7 Sep
2003
7 Sep
'03
3:30 p.m.
Hello,
I remember having read somewhere that the 'ser.cfg' file used at
'iptel.org' can be downloaded somewhere in order to be used as an
example for many of the functionalities ser offers. Unfortunately I
can't remember where I read this, nor did I find it on the ftp server...
:(
Is this config file still available for download?
I am mainly asking because I am looking for an answer for the following
phenomenon:
I have SER running on my home network (on the gateway). When I try to
send an IM to my account at iptel.org using kphone and I use my gateway
SER as an outbound proxy, everything runs smoothly; I get a message back
from iptel.org that the IM will be delivered to me as soon as I login
the next time (what will not happen until I solved the NAT problem ;)).
Now, when I try the same without using my gateway as an outbound proxy,
I get the beloved message from iptel.org that it doesn't like my private
Contact address.
The only way the two requests differ is that the one using the outbound
proxy uses a record-route
I have attached the ngrep logfile, if anyone can explain me this
behaviour I'd be glad.
regards,
felix
--
PGP-Key: http://belugalounge.net/~felix/Felix%20Schmid.asc
7 Sep
7 Sep
3:58 p.m.
At 09:30 PM 9/7/2003, Felix Schmid wrote:
Hello,
I remember having read somewhere that the 'ser.cfg' file used at
'iptel.org' can be downloaded somewhere in order to be used as an
example for many of the functionalities ser offers. Unfortunately I
can't remember where I read this, nor did I find it on the ftp server...
:(
Is this config file still available for download?
There is no such 8.11 iptel config file available.
I am mainly asking because I am looking for an answer
for the following
phenomenon:
I have SER running on my home network (on the gateway). When I try to
send an IM to my account at iptel.org using kphone and I use my gateway
SER as an outbound proxy, everything runs smoothly; I get a message back
from iptel.org that the IM will be delivered to me as soon as I login
the next time (what will not happen until I solved the NAT problem ;)).
Now, when I try the same without using my gateway as an outbound proxy,
I get the beloved message from iptel.org that it doesn't like my private
Contact address.
I hope that's easy to explain. We deny requests with private-IP addresses
in their contact header field. Such requests can't be followed up by
subsequent requests -- private IP addresses maky subsequent conversation
non-routable. We better deny and tell you it would break rather than
let it break later.
We except cases in which record-route was applied as we assume that
record-routing is used in a smart way to get subsequent requests over
NATs.
The only way the two requests differ is that the one
using the outbound
proxy uses a record-route
That's exactly the point.
-Jiri
4:07 p.m.
Jiri,
I am aware of the reason why private Contacts make no sense. What was
confusing me is that, in the record-route-header, my PRIVATE ip-address
is quoted (not my dialup address) as shown in the ngrep-dump I attached.
That's why I was interested in the config you are using at iptel.org.
You are saying that there is no such one for 8.11 - what about 8.10? Is
this still available?
regards,
felix
On Sun, 2003-09-07 at 21:58, Jiri Kuthan wrote:
At 09:30 PM 9/7/2003, Felix Schmid wrote:
--
PGP-Key: http://belugalounge.net/~felix/Felix%20Schmid.asc
Hello,
I remember having read somewhere that the 'ser.cfg' file used at
'iptel.org' can be downloaded somewhere in order to be used as an
example for many of the functionalities ser offers. Unfortunately I
can't remember where I read this, nor did I find it on the ftp server...
:(
Is this config file still available for download?
There is no such 8.11 iptel config file available.
I am mainly asking because I am looking for an
answer for the following
phenomenon:
I have SER running on my home network (on the gateway). When I try to
send an IM to my account at iptel.org using kphone and I use my gateway
SER as an outbound proxy, everything runs smoothly; I get a message back
from iptel.org that the IM will be delivered to me as soon as I login
the next time (what will not happen until I solved the NAT problem ;)).
Now, when I try the same without using my gateway as an outbound proxy,
I get the beloved message from iptel.org that it doesn't like my private
Contact address.
