UAC Register Asterisk

List overview All Threads
Download

newer

older

acc_cdrs empty

Kamailio v4.4.0 Released - new...

Alberto Sagredo

31 Mar 2016 31 Mar '16

4:34 a.m.

Hi Im trying to modify example for Asterisk/Kamailio integration that miconda did, and trying to handle Forwarded register to Asterisk in an authenticated way instead removing secret in asterisk. I have made this changes route[REGFWD] { if(!is_method("REGISTER")) { return; } $var(rip) = $var(astip); $uac_req(method)="REGISTER"; $uac_req(ruri)="sip:" + $var(rip) + ":" + $var(astport); $uac_req(furi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); $uac_req(turi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); $uac_req(hdrs)="Contact: <sip:" + $au + "@" + $sel(cfg_get.kamailio.bindip) + ":" + $sel(cfg_get.kamailio.bindport) + ">\r\n"; if($sel(contact.expires) != $null) $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $sel(contact.expires) + "\r\n"; else $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $hdr(Expires) + "\r\n"; xlog("Dentro de REGFWD"); t_on_failure("REG_AST"); uac_req_send(); } failure_route[REG_AST] { if (t_is_canceled()) { exit; } xlog("Dentro de REG AST"); if(t_check_status("401|407")) { xlog("Dentro de 401"); $avp(auser) = "test"; $avp(apass) = "test"; uac_auth(); t_relay(); exit; } } What i see on traces: U x.x.x..240:5060 -> x.x.x..56:5060 REGISTER sip:x.x.x.56:5060 SIP/2.0. Via: SIP/2.0/UDP x.x.x.240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0. To: <sip:200@x.x.x.56>. From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. CSeq: 10 REGISTER. Call-ID: 09dc120d65932ed7-16044(a)127.0.0.1. Max-Forwards: 70. Content-Length: 0. User-Agent: ANY. Contact: <sip:emp_001_200@x.x.x.240:5060>. Expires: 3600. . # U x.x.x.56:5060 -> x.x.x..240:5060 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP x.x.x..240 ;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0;received=x.x.x..240 ;rport=5060. From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. To: <sip:200@x.x.x.56>;tag=as62b47138. Call-ID: 09dc120d65932ed7-16044(a)127.0.0.1. CSeq: 10 REGISTER. Server: FPBX-2.11.0(11.17.1). Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE. Supported: replaces, timer. WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="59e39692". Content-Length: 0. . But Kamailio is not sending authentication . Any idea what could be wrong? Or any tip to do what i try. The idea is that a sip endpoint register with authentication on kamailio and it sends register with authentication to asterisk. Thanks in advance

Attachments:

attachment.html (text/html — 11.3 KB)

Show replies by date

Marrold

31 Mar 31 Mar

4:48 a.m.

Why not just relay the registration messages to Asterisk itself? What's the use case? Cheers On Thu, Mar 31, 2016 at 9:34 AM, Alberto Sagredo < alberto.sagredo(a)avanzada7.com> wrote:

...

Alberto Sagredo

4:49 a.m.

Hi Marrold. I want to authenticate user on Kamailio but want Asterisk to see them registered with kamailio ip as contact. I making also some manipulations in $fu as users are different (emp_xxx_ext) in kamailio than in Asterisk xxx_ext Thanks 2016-03-31 10:48 GMT+02:00 Marrold <kamailio(a)marrold.co.uk>uk>:

...

