Hello ,
I have connected openser with pstn through cisco. when I make a call from voip network to pstn it's ok. but from pstn to voip I have a problem:openser answers 403 forbiden. in openser I do the authorisation on mysql, I have disabled authorisation on sip gateway:
if (src_ip!=X.X.X.X) { if (!www_authorize("DOMAIN.COM","subscriber")) { www_challenge("DOMAIN.COM","0"); exit; } };
What is the problem?
X.X.X.X is cisco
U X.X.X.X:54177 -> 172.17.6.2:5060 INVITE sip:820022@172.17.6.2:5060 SIP/2.0..Via: SIP/2.0/UDP X.X.X.X:5060..From: sip:022250699@X.X.X.X;tag=1A0FBC30-1472..To: <sip:820022@172.1 7.6.2>..Date: Wed, 08 Nov 2006 11:03:14 GMT..Call-ID: 906DA628-6E4F11DB-9034EA4F-E981BA1F@X.X.X.X..Supported: timer,100rel..Min-SE: 1800..Cisco-Guid : 2422905184-1850675675-2419190351-3917593119..User-Agent: Cisco-SIPGateway/IOS-12.x..Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBS CRIBE, NOTIFY, INFO..CSeq: 101 INVITE..Max-Forwards: 6..Remote-Party-ID: sip:022250699@X.X.X.X;party=calling;screen=yes;privacy=off..Timestamp: 116 2983794..Contact: sip:022250699@X.X.X.X:5060..Expires: 180..Allow-Events: telephone-event..Content-Type: application/sdp..Content-Length: 235....v= 0..o=CiscoSystemsSIP-GW-UserAgent 1226 5023 IN IP4 X.X.X.X..s=SIP Call..c=IN IP4 X.X.X.X..t=0 0..m=audio 16642 RTP/AVP 18 19..c=IN IP4 X.X.X.X..a=rtpmap:18 G729/8000..a=fmtp:18 annexb=no..a=rtpmap:19 CN/8000..a=ptime:20.. # U 172.17.6.2:5060 -> X.X.X.X:5060 SIP/2.0 403 Use From=ID..Via: SIP/2.0/UDP X.X.X.X:5060..From: sip:022250699@X.X.X.X;tag=1A0FBC30-1472..To: sip:820022@172.17.6.2;tag=329cfeaa6ded039da25ff8cbb8668bd2.13ec..Call-ID: 906DA628-6E4F11DB-9034EA4F-E981BA1F@X.X.X.X..CSeq: 101 INVITE..Server: OpenSer (1.1.0-tls (x86_64/linux))..C ontent-Length: 0..Warning: 392 172.17.6.2:5060 "Noisy feedback tells: pid=32240 req_src_ip=X.X.X.X req_src_port=54177 in_uri=sip:820022@172.17.6.2:5 060 out_uri=sip:820022@172.17.6.2:5060 via_cnt==1".... # U X.X.X.X:54177 -> 172.17.6.2:5060 ACK sip:820022@172.17.6.2:5060 SIP/2.0..Via: SIP/2.0/UDP X.X.X.X:5060..From: sip:022250699@X.X.X.X;tag=1A0FBC30-1472..To: <sip:820022@172.17.6 .2>;tag=329cfeaa6ded039da25ff8cbb8668bd2.13ec..Date: Wed, 08 Nov 2006 11:03:14 GMT..Call-ID: 906DA628-6E4F11DB-9034EA4F-E981BA1F@X.X.X.X..Max-Forward s: 6..Content-Length: 0..CSeq: 101 ACK....
Best regards, Ion Minzu, Specialist Tehnologii Informationale, Administrator de sistem al Centrului de certificare, Administrator VoIP, I.S."Centrul de Telecomunicatii Speciale", tel:250-517 (office), 069501208 (mob), 382869185 (ICQ) mailto:ion.minzu@cts.md
Hello Ion,
Perhaps the "pstn" device is not responding to the authorization request. A SIP trace will show you if this is happening.
"ngrep -W byline port 5060" should be all you need to trace SIP messages (if you're listening on eth1, then you might want to add "-d eth1" when invoking ngrep). Older versions of ngrep did not have the "-W byline" option. If this is your case, you probably should upgrade ngrep.
A possible solution to you problem might be to use the "permissions" module and the "trusted" table. Then, instead of (www_authorize/www_challenge or in addition to, depending on your particular situation) you might want to use the "allow_trusted()" command to authenticate incoming INVITEs.