I hope that's easy to explain. We deny requests with private-IP addresses
in their contact header field. Such requests can't be followed up by
subsequent requests -- private IP addresses maky subsequent conversation
non-routable. We better deny and tell you it would break rather than
let it break later.
We except cases in which record-route was applied as we assume that
record-routing is used in a smart way to get subsequent requests over
NATs.
The only way the two requests differ is that the
one using the outbound
proxy uses a record-route
That's exactly the point.
-Jiri 
4:07 p.m.
On Sunday 07 September 2003 21:58, Jiri Kuthan wrote:
At 09:30 PM 9/7/2003, Felix Schmid wrote:
But his record-route entrys are broken too. So we should fix our config to
protect us from guys like Felix ;-)
Felix: maybe you should try 'mhomed=yes' in your config to get correct
record-route and via headers in the requests which pass your gateway.
Greetings
Nils
I am mainly asking because I am looking for an
answer for the following
phenomenon:
I have SER running on my home network (on the gateway). When I try to
send an IM to my account at iptel.org using kphone and I use my gateway
SER as an outbound proxy, everything runs smoothly; I get a message back
from iptel.org that the IM will be delivered to me as soon as I login
the next time (what will not happen until I solved the NAT problem ;)).
Now, when I try the same without using my gateway as an outbound proxy,
I get the beloved message from iptel.org that it doesn't like my private
Contact address.
I hope that's easy to explain. We deny requests with private-IP addresses
in their contact header field. Such requests can't be followed up by
subsequent requests -- private IP addresses maky subsequent conversation
non-routable. We better deny and tell you it would break rather than
let it break later.
We except cases in which record-route was applied as we assume that
record-routing is used in a smart way to get subsequent requests over
NATs. 
4:11 p.m.
On 07-09 22:07, Nils Ohlmeier wrote:
But his record-route entrys are broken too. So we
should fix our config to
protect us from guys like Felix ;-)
We do not check what is in Record-Route, only Contacts are checked.
Checking for private IPs in Record-Route is more complicated because
private IPs in Record-Route are legal under some circumstances.
Jan.
4:22 p.m.
On Sun, 2003-09-07 at 22:07, Nils Ohlmeier wrote:
On Sunday 07 September 2003 21:58, Jiri Kuthan wrote:
Don't tell me you don't like FreeBSD users...
At 09:30 PM 9/7/2003, Felix Schmid wrote:
But his record-route entrys are broken too. So we should fix our config to
protect us from guys like Felix ;-)
I am mainly asking because I am looking for an
answer for the following
phenomenon:
I have SER running on my home network (on the gateway). When I try to
send an IM to my account at iptel.org using kphone and I use my gateway
SER as an outbound proxy, everything runs smoothly; I get a message back
from iptel.org that the IM will be delivered to me as soon as I login
the next time (what will not happen until I solved the NAT problem ;)).
Now, when I try the same without using my gateway as an outbound proxy,
I get the beloved message from iptel.org that it doesn't like my private
Contact address.
I hope that's easy to explain. We deny requests with private-IP addresses
in their contact header field. Such requests can't be followed up by
subsequent requests -- private IP addresses maky subsequent conversation
non-routable. We better deny and tell you it would break rather than
let it break later.
We except cases in which record-route was applied as we assume that
record-routing is used in a smart way to get subsequent requests over
NATs. Felix: maybe you should try 'mhomed=yes' in
your config to get correct
record-route and via headers in the requests which pass your gateway.
Yes this worked!! Now the requests show the dialup ip in the
record-route header. Thanks! Btw., is this option explained in user
guide?
cheers,
felix
Greetings
Nils
--
PGP-Key: http://belugalounge.net/~felix/Felix%20Schmid.asc
4:27 p.m.
On Sunday 07 September 2003 22:22, Felix Schmid wrote:
Not, yet AFAIK.
The documentation is not up-to-date with the release. Volunteers are welcome
:-)
Greets
Nils
On Sun, 2003-09-07 at 22:07, Nils Ohlmeier wrote:
No, we simply do not like NAT (and the pain in the a** we get from its usage).
