xlog("L_ERR","BEGIN WWW AUTH: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); if (!www_authorize("sip1.jmusa.com","subscriber")) { xlog("L_ERR"," WWW AUTHFAIL PRE CHALLEGE: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); www_challenge("sip1.jmusa.com","0"); xlog("L_ERR"," WWW AUTHFAIL POST CHALLEGE From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); break; };
if (!check_to()) { sl_send_reply("401", "Unauthorized"); break; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; }
In my Allnet, devices I have the same problem, I have no options to set realm or domain, what I usually do is, to have a dns entry for the domain/realm at my dns server and in device I use the same entry as outbound and sip proxy, instead of using an ip entry or other dns name.
Another choice is to try out at authentication user or in user field, to use this form sipuser@realm instead of sipuser.
I never configure a Cisco ATA, but in you case I will try the both ways.
Regards and keep us current of results.
Elton
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Aaron W Sent: quinta-feira, 28 de Abril de 2005 21:52 To: serusers@lists.iptel.org Subject: [Serusers] Can't Register Cisco ATA - www_challege Fails
I have SER setup on 10.9.8.7 which is on the internet. I have a Cisco ATA at home beind a linksys router. The ATA has an non-routeable ip of 192.168.1.107, while the public IP of my linksys router is 1.2.3.4 I can not get the cisco ATA to register, and i dont know why. I have posted results on Ngrep, also some debugging info from SER and my acutal ser.cfg In the setup for the ATA I gave it the proxy as an IP address (10.9.8.7), there is no place in the cisco config (that I can find) to specify a domain/realm. And the DNS server that my linksys router has doesnt have a route to sip1.jmusa.com Is that the problem, if so whats the best way around it?
Results of ngrep:
U 1.2.3.4:5060 -> 10.9.8.7:5060 REGISTER sip:10.9.8.7SIP/2.0..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6 a..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <sip:8306@10.9.8.7; user=phone>..Call-ID: 2834281883@192.168.1.107..CSeq: 3 REGISTER..Contact: Aaron <sip:8306@192.168.1. 107:5060;user=phone;transport=udp>;expires=3600..User-Agent: Cisco ATA 188 v3.2.0 atasip (041111A).. Authorization: Digest username="8306",realm="sip1.jmusa.com",nonce="427023d34e56189a2adcddfb16228d de9
f51f0eb",uri="sip:10.9.8.7",response="7b9e7ec34e8d4f8157fb66e140f95cbe"..Con tent-Length: 0.... # U 10.9.8.7:5060 -> 1.2.3.4:5060 SIP/2.0 100 Trying..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;received=69.14 2.66.52..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <sip:8306@65.199.1 91.83;user=phone>..Call-ID: 2834281883@192.168.1.107..CSeq: 3 REGISTER..Server: Sip EXpress router (0 .9.0 (i386/linux))..Content-Length: 0..Warning: 392 10.9.8.7:5060 "Noisy feedback tells: pid=91 53 req_src_ip=1.2.3.4 req_src_port=5060 in_uri=sip:10.9.8.7out_uri=sip:10.9.8.7via_c nt==1".... # U 10.9.8.7:5060 -> 1.2.3.4:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;rport=50 60;received=1.2.3.4..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <
sip:8306@10.9.8.7;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.a0aa..Cal l-ID: 2834281883@192 .168.1.107..CSeq: 3 REGISTER..WWW-Authenticate: Digest realm="jmusa.com", nonce="427147ef446cc27cc8b6 502323243e02f9b5dfb6"..Server: Sip EXpress router (0.9.0 (i386/linux))..Content-Length: 0..Warning: 3 92 10.9.8.7:5060 "Noisy feedback tells: pid=9153 req_src_ip=1.2.3.4 req_src_port=5060 in_u ri=sip:10.9.8.7out_uri=sip:10.9.8.7via_cnt==1"....
My messages: Apr 28 16:26:33 sip1 /sbin/ser[9148]: CLIENT NAT TEST 7 IS TRUE: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 Apr 28 16:26:33 sip1 /sbin/ser[9148]: BEGIN WWW AUTH: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 Apr 28 16:26:33 sip1 /sbin/ser[9148]: WWW AUTHFAIL PRE CHALLEGE: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 ---Then nothing else......