Why not just relay the registration messages to Asterisk itself? What's the use case? Cheers On Thu, Mar 31, 2016 at 9:34 AM, Alberto Sagredo < alberto.sagredo(a)avanzada7.com> wrote:

Hi Im trying to modify example for Asterisk/Kamailio integration that miconda did, and trying to handle Forwarded register to Asterisk in an authenticated way instead removing secret in asterisk. I have made this changes route[REGFWD] { if(!is_method("REGISTER")) { return; } $var(rip) = $var(astip); $uac_req(method)="REGISTER"; $uac_req(ruri)="sip:" + $var(rip) + ":" + $var(astport); $uac_req(furi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); $uac_req(turi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); $uac_req(hdrs)="Contact: <sip:" + $au + "@" + $sel(cfg_get.kamailio.bindip) + ":" + $sel(cfg_get.kamailio.bindport) + ">\r\n"; if($sel(contact.expires) != $null) $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $sel(contact.expires) + "\r\n"; else $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $hdr(Expires) + "\r\n"; xlog("Dentro de REGFWD"); t_on_failure("REG_AST"); uac_req_send(); } failure_route[REG_AST] { if (t_is_canceled()) { exit; } xlog("Dentro de REG AST"); if(t_check_status("401|407")) { xlog("Dentro de 401"); $avp(auser) = "test"; $avp(apass) = "test"; uac_auth(); t_relay(); exit; } } What i see on traces: U x.x.x..240:5060 -> x.x.x..56:5060 REGISTER sip:x.x.x.56:5060 SIP/2.0. Via: SIP/2.0/UDP x.x.x.240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0. To: <sip:200@x.x.x.56>. From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. CSeq: 10 REGISTER. Call-ID: 09dc120d65932ed7-16044(a)127.0.0.1. Max-Forwards: 70. Content-Length: 0. User-Agent: ANY. Contact: <sip:emp_001_200@x.x.x.240:5060>. Expires: 3600. . # U x.x.x.56:5060 -> x.x.x..240:5060 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP x.x.x..240 ;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0;received= x.x.x..240;rport=5060. From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. To: <sip:200@x.x.x.56>;tag=as62b47138. Call-ID: 09dc120d65932ed7-16044(a)127.0.0.1. CSeq: 10 REGISTER. Server: FPBX-2.11.0(11.17.1). Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE. Supported: replaces, timer. WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="59e39692". Content-Length: 0. . But Kamailio is not sending authentication . Any idea what could be wrong? Or any tip to do what i try. The idea is that a sip endpoint register with authentication on kamailio and it sends register with authentication to asterisk. Thanks in advance _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Marrold

4:55 a.m.

...

Why not just relay the registration messages to Asterisk itself? What's the use case? Cheers On Thu, Mar 31, 2016 at 9:34 AM, Alberto Sagredo < alberto.sagredo(a)avanzada7.com> wrote:

Hi Im trying to modify example for Asterisk/Kamailio integration that miconda did, and trying to handle Forwarded register to Asterisk in an authenticated way instead removing secret in asterisk. I have made this changes route[REGFWD] { if(!is_method("REGISTER")) { return; } $var(rip) = $var(astip); $uac_req(method)="REGISTER"; $uac_req(ruri)="sip:" + $var(rip) + ":" + $var(astport); $uac_req(furi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); $uac_req(turi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); $uac_req(hdrs)="Contact: <sip:" + $au + "@" + $sel(cfg_get.kamailio.bindip) + ":" + $sel(cfg_get.kamailio.bindport) + ">\r\n"; if($sel(contact.expires) != $null) $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $sel(contact.expires) + "\r\n"; else $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $hdr(Expires) + "\r\n"; xlog("Dentro de REGFWD"); t_on_failure("REG_AST"); uac_req_send(); } failure_route[REG_AST] { if (t_is_canceled()) { exit; } xlog("Dentro de REG AST"); if(t_check_status("401|407")) { xlog("Dentro de 401"); $avp(auser) = "test"; $avp(apass) = "test"; uac_auth(); t_relay(); exit; } } What i see on traces: U x.x.x..240:5060 -> x.x.x..56:5060 REGISTER sip:x.x.x.56:5060 SIP/2.0. Via: SIP/2.0/UDP x.x.x.240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0. To: <sip:200@x.x.x.56>. From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. CSeq: 10 REGISTER. Call-ID: 09dc120d65932ed7-16044(a)127.0.0.1. Max-Forwards: 70. Content-Length: 0. User-Agent: ANY. Contact: <sip:emp_001_200@x.x.x.240:5060>. Expires: 3600. . # U x.x.x.56:5060 -> x.x.x..240:5060 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP x.x.x..240 ;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0;received= x.x.x..240;rport=5060. From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. To: <sip:200@x.x.x.56>;tag=as62b47138. Call-ID: 09dc120d65932ed7-16044(a)127.0.0.1. CSeq: 10 REGISTER. Server: FPBX-2.11.0(11.17.1). Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE. Supported: replaces, timer. WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="59e39692". Content-Length: 0. . But Kamailio is not sending authentication . Any idea what could be wrong? Or any tip to do what i try. The idea is that a sip endpoint register with authentication on kamailio and it sends register with authentication to asterisk. Thanks in advance _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Alberto Sagredo

