On Nov 07, 2003 at 12:46, Tristan Colgate tristan@inuxtech.co.uk wrote:

Hi,

I am currently setting up a SER platform and would like to use Asterisk for pstn and voicemail. I have three hosts, one machine has the mysql db and a dns with an enum zone. I then have the main sip registrar/proy and the final box is the asterisk server.

My intention is to have an instance of ser running on the asterisk server to verify authentication and check users priviledges for access to the pstn/voicemail and to enforce the Remote Party ID, this will then nat the connection to the asterisk process' sip channel (either running 127,0.0.1.

You want to authenticate twice? Once on the "main" proxy on once on the asterisk box? It's easier just to trust you "main" proxy (leave auth. to it) and drop all connections comming from different ips on the asterisk box. TLS would also help a lot, but it's not freely available.

So is this theoretically sound? And can I have the SER proxy and the SER instance on the * both talking to the same mysql DB?

Yes, you could use the same db for the auth. stuff, but in your place I would run only one ser doing the auth. If you want to use 2 sers and auth. to both (not recommended since it's easier to trust the main ser ip), it will work if both of them accept the same nonce and you don't have any consume_credentials in your script. To have the same nonce you will have to set the secret parameter of the auth module to the same thing on both sers (if you don't set it it would be random and they will expect different nonces). Also the clocks should be synchronized. This is if you use same auth. db and auth. realm on both of them. If you want to use different realms then make sure your UAs support this and disregard the stuff about nonces.

Andrei