My ser.cfg (snipped) ----snip---- if (method=="INVITE") { route(3); break; } else if (method=="REGISTER") { route(2); break; ----snip---- route[2] { # ----------------------------------------------------------------- # REGISTER Message Handler # ---------------------------------------------------------------- sl_send_reply("100", "Trying"); if (!search("^Contact: *") && client_nat_test("7")) { xlog("L_ERR","CLIENT NAT TEST 7 IS TRUE: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); setflag(6); fix_nated_register(); force_rport(); }; xlog("L_ERR","BEGIN WWW AUTH: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); if (!www_authorize("sip1.jmusa.com","subscriber")) { xlog("L_ERR"," WWW AUTHFAIL PRE CHALLEGE: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); www_challenge("sip1.jmusa.com","0"); xlog("L_ERR"," WWW AUTHFAIL POST CHALLEGE From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); break; };
if (!check_to()) { sl_send_reply("401", "Unauthorized"); break; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; }
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
leave the realm in ser, leave it blank and try ""
Iqbal
On 4/28/2005, "Elton Machado" elton.machado@gmail.com wrote:
In my Allnet, devices I have the same problem, I have no options to set realm or domain, what I usually do is, to have a dns entry for the domain/realm at my dns server and in device I use the same entry as outbound and sip proxy, instead of using an ip entry or other dns name.
Another choice is to try out at authentication user or in user field, to use this form sipuser@realm instead of sipuser.
I never configure a Cisco ATA, but in you case I will try the both ways.
Regards and keep us current of results.
Elton
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Aaron W Sent: quinta-feira, 28 de Abril de 2005 21:52 To: serusers@lists.iptel.org Subject: [Serusers] Can't Register Cisco ATA - www_challege Fails
I have SER setup on 10.9.8.7 which is on the internet. I have a Cisco ATA at home beind a linksys router. The ATA has an non-routeable ip of 192.168.1.107, while the public IP of my linksys router is 1.2.3.4 I can not get the cisco ATA to register, and i dont know why. I have posted results on Ngrep, also some debugging info from SER and my acutal ser.cfg In the setup for the ATA I gave it the proxy as an IP address (10.9.8.7), there is no place in the cisco config (that I can find) to specify a domain/realm. And the DNS server that my linksys router has doesnt have a route to sip1.jmusa.com Is that the problem, if so whats the best way around it?
Results of ngrep:
U 1.2.3.4:5060 -> 10.9.8.7:5060 REGISTER sip:10.9.8.7SIP/2.0..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6 a..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <sip:8306@10.9.8.7; user=phone>..Call-ID: 2834281883@192.168.1.107..CSeq: 3 REGISTER..Contact: Aaron <sip:8306@192.168.1. 107:5060;user=phone;transport=udp>;expires=3600..User-Agent: Cisco ATA 188 v3.2.0 atasip (041111A).. Authorization: Digest username="8306",realm="sip1.jmusa.com",nonce="427023d34e56189a2adcddfb16228d de9
f51f0eb",uri="sip:10.9.8.7",response="7b9e7ec34e8d4f8157fb66e140f95cbe"..Con tent-Length: 0.... # U 10.9.8.7:5060 -> 1.2.3.4:5060 SIP/2.0 100 Trying..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;received=69.14 2.66.52..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <sip:8306@65.199.1 91.83;user=phone>..Call-ID: 2834281883@192.168.1.107..CSeq: 3 REGISTER..Server: Sip EXpress router (0 .9.0 (i386/linux))..Content-Length: 0..Warning: 392 10.9.8.7:5060 "Noisy feedback tells: pid=91 53 req_src_ip=1.2.3.4 req_src_port=5060 in_uri=sip:10.9.8.7out_uri=sip:10.9.8.7via_c nt==1".... # U 10.9.8.7:5060 -> 1.2.3.4:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;rport=50 60;received=1.2.3.4..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <
sip:8306@10.9.8.7;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.a0aa..Cal l-ID: 2834281883@192 .168.1.107..CSeq: 3 REGISTER..WWW-Authenticate: Digest realm="jmusa.com", nonce="427147ef446cc27cc8b6 502323243e02f9b5dfb6"..Server: Sip EXpress router (0.9.0 (i386/linux))..Content-Length: 0..Warning: 3 92 10.9.8.7:5060 "Noisy feedback tells: pid=9153 req_src_ip=1.2.3.4 req_src_port=5060 in_u ri=sip:10.9.8.7out_uri=sip:10.9.8.7via_cnt==1"....