Below is a little example
<snip>
if (!is_from_local() && !allow_trusted()) { if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); exit; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); exit; }; };
</snip>
Regards, Norm
Ion Minzu wrote:
Hello ,
I have connected openser with pstn through cisco. when I make a call from voip network to pstn it's ok. but from pstn to voip I have a problem:openser answers 403 forbiden. in openser I do the authorisation on mysql, I have disabled authorisation on sip gateway:
if (src_ip!=X.X.X.X) { if (!www_authorize("DOMAIN.COM","subscriber")) { www_challenge("DOMAIN.COM","0"); exit; } };
What is the problem?
X.X.X.X is cisco
U X.X.X.X:54177 -> 172.17.6.2:5060 INVITE sip:820022@172.17.6.2:5060 SIP/2.0..Via: SIP/2.0/UDP X.X.X.X:5060..From: sip:022250699@X.X.X.X;tag=1A0FBC30-1472..To: <sip:820022@172.1 7.6.2>..Date: Wed, 08 Nov 2006 11:03:14 GMT..Call-ID: 906DA628-6E4F11DB-9034EA4F-E981BA1F@X.X.X.X..Supported: timer,100rel..Min-SE: 1800..Cisco-Guid : 2422905184-1850675675-2419190351-3917593119..User-Agent: Cisco-SIPGateway/IOS-12.x..Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBS CRIBE, NOTIFY, INFO..CSeq: 101 INVITE..Max-Forwards: 6..Remote-Party-ID: sip:022250699@X.X.X.X;party=calling;screen=yes;privacy=off..Timestamp: 116 2983794..Contact: sip:022250699@X.X.X.X:5060..Expires: 180..Allow-Events: telephone-event..Content-Type: application/sdp..Content-Length: 235....v= 0..o=CiscoSystemsSIP-GW-UserAgent 1226 5023 IN IP4 X.X.X.X..s=SIP Call..c=IN IP4 X.X.X.X..t=0 0..m=audio 16642 RTP/AVP 18 19..c=IN IP4 X.X.X.X..a=rtpmap:18 G729/8000..a=fmtp:18 annexb=no..a=rtpmap:19 CN/8000..a=ptime:20.. # U 172.17.6.2:5060 -> X.X.X.X:5060 SIP/2.0 403 Use From=ID..Via: SIP/2.0/UDP X.X.X.X:5060..From: sip:022250699@X.X.X.X;tag=1A0FBC30-1472..To: sip:820022@172.17.6.2;tag=329cfeaa6ded039da25ff8cbb8668bd2.13ec..Call-ID: 906DA628-6E4F11DB-9034EA4F-E981BA1F@X.X.X.X..CSeq: 101 INVITE..Server: OpenSer (1.1.0-tls (x86_64/linux))..C ontent-Length: 0..Warning: 392 172.17.6.2:5060 "Noisy feedback tells: pid=32240 req_src_ip=X.X.X.X req_src_port=54177 in_uri=sip:820022@172.17.6.2:5 060 out_uri=sip:820022@172.17.6.2:5060 via_cnt==1".... # U X.X.X.X:54177 -> 172.17.6.2:5060 ACK sip:820022@172.17.6.2:5060 SIP/2.0..Via: SIP/2.0/UDP X.X.X.X:5060..From: sip:022250699@X.X.X.X;tag=1A0FBC30-1472..To: <sip:820022@172.17.6 .2>;tag=329cfeaa6ded039da25ff8cbb8668bd2.13ec..Date: Wed, 08 Nov 2006 11:03:14 GMT..Call-ID: 906DA628-6E4F11DB-9034EA4F-E981BA1F@X.X.X.X..Max-Forward s: 6..Content-Length: 0..CSeq: 101 ACK....
Best regards, Ion Minzu, Specialist Tehnologii Informationale, Administrator de sistem al Centrului de certificare, Administrator VoIP, I.S."Centrul de Telecomunicatii Speciale", tel:250-517 (office), 069501208 (mob), 382869185 (ICQ) mailto:ion.minzu@cts.md
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
I have connected openser with pstn through cisco. when I make a call from voip network to pstn it's ok. but from pstn to voip I have a problem:openser answers 403 forbiden.
I am sure you will find a statement in your openser.cfg like sl_send_reply("403", "forbiden";
That's the point you should look at.
cheers, Franz
-
franz.edler@inode.at -
Ion Minzu -
Norman Brandinger