4:57 a.m.

...

Why not just relay the registration messages to Asterisk itself? What's the use case? Cheers On Thu, Mar 31, 2016 at 9:34 AM, Alberto Sagredo < alberto.sagredo(a)avanzada7.com> wrote:

Hi Im trying to modify example for Asterisk/Kamailio integration that miconda did, and trying to handle Forwarded register to Asterisk in an authenticated way instead removing secret in asterisk. I have made this changes route[REGFWD] { if(!is_method("REGISTER")) { return; } $var(rip) = $var(astip); $uac_req(method)="REGISTER"; $uac_req(ruri)="sip:" + $var(rip) + ":" + $var(astport); $uac_req(furi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); $uac_req(turi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); $uac_req(hdrs)="Contact: <sip:" + $au + "@" + $sel(cfg_get.kamailio.bindip) + ":" + $sel(cfg_get.kamailio.bindport) + ">\r\n"; if($sel(contact.expires) != $null) $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $sel(contact.expires) + "\r\n"; else $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $hdr(Expires) + "\r\n"; xlog("Dentro de REGFWD"); t_on_failure("REG_AST"); uac_req_send(); } failure_route[REG_AST] { if (t_is_canceled()) { exit; } xlog("Dentro de REG AST"); if(t_check_status("401|407")) { xlog("Dentro de 401"); $avp(auser) = "test"; $avp(apass) = "test"; uac_auth(); t_relay(); exit; } } What i see on traces: U x.x.x..240:5060 -> x.x.x..56:5060 REGISTER sip:x.x.x.56:5060 SIP/2.0. Via: SIP/2.0/UDP x.x.x.240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0. To: <sip:200@x.x.x.56>. From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. CSeq: 10 REGISTER. Call-ID: 09dc120d65932ed7-16044(a)127.0.0.1. Max-Forwards: 70. Content-Length: 0. User-Agent: ANY. Contact: <sip:emp_001_200@x.x.x.240:5060>. Expires: 3600. . # U x.x.x.56:5060 -> x.x.x..240:5060 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP x.x.x..240 ;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0;received= x.x.x..240;rport=5060. From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. To: <sip:200@x.x.x.56>;tag=as62b47138. Call-ID: 09dc120d65932ed7-16044(a)127.0.0.1. CSeq: 10 REGISTER. Server: FPBX-2.11.0(11.17.1). Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE. Supported: replaces, timer. WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="59e39692". Content-Length: 0. . But Kamailio is not sending authentication . Any idea what could be wrong? Or any tip to do what i try. The idea is that a sip endpoint register with authentication on kamailio and it sends register with authentication to asterisk. Thanks in advance _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Daniel-Constantin Mierla

5:06 a.m.

...