But his record-route entrys are broken too. So we
should fix our config
to protect us from guys like Felix ;-)
Don't tell me you don't like FreeBSD users... Felix: maybe
you should try 'mhomed=yes' in your config to get correct
record-route and via headers in the requests which pass your gateway.
Yes this worked!! Now the requests show the dialup ip in the
record-route header. Thanks! Btw., is this option explained in user
guide?
4:33 p.m.
On Sun, 2003-09-07 at 22:27, Nils Ohlmeier wrote:
Not, yet AFAIK.
The documentation is not up-to-date with the release. Volunteers are welcome
:-)
So what exactly does 'mhomed' stand for? - I have already spotted
loooots of typos in the docs :) What's the appreciated procedure to
submit them? diffs?
On Sunday 07 September 2003 22:22, Felix Schmid
wrote:
...and I am beginning to do so too. I guess I will have to give siproxd
another try..:(
On Sun, 2003-09-07 at 22:07, Nils Ohlmeier
wrote:
No, we simply do not like NAT (and the pain in the a** we get from its usage).
But his record-route entrys are broken too. So we
should fix our config
to protect us from guys like Felix ;-)
Don't tell me you don't like FreeBSD users... Felix: maybe you should try 'mhomed=yes' in
your config to get correct
record-route and via headers in the requests which pass your gateway.
Yes this worked!! Now the requests show the dialup ip in the
record-route header. Thanks! Btw., is this option explained in user
guide?
Greets
Nils
--
PGP-Key: http://belugalounge.net/~felix/Felix%20Schmid.asc
5 p.m.
At 10:33 PM 9/7/2003, Felix Schmid wrote:
Getting the SIP part done is not so hard. If you sit at the NAT with SER, you
can use record-routing and mhomed, then SIP will pass. The hard part is however
media. In general, I like using less-invasive NAT traversal methods as STUN
better today, but not every telephone supports it.
No, we simply
do not like NAT (and the pain in the a** we get from its usage).
...and I am beginning to do so too. I guess I will have to give siproxd
another try..:( So what exactly does 'mhomed' stand for? - I
have already spotted
loooots of typos in the docs :) What's the appreciated procedure to
submit them? diffs?
Diffs are very welcome.
-Jiri
4:56 p.m.
At 10:22 PM 9/7/2003, Felix Schmid wrote:
Very briefly -- some people think it is a terrible hack, they are right
to a certain extent and that's why the feature hasn't gotten too much
publicity. What it does is it uses kernel's IP routing in an esthetically
questionnable way to determine outbound IP address.
-jiri
Felix: maybe
you should try 'mhomed=yes' in your config to get correct
record-route and via headers in the requests which pass your gateway.
Yes this worked!! Now the requests show the dialup ip in the
record-route header. Thanks! Btw., is this option explained in user
guide?
4:04 p.m.
Hello, comments inline.
On 07-09 21:30, Felix Schmid wrote:
Hello,
I remember having read somewhere that the 'ser.cfg' file used at
'iptel.org' can be downloaded somewhere in order to be used as an
example for many of the functionalities ser offers. Unfortunately I
can't remember where I read this, nor did I find it on the ftp server...
:(
Is this config file still available for download?
No, unfortunately it is not available anymore.
I am mainly asking because I am looking for an answer
for the following
phenomenon:
I have SER running on my home network (on the gateway). When I try to
send an IM to my account at iptel.org using kphone and I use my gateway
SER as an outbound proxy, everything runs smoothly; I get a message back
from iptel.org that the IM will be delivered to me as soon as I login
the next time (what will not happen until I solved the NAT problem ;)).
Now, when I try the same without using my gateway as an outbound proxy,
I get the beloved message from iptel.org that it doesn't like my private
Contact address.
The only way the two requests differ is that the one using the outbound
proxy uses a record-route
This is a bug in our configuration because Contact header field
shouldn't be checked in MESSAGEs. We will fix it, thanks.
And now why you get different response when you use a record-routing
proxy.