My messages: Apr 28 16:26:33 sip1 /sbin/ser[9148]: CLIENT NAT TEST 7 IS TRUE: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 Apr 28 16:26:33 sip1 /sbin/ser[9148]: BEGIN WWW AUTH: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 Apr 28 16:26:33 sip1 /sbin/ser[9148]: WWW AUTHFAIL PRE CHALLEGE: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 ---Then nothing else......
My ser.cfg (snipped) ----snip---- if (method=="INVITE") { route(3); break; } else if (method=="REGISTER") { route(2); break; ----snip---- route[2] { # ----------------------------------------------------------------- # REGISTER Message Handler # ---------------------------------------------------------------- sl_send_reply("100", "Trying"); if (!search("^Contact: *") && client_nat_test("7")) { xlog("L_ERR","CLIENT NAT TEST 7 IS TRUE: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); setflag(6); fix_nated_register(); force_rport(); }; xlog("L_ERR","BEGIN WWW AUTH: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); if (!www_authorize("sip1.jmusa.com","subscriber")) { xlog("L_ERR"," WWW AUTHFAIL PRE CHALLEGE: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); www_challenge("sip1.jmusa.com","0"); xlog("L_ERR"," WWW AUTHFAIL POST CHALLEGE From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); break; };
if (!check_to()) { sl_send_reply("401", "Unauthorized"); break; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; }
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Thanks, I made that change and also fixed up the routes used by my sip1 server. The cisco can now register. Now that I am at home and able to connect through my sip server I have noticed one other thing. When I call from my cisco to SER and SER routes it to a cisco PSTN gateway the call goes through but unless I say something, and I mean anything media proxy can't connect the sound (RDP) back to me, So when I was first testing I thought it was failing, but it was just that I could not hear that I was connected. If I dial the number, wait a few seconds and say "sound please" I can then hear the ringing, and the person on the other end when it connects. Is this normal? Is there a way to avoid this? Again perhaps a setting on the cisco ATA that would send sound every 1-2 seconds as background?
Thanks again for everyones helpful and quick response.
Aaron
On 4/28/05, Iqbal iqbal@gigo.co.uk wrote:
leave the realm in ser, leave it blank and try ""
Iqbal
On 4/28/2005, "Elton Machado" elton.machado@gmail.com wrote:
In my Allnet, devices I have the same problem, I have no options to set realm or domain, what I usually do is, to have a dns entry for the domain/realm at my dns server and in device I use the same entry as outbound and sip proxy, instead of using an ip entry or other dns name.
Another choice is to try out at authentication user or in user field, to use this form sipuser@realm instead of sipuser.
I never configure a Cisco ATA, but in you case I will try the both ways.
Regards and keep us current of results.
Elton
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Aaron W Sent: quinta-feira, 28 de Abril de 2005 21:52 To: serusers@lists.iptel.org Subject: [Serusers] Can't Register Cisco ATA - www_challege Fails
I have SER setup on 10.9.8.7 which is on the internet. I have a Cisco ATA at home beind a linksys router. The ATA has an non-routeable ip of 192.168.1.107, while the public IP of my linksys router is 1.2.3.4 I can not get the cisco ATA to register, and i dont know why. I have posted results on Ngrep, also some debugging info from SER and my acutal ser.cfg In the setup for the ATA I gave it the proxy as an IP address (10.9.8.7), there is no place in the cisco config (that I can find) to specify a domain/realm. And the DNS server that my linksys router has doesnt have a route to sip1.jmusa.com Is that the problem, if so whats the best way around it?