I have it working, authenticating in Kamailio. And just works. But there is a farm with lots of Asterisk and i was looking for an easy way to do not modify secret= and permit= on every Asterisk Machine... Thats why i was looking for that.. 2016-03-31 10:55 GMT+02:00 Marrold <kamailio(a)marrold.co.uk <mailto:kamailio@marrold.co.uk>>: Why not just authenticate on Kamailio in that case? Also, be aware that the Authorization Username ($au) is included in SIP digest authentication. $au and $fu aren't necessarily the same, but on most end points the default is to use the same value for both. If you manipulate $fu or $au it may cause auth issues. On Thu, Mar 31, 2016 at 9:49 AM, Alberto Sagredo <alberto.sagredo(a)avanzada7.com <mailto:alberto.sagredo@avanzada7.com>> wrote: Hi Marrold. I want to authenticate user on Kamailio but want Asterisk to see them registered with kamailio ip as contact. I making also some manipulations in $fu as users are different (emp_xxx_ext) in kamailio than in Asterisk xxx_ext Thanks 2016-03-31 10:48 GMT+02:00 Marrold <kamailio(a)marrold.co.uk <mailto:kamailio@marrold.co.uk>>: Why not just relay the registration messages to Asterisk itself? What's the use case? Cheers On Thu, Mar 31, 2016 at 9:34 AM, Alberto Sagredo <alberto.sagredo(a)avanzada7.com <mailto:alberto.sagredo@avanzada7.com>> wrote: Hi Im trying to modify example for Asterisk/Kamailio integration that miconda did, and trying to handle Forwarded register to Asterisk in an authenticated way instead removing secret in asterisk. I have made this changes route[REGFWD] { if(!is_method("REGISTER")) { return; } $var(rip) = $var(astip); $uac_req(method)="REGISTER"; $uac_req(ruri)="sip:" + $var(rip) + ":" + $var(astport); $uac_req(furi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); $uac_req(turi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); $uac_req(hdrs)="Contact: <sip:" + $au + "@" + $sel(cfg_get.kamailio.bindip) + ":" + $sel(cfg_get.kamailio.bindport) + ">\r\n"; if($sel(contact.expires) != $null) $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $sel(contact.expires) + "\r\n"; else $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $hdr(Expires) + "\r\n"; xlog("Dentro de REGFWD"); t_on_failure("REG_AST"); uac_req_send(); } failure_route[REG_AST] { if (t_is_canceled()) { exit; } xlog("Dentro de REG AST"); if(t_check_status("401|407")) { xlog("Dentro de 401"); $avp(auser) = "test"; $avp(apass) = "test"; uac_auth(); t_relay(); exit; } } What i see on traces: U x.x.x..240:5060 -> x.x.x..56:5060 REGISTER sip:x.x.x.56:5060 SIP/2.0. Via: SIP/2.0/UDP x.x.x.240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0. To: <sip:200@x.x.x.56>. From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. CSeq: 10 REGISTER. Call-ID: 09dc120d65932ed7-16044(a)127.0.0.1 <mailto:09dc120d65932ed7-16044@127.0.0.1>. Max-Forwards: 70. Content-Length: 0. User-Agent: ANY. Contact: <sip:emp_001_200@x.x.x.240:5060>. Expires: 3600. . # U x.x.x.56:5060 -> x.x.x..240:5060 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP x.x.x..240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0;received=x.x.x..240;rport=5060. From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. To: <sip:200@x.x.x.56>;tag=as62b47138. Call-ID: 09dc120d65932ed7-16044(a)127.0.0.1 <mailto:09dc120d65932ed7-16044@127.0.0.1>. CSeq: 10 REGISTER. Server: FPBX-2.11.0(11.17.1). Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE. Supported: replaces, timer. WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="59e39692". Content-Length: 0. . But Kamailio is not sending authentication . Any idea what could be wrong? Or any tip to do what i try. The idea is that a sip endpoint register with authentication on kamailio and it sends register with authentication to asterisk. Thanks in advance _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org <mailto:sr-users@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org <mailto:sr-users@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org <mailto:sr-users@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org <mailto:sr-users@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- Daniel-Constantin Mierla http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com

Alberto Sagredo

5:21 a.m.

Thanks Daniel. Will take a look to that. 2016-03-31 11:06 GMT+02:00 Daniel-Constantin Mierla <miconda(a)gmail.com>om>:

...

