25 May
2018
25 May
'18
2:29 a.m.
Hello All,
When I switched from UDP to TCP I started getting Authentication Errors, Asterisk responds
to an INVITE via Kamailio with a '401 Unauthorized', but Kamailio does nothing
with it. Processing just stops near WITH_BLOCK401407. Shouldn't the 401 be relayed
so a new INVITE can be sent?
Thank you.
25 May
25 May
4:47 p.m.
New subject: Switching form UDP to TCP causes authentication errors
On Thu, May 24, 2018 at 11:29:54PM +0000, Wilkins, Steve wrote:
When I switched from UDP to TCP I started getting
Authentication
Errors, Asterisk responds to an INVITE via Kamailio with a '401
Unauthorized', but Kamailio does nothing with it.
Did you get 401 responses using UDP? Do you have any logic in place to
respond to the 401? By default kamailio does nothing.
Processing just stops near WITH_BLOCK401407.
Shouldn't the 401 be
relayed so a new INVITE can be sent?
What does "stops near" mean? What does WITH_BLOCK401407 do? The name
suggest to block/do nothing with 401 and 407s.
What you need to do is call uac_auth() with the correct credentials to
respond to the challenge:
https://www.kamailio.org/docs/modules/stable/modules/uac.html#uac.f.uac_auth
Or is the problem Asterisk challenges INVITEs using TCP?
29 May
29 May
2:08 p.m.
New subject: Switching form UDP to TCP causes authentication errors
Thank you for your response.
I do not have this issue with UDP, it is when I switch to TCP that an INVITE is sending
the Unauthorized.
If I attempt something like , the code below, the INVITE is not sent out again (as I
thought it would be). I see the ACK being relayed after the Authentication error, and
that is it.
if (t_check_status("401")) {
if (!auth_check("$fd", "sipusers", "1")) {
auth_challenge("$fd", "0");
exit;
}
}
I did attempt the uac_auth() as you suggested, but I got no further.
Thanks again!
-----Original Message-----
From: sr-users [mailto:sr-users-bounces@lists.kamailio.org] On Behalf Of Daniel Tryba
Sent: Friday, May 25, 2018 9:47 AM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: Re: [SR-Users] Switching form UDP to TCP causes authentication errors
On Thu, May 24, 2018 at 11:29:54PM +0000, Wilkins, Steve wrote:
When I switched from UDP to TCP I started getting
Authentication
Errors, Asterisk responds to an INVITE via Kamailio with a '401
Unauthorized', but Kamailio does nothing with it.
Did you get 401 responses using UDP? Do you have any logic in place to respond to the 401?
By default kamailio does nothing.
Processing just stops near WITH_BLOCK401407.
Shouldn't the 401 be
relayed so a new INVITE can be sent?
What does "stops near" mean? What does WITH_BLOCK401407 do? The name suggest to
block/do nothing with 401 and 407s.
What you need to do is call uac_auth() with the correct credentials to respond to the
challenge:
https://www.kamailio.org/docs/modules/stable/modules/uac.html#uac.f.uac_auth
Or is the problem Asterisk challenges INVITEs using TCP?
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
2:26 p.m.
New subject: Switching form UDP to TCP causes authentication errors
It's not clear who's doing the authentication, Asterisk or Kamailio?
On Tue, May 29, 2018, 13:10 Wilkins, Steve <swwilkins(a)mitre.org> wrote:
Thank you for your response.
I do not have this issue with UDP, it is when I switch to TCP that an
INVITE is sending the Unauthorized.
If I attempt something like , the code below, the INVITE is not sent out
again (as I thought it would be). I see the ACK being relayed after the
Authentication error, and that is it.
if (t_check_status("401")) {
if (!auth_check("$fd", "sipusers", "1")) {
auth_challenge("$fd", "0");
exit;
}
}
I did attempt the uac_auth() as you suggested, but I got no further.
Thanks again!
-----Original Message-----
From: sr-users [mailto:sr-users-bounces@lists.kamailio.org] On Behalf Of
Daniel Tryba
Sent: Friday, May 25, 2018 9:47 AM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: Re: [SR-Users] Switching form UDP to TCP causes authentication
errors
On Thu, May 24, 2018 at 11:29:54PM +0000, Wilkins, Steve wrote:
When I switched from UDP to TCP I started getting
Authentication
Errors, Asterisk responds to an INVITE via Kamailio with a '401
Unauthorized', but Kamailio does nothing with it.
Did you get 401 responses using UDP? Do you have any logic in place to
respond to the 401? By default kamailio does nothing.
Processing just stops near WITH_BLOCK401407.
Shouldn't the 401 be
relayed so a new INVITE can be sent?
What does "stops near" mean? What does WITH_BLOCK401407 do? The name
suggest to block/do nothing with 401 and 407s.
What you need to do is call uac_auth() with the correct credentials to
respond to the challenge:
https://www.kamailio.org/docs/modules/stable/modules/uac.html#uac.f.uac_auth
Or is the problem Asterisk challenges INVITEs using TCP?
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
3:45 p.m.
New subject: Switching form UDP to TCP causes authentication errors
On Tue, May 29, 2018 at 11:08:06AM +0000, Wilkins, Steve wrote:
Thank you for your response.
I do not have this issue with UDP, it is when I switch to TCP that an INVITE is sending
the Unauthorized.
If I attempt something like , the code below, the INVITE is not sent out again (as I
thought it would be). I see the ACK being relayed after the Authentication error, and
that is it.
if (t_check_status("401")) {
if (!auth_check("$fd", "sipusers", "1")) {
auth_challenge("$fd", "0");
exit;
}
}
I did attempt the uac_auth() as you suggested, but I got no further.
auth_check/auth_challenge are functions to use when you want to
authenticate (for kamailio) incoming requests.
But isn't the goal to fix asterisk to accept the INVITEs over TCP
without authentication? Maybe something simple like adding
transport=tcp,udp
works (no idea what the pjsip equiv is).
2375
days inactive
2380
days old
4 comments
3 participants
participants (3)
-
Daniel Tryba -
David Villasmil -
Wilkins, Steve