Results of ngrep:
U 1.2.3.4:5060 -> 10.9.8.7:5060 REGISTER sip:10.9.8.7SIP/2.0..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6 a..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <sip:8306@10.9.8.7; user=phone>..Call-ID: 2834281883@192.168.1.107..CSeq: 3 REGISTER..Contact: Aaron <sip:8306@192.168.1. 107:5060;user=phone;transport=udp>;expires=3600..User-Agent: Cisco ATA 188 v3.2.0 atasip (041111A).. Authorization: Digest username="8306",realm="sip1.jmusa.com",nonce="427023d34e56189a2adcddfb16228d de9
f51f0eb",uri="sip:10.9.8.7",response="7b9e7ec34e8d4f8157fb66e140f95cbe"..Con tent-Length: 0.... # U 10.9.8.7:5060 -> 1.2.3.4:5060 SIP/2.0 100 Trying..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;received=69.14 2.66.52..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <sip:8306@65.199.1 91.83;user=phone>..Call-ID: 2834281883@192.168.1.107..CSeq: 3 REGISTER..Server: Sip EXpress router (0 .9.0 (i386/linux))..Content-Length: 0..Warning: 392 10.9.8.7:5060 "Noisy feedback tells: pid=91 53 req_src_ip=1.2.3.4 req_src_port=5060 in_uri=sip:10.9.8.7out_uri=sip:10.9.8.7via_c nt==1".... # U 10.9.8.7:5060 -> 1.2.3.4:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;rport=50 60;received=1.2.3.4..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <
sip:8306@10.9.8.7;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.a0aa..Cal l-ID: 2834281883@192 .168.1.107..CSeq: 3 REGISTER..WWW-Authenticate: Digest realm="jmusa.com", nonce="427147ef446cc27cc8b6 502323243e02f9b5dfb6"..Server: Sip EXpress router (0.9.0 (i386/linux))..Content-Length: 0..Warning: 3 92 10.9.8.7:5060 "Noisy feedback tells: pid=9153 req_src_ip=1.2.3.4 req_src_port=5060 in_u ri=sip:10.9.8.7out_uri=sip:10.9.8.7via_cnt==1"....
My messages: Apr 28 16:26:33 sip1 /sbin/ser[9148]: CLIENT NAT TEST 7 IS TRUE: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 Apr 28 16:26:33 sip1 /sbin/ser[9148]: BEGIN WWW AUTH: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 Apr 28 16:26:33 sip1 /sbin/ser[9148]: WWW AUTHFAIL PRE CHALLEGE: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 ---Then nothing else......
My ser.cfg (snipped) ----snip---- if (method=="INVITE") { route(3); break; } else if (method=="REGISTER") { route(2); break; ----snip---- route[2] { # ----------------------------------------------------------------- # REGISTER Message Handler # ---------------------------------------------------------------- sl_send_reply("100", "Trying"); if (!search("^Contact: *") && client_nat_test("7")) { xlog("L_ERR","CLIENT NAT TEST 7 IS TRUE: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); setflag(6); fix_nated_register(); force_rport(); }; xlog("L_ERR","BEGIN WWW AUTH: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); if (!www_authorize("sip1.jmusa.com","subscriber")) { xlog("L_ERR"," WWW AUTHFAIL PRE CHALLEGE: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); www_challenge("sip1.jmusa.com","0"); xlog("L_ERR"," WWW AUTHFAIL POST CHALLEGE From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); break; };
if (!check_to()) { sl_send_reply("401", "Unauthorized"); break; }; consume_credentials(); if (!save("location")) { sl_reply_error(); };}
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
if (!www_authorize("sip1.jmusa.com","subscriber"))
try if (!www_authorize("","subscriber"))
that should pick up info from TO header field for REGISTER request, also do the same for the proxy_auth, that will use it from the FROM header
Iqbal
On 4/28/2005, "Aaron W" walsham@gmail.com wrote:
I have SER setup on 10.9.8.7 which is on the internet. I have a Cisco ATA at home beind a linksys router. The ATA has an non-routeable ip of 192.168.1.107, while the public IP of my linksys router is 1.2.3.4 I can not get the cisco ATA to register, and i dont know why. I have posted results on Ngrep, also some debugging info from SER and my acutal ser.cfg In the setup for the ATA I gave it the proxy as an IP address (10.9.8.7), there is no place in the cisco config (that I can find) to specify a domain/realm. And the DNS server that my linksys router has doesnt have a route to sip1.jmusa.com Is that the problem, if so whats the best way around it?