If a SIP messages contains Record-Route header field then we
do not check what is in the Contact, because the server will not use
the header field anyway. Further messages will be sent to the URI in
the Record-Route. Inserting a private IP into Contact is perfectly
legal in this case because the record routing proxy might be in a
private address space and probably knows how to route such requests.
If there is no Record-Route then our proxy uses Contact to route
further requests and thus it check if the URI in the Contact is
reachable.
Jan.
4:12 p.m.
On Sun, 2003-09-07 at 22:04, Jan Janak wrote:
Hello, comments inline.
On 07-09 21:30, Felix Schmid wrote:
Damn! I was expecting this! This will take away the last working piece
from my setup :( Now I won't even be able to send IM's to myself to
read them later using the webfrontend :-)
Hello,
I remember having read somewhere that the 'ser.cfg' file used at
'iptel.org' can be downloaded somewhere in order to be used as an
example for many of the functionalities ser offers. Unfortunately I
can't remember where I read this, nor did I find it on the ftp server...
:(
Is this config file still available for download?
No, unfortunately it is not available anymore.
I am mainly asking because I am looking for an
answer for the following
phenomenon:
I have SER running on my home network (on the gateway). When I try to
send an IM to my account at iptel.org using kphone and I use my gateway
SER as an outbound proxy, everything runs smoothly; I get a message back
from iptel.org that the IM will be delivered to me as soon as I login
the next time (what will not happen until I solved the NAT problem ;)).
Now, when I try the same without using my gateway as an outbound proxy,
I get the beloved message from iptel.org that it doesn't like my private
Contact address.
The only way the two requests differ is that the one using the outbound
proxy uses a record-route
This is a bug in our configuration because Contact header field
shouldn't be checked in MESSAGEs. We will fix it, thanks.
And now why you get different response when you use a record-routing
proxy.
If a SIP messages contains Record-Route header field then we
do not check what is in the Contact, because the server will not use
the header field anyway. Further messages will be sent to the URI in
the Record-Route. Inserting a private IP into Contact is perfectly
legal in this case because the record routing proxy might be in a
private address space and probably knows how to route such requests.
As I have just posted in another mail - the record-route shows my
private ip-address. ??
If there is no Record-Route then our proxy uses
Contact to route
further requests and thus it check if the URI in the Contact is
reachable.
Thanks for the explanation - the config file would still have some
educational value.
cheers
felix
Jan.
--
PGP-Key: http://belugalounge.net/~felix/Felix%20Schmid.asc
4:21 p.m.
On 07-09 22:12, Felix Schmid wrote:
No, you will, I wrote it shouldn't check, that means MESSAGEs with
private IPs in Contacts should be accepted.
As I have just posted in another mail :-), we don't check what's in
Record-Route (even if we should).
Jan.
This is a
bug in our configuration because Contact header field
shouldn't be checked in MESSAGEs. We will fix it, thanks.
Damn! I was expecting this! This will take away the last working piece
from my setup :( Now I won't even be able to send IM's to myself to
read them later using the webfrontend :-) And now why
you get different response when you use a record-routing
proxy.
If a SIP messages contains Record-Route header field then we
do not check what is in the Contact, because the server will not use
the header field anyway. Further messages will be sent to the URI in
the Record-Route. Inserting a private IP into Contact is perfectly
legal in this case because the record routing proxy might be in a
private address space and probably knows how to route such requests.
As I have just posted in another mail - the record-route shows my
private ip-address. ??
4:14 p.m.
At 10:04 PM 9/7/2003, Jan Janak wrote:
This is a bug in our configuration because Contact
header field
shouldn't be checked in MESSAGEs. We will fix it, thanks.
I beg to disagree. There are elderly implementations which use contacts
in MESSAGE, and if they include non-routable IP addresses, subsequent
conversation may be breaken.
-jiri
4:30 p.m.
On 07-09 22:14, Jiri Kuthan wrote:
At 10:04 PM 9/7/2003, Jan Janak wrote:
What implementations use Contacts in MESSAGEs ? Anyway, I think the
condition is too general. We should check REGISTER, INVITE, and
SUBSCRIBE only (ok and MESSAGE too in this case).
