Hello All,
When I switched from UDP to TCP I started getting Authentication Errors, Asterisk responds to an INVITE via Kamailio with a '401 Unauthorized', but Kamailio does nothing with it. Processing just stops near WITH_BLOCK401407. Shouldn't the 401 be relayed so a new INVITE can be sent?
Thank you.
On Thu, May 24, 2018 at 11:29:54PM +0000, Wilkins, Steve wrote:
When I switched from UDP to TCP I started getting Authentication Errors, Asterisk responds to an INVITE via Kamailio with a '401 Unauthorized', but Kamailio does nothing with it.
Did you get 401 responses using UDP? Do you have any logic in place to respond to the 401? By default kamailio does nothing.
Processing just stops near WITH_BLOCK401407. Shouldn't the 401 be relayed so a new INVITE can be sent?
What does "stops near" mean? What does WITH_BLOCK401407 do? The name suggest to block/do nothing with 401 and 407s.
What you need to do is call uac_auth() with the correct credentials to respond to the challenge: https://www.kamailio.org/docs/modules/stable/modules/uac.html#uac.f.uac_auth
Or is the problem Asterisk challenges INVITEs using TCP?
Thank you for your response.
I do not have this issue with UDP, it is when I switch to TCP that an INVITE is sending the Unauthorized.
If I attempt something like , the code below, the INVITE is not sent out again (as I thought it would be). I see the ACK being relayed after the Authentication error, and that is it.
if (t_check_status("401")) { if (!auth_check("$fd", "sipusers", "1")) { auth_challenge("$fd", "0"); exit; } }
I did attempt the uac_auth() as you suggested, but I got no further.
Thanks again!
-----Original Message----- From: sr-users [mailto:sr-users-bounces@lists.kamailio.org] On Behalf Of Daniel Tryba Sent: Friday, May 25, 2018 9:47 AM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Subject: Re: [SR-Users] Switching form UDP to TCP causes authentication errors
On Thu, May 24, 2018 at 11:29:54PM +0000, Wilkins, Steve wrote:
When I switched from UDP to TCP I started getting Authentication Errors, Asterisk responds to an INVITE via Kamailio with a '401 Unauthorized', but Kamailio does nothing with it.
Did you get 401 responses using UDP? Do you have any logic in place to respond to the 401? By default kamailio does nothing.
Processing just stops near WITH_BLOCK401407. Shouldn't the 401 be relayed so a new INVITE can be sent?
What does "stops near" mean? What does WITH_BLOCK401407 do? The name suggest to block/do nothing with 401 and 407s.
What you need to do is call uac_auth() with the correct credentials to respond to the challenge: https://www.kamailio.org/docs/modules/stable/modules/uac.html#uac.f.uac_auth
Or is the problem Asterisk challenges INVITEs using TCP?
_______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
It's not clear who's doing the authentication, Asterisk or Kamailio?
On Tue, May 29, 2018, 13:10 Wilkins, Steve swwilkins@mitre.org wrote:
Thank you for your response.
I do not have this issue with UDP, it is when I switch to TCP that an INVITE is sending the Unauthorized.
If I attempt something like , the code below, the INVITE is not sent out again (as I thought it would be). I see the ACK being relayed after the Authentication error, and that is it.
if (t_check_status("401")) { if (!auth_check("$fd", "sipusers", "1")) { auth_challenge("$fd", "0"); exit; } }
I did attempt the uac_auth() as you suggested, but I got no further.
Thanks again!
-----Original Message----- From: sr-users [mailto:sr-users-bounces@lists.kamailio.org] On Behalf Of Daniel Tryba Sent: Friday, May 25, 2018 9:47 AM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Subject: Re: [SR-Users] Switching form UDP to TCP causes authentication errors
On Thu, May 24, 2018 at 11:29:54PM +0000, Wilkins, Steve wrote:
When I switched from UDP to TCP I started getting Authentication Errors, Asterisk responds to an INVITE via Kamailio with a '401 Unauthorized', but Kamailio does nothing with it.
Did you get 401 responses using UDP? Do you have any logic in place to respond to the 401? By default kamailio does nothing.
Processing just stops near WITH_BLOCK401407. Shouldn't the 401 be relayed so a new INVITE can be sent?
What does "stops near" mean? What does WITH_BLOCK401407 do? The name suggest to block/do nothing with 401 and 407s.
What you need to do is call uac_auth() with the correct credentials to respond to the challenge:
https://www.kamailio.org/docs/modules/stable/modules/uac.html#uac.f.uac_auth
Or is the problem Asterisk challenges INVITEs using TCP?
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
On Tue, May 29, 2018 at 11:08:06AM +0000, Wilkins, Steve wrote:
Thank you for your response.
I do not have this issue with UDP, it is when I switch to TCP that an INVITE is sending the Unauthorized.
If I attempt something like , the code below, the INVITE is not sent out again (as I thought it would be). I see the ACK being relayed after the Authentication error, and that is it.
if (t_check_status("401")) { if (!auth_check("$fd", "sipusers", "1")) { auth_challenge("$fd", "0"); exit; } }
I did attempt the uac_auth() as you suggested, but I got no further.
auth_check/auth_challenge are functions to use when you want to authenticate (for kamailio) incoming requests.
But isn't the goal to fix asterisk to accept the INVITEs over TCP without authentication? Maybe something simple like adding transport=tcp,udp works (no idea what the pjsip equiv is).
-
Daniel Tryba -
David Villasmil -
Wilkins, Steve