Results of ngrep:
U 1.2.3.4:5060 -> 10.9.8.7:5060 REGISTER sip:10.9.8.7SIP/2.0..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6 a..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <sip:8306@10.9.8.7; user=phone>..Call-ID: 2834281883@192.168.1.107..CSeq: 3 REGISTER..Contact: Aaron <sip:8306@192.168.1. 107:5060;user=phone;transport=udp>;expires=3600..User-Agent: Cisco ATA 188 v3.2.0 atasip (041111A).. Authorization: Digest username="8306",realm="sip1.jmusa.com",nonce="427023d34e56189a2adcddfb16228dde9 f51f0eb",uri="sip:10.9.8.7",response="7b9e7ec34e8d4f8157fb66e140f95cbe"..Content-Length: 0.... # U 10.9.8.7:5060 -> 1.2.3.4:5060 SIP/2.0 100 Trying..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;received=69.14 2.66.52..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron <sip:8306@65.199.1 91.83;user=phone>..Call-ID: 2834281883@192.168.1.107..CSeq: 3 REGISTER..Server: Sip EXpress router (0 .9.0 (i386/linux))..Content-Length: 0..Warning: 392 10.9.8.7:5060 "Noisy feedback tells: pid=91 53 req_src_ip=1.2.3.4 req_src_port=5060 in_uri=sip:10.9.8.7out_uri=sip:10.9.8.7via_c nt==1".... # U 10.9.8.7:5060 -> 1.2.3.4:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;rport=50 60;received=1.2.3.4..From: Aaron sip:8306@10.9.8.7;user=phone;tag=3424024559..To: Aaron < sip:8306@10.9.8.7;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.a0aa..Call-ID: 2834281883@192 .168.1.107..CSeq: 3 REGISTER..WWW-Authenticate: Digest realm="jmusa.com", nonce="427147ef446cc27cc8b6 502323243e02f9b5dfb6"..Server: Sip EXpress router (0.9.0 (i386/linux))..Content-Length: 0..Warning: 3 92 10.9.8.7:5060 "Noisy feedback tells: pid=9153 req_src_ip=1.2.3.4 req_src_port=5060 in_u ri=sip:10.9.8.7out_uri=sip:10.9.8.7via_cnt==1"....
My messages: Apr 28 16:26:33 sip1 /sbin/ser[9148]: CLIENT NAT TEST 7 IS TRUE: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 Apr 28 16:26:33 sip1 /sbin/ser[9148]: BEGIN WWW AUTH: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 Apr 28 16:26:33 sip1 /sbin/ser[9148]: WWW AUTHFAIL PRE CHALLEGE: From sip:8306@10.9.8.7;user=phone, To sip:8306@10.9.8.7;user=phone, Call ID: 2834281883@192.168.1.107, MESASGE ID 2 ---Then nothing else......
My ser.cfg (snipped) ----snip---- if (method=="INVITE") { route(3); break; } else if (method=="REGISTER") { route(2); break; ----snip---- route[2] { # ----------------------------------------------------------------- # REGISTER Message Handler # ---------------------------------------------------------------- sl_send_reply("100", "Trying"); if (!search("^Contact: *") && client_nat_test("7")) { xlog("L_ERR","CLIENT NAT TEST 7 IS TRUE: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); setflag(6); fix_nated_register(); force_rport(); }; xlog("L_ERR","BEGIN WWW AUTH: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); if (!www_authorize("sip1.jmusa.com","subscriber")) { xlog("L_ERR"," WWW AUTHFAIL PRE CHALLEGE: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); www_challenge("sip1.jmusa.com","0"); xlog("L_ERR"," WWW AUTHFAIL POST CHALLEGE From %fu, To %tu, Call ID: %ci, MESASGE ID %mi"); break; };
if (!check_to()) { sl_send_reply("401", "Unauthorized"); break; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; }
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Aaron W -
Elton Machado -
Iqbal