Jan.
This is a bug in our configuration because
Contact header field
shouldn't be checked in MESSAGEs. We will fix it, thanks.
I beg to disagree. There are elderly implementations which use contacts
in MESSAGE, and if they include non-routable IP addresses, subsequent
conversation may be breaken.
4:57 p.m.
At 10:30 PM 9/7/2003, Jan Janak wrote:
On 07-09 22:14, Jiri Kuthan wrote:
The most widely used messaging software, guess which it is :)
At 10:04 PM 9/7/2003, Jan Janak wrote:
What implementations use Contacts in MESSAGEs ? This is a bug in our configuration because
Contact header field
shouldn't be checked in MESSAGEs. We will fix it, thanks.
I beg to disagree. There are elderly implementations which use contacts
in MESSAGE, and if they include non-routable IP addresses, subsequent
conversation may be breaken. Anyway, I think the
condition is too general. We should check REGISTER, INVITE, and
SUBSCRIBE only (ok and MESSAGE too in this case).
Why?
-jiri
5:09 p.m.
On 07-09 22:57, Jiri Kuthan wrote:
At 10:30 PM 9/7/2003, Jan Janak wrote:
Because it makes sense only for requests that create a dialog. Other
requests may contain Contacts too (I don't know why, but think
about MS Messenger) and I wouldn't restrict what can be put in there.
For example, what should happen if the server receives a NOTIFY
containing a private IP in Contact ? The current config will refuse
it.
Jan.
On 07-09 22:14, Jiri Kuthan wrote:
The most widely used messaging software, guess which it is :)
At 10:04 PM 9/7/2003, Jan Janak wrote:
What implementations use Contacts in MESSAGEs ? This is a bug in our configuration because
Contact header field
shouldn't be checked in MESSAGEs. We will fix it, thanks.
I beg to disagree. There are elderly implementations which use contacts
in MESSAGE, and if they include non-routable IP addresses, subsequent
conversation may be breaken. Anyway, I think the
condition is too general. We should check REGISTER, INVITE, and
SUBSCRIBE only (ok and MESSAGE too in this case).
Why?
5:45 p.m.
At 11:09 PM 9/7/2003, Jan Janak wrote:
Because it makes sense only for requests that create
a dialog. Other
requests may contain Contacts too (I don't know why, but think
about MS Messenger) and I wouldn't restrict what can be put in there.
It is exactly the "keep-pace-with-SIP-extentions" argument which makes me
believe that we should stick to what we are doing. Whatever request is used
(FOOBAR), if it bears a private IP address in Contact, it asks its
peer to send something there, which is a mistake. I don't see a case in
which non-routable contact is useful, unless overridden by RR-ing.
For example, what should happen if the server
receives a NOTIFY
containing a private IP in Contact ? The current config will refuse
it.
Which is correct, imho.
-jiri
6:26 p.m.
On 07-09 23:45, Jiri Kuthan wrote:
At 11:09 PM 9/7/2003, Jan Janak wrote:
Well, I was thinking mostly about broken implementations that put
Contact into messages which don't use it. IMHO we shouldn't reject
them.
Jan.
Because it makes sense only for requests that
create a dialog. Other
requests may contain Contacts too (I don't know why, but think
about MS Messenger) and I wouldn't restrict what can be put in there.
It is exactly the "keep-pace-with-SIP-extentions" argument which makes me
believe that we should stick to what we are doing. Whatever request is used
(FOOBAR), if it bears a private IP address in Contact, it asks its
peer to send something there, which is a mistake. I don't see a case in
which non-routable contact is useful, unless overridden by RR-ing.
For example, what should happen if the server
receives a NOTIFY
containing a private IP in Contact ? The current config will refuse
it.
Which is correct, imho.
7833
days inactive
7833
days old
18 comments
4 participants
participants (4)
-
Felix Schmid -
Jan Janak -
Jiri Kuthan -
Nils Ohlmeier