If Asterisk is still do it the authentication, then likely it is not much gain on overall scalability. Maybe you can just use kamailio as an edge proxy with Path enabled. Otherwise, the requests generated with uac_req_send() don't get in failure_route. You have to set the auth user/password in the $uac_req(...) fields -- see the variables core cookbook for them. On the other hand, this is not enough, you have to deal also with authentication for other requests, such as INVITEs/SUBSCRIBEs/etc. Cheers, Daniel On 31/03/16 10:57, Alberto Sagredo wrote: I have it working, authenticating in Kamailio. And just works. But there is a farm with lots of Asterisk and i was looking for an easy way to do not modify secret= and permit= on every Asterisk Machine... Thats why i was looking for that.. 2016-03-31 10:55 GMT+02:00 Marrold <kamailio(a)marrold.co.uk>uk>:

Why not just relay the registration messages to Asterisk itself? What's the use case? Cheers On Thu, Mar 31, 2016 at 9:34 AM, Alberto Sagredo < <alberto.sagredo@avanzada7.com>alberto.sagredo@avanzada7.com> wrote: > Hi > > Im trying to modify example for Asterisk/Kamailio integration that > miconda did, and trying to handle Forwarded register to Asterisk in an > authenticated way instead removing secret in asterisk. > > I have made this changes > > > route[REGFWD] { > > if(!is_method("REGISTER")) > > { > > return; > > } > > > > $var(rip) = $var(astip); > > $uac_req(method)="REGISTER"; > > $uac_req(ruri)="sip:" + $var(rip) + ":" + $var(astport); > > $uac_req(furi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); > > $uac_req(turi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); > > $uac_req(hdrs)="Contact: <sip:" + $au + "@" > > + $sel(cfg_get.kamailio.bindip) > > + ":" + > $sel(cfg_get.kamailio.bindport) + ">\r\n"; > > if($sel(contact.expires) != $null) > > $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + > $sel(contact.expires) + "\r\n"; > > else > > $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + > $hdr(Expires) + "\r\n"; > > > xlog("Dentro de REGFWD"); > > > t_on_failure("REG_AST"); > > > uac_req_send(); > > > } > > > > > failure_route[REG_AST] { > > > if (t_is_canceled()) { > > exit; > > } > > > xlog("Dentro de REG AST"); > > > if(t_check_status("401|407")) { > > xlog("Dentro de 401"); > > $avp(auser) = "test"; > > $avp(apass) = "test"; > > uac_auth(); > > t_relay(); > > exit; > > } > > } > > > What i see on traces: > > > U x.x.x..240:5060 -> x.x.x..56:5060 > > REGISTER sip:x.x.x.56:5060 SIP/2.0. > > Via: SIP/2.0/UDP > x.x.x.240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0. > > To: <sip:200@x.x.x.56>. > > From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. > > CSeq: 10 REGISTER. > > Call-ID: <09dc120d65932ed7-16044(a)127.0.0.1> > 09dc120d65932ed7-16044(a)127.0.0.1. > > Max-Forwards: 70. > > Content-Length: 0. > > User-Agent: ANY. > > Contact: <sip:emp_001_200@x.x.x.240:5060>. > > Expires: 3600. > > . > > > # > > U x.x.x.56:5060 -> x.x.x..240:5060 > > SIP/2.0 401 Unauthorized. > > Via: SIP/2.0/UDP x.x.x..240 > ;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0;received= > x.x.x..240;rport=5060. > > From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. > > To: <sip:200@x.x.x.56>;tag=as62b47138. > > Call-ID: <09dc120d65932ed7-16044(a)127.0.0.1> > 09dc120d65932ed7-16044(a)127.0.0.1. > > CSeq: 10 REGISTER. > > Server: FPBX-2.11.0(11.17.1). > > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, > INFO, PUBLISH, MESSAGE. > > Supported: replaces, timer. > > WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", > nonce="59e39692". > > Content-Length: 0. > > . > > > But Kamailio is not sending authentication . > > Any idea what could be wrong? Or any tip to do what i try. > > The idea is that a sip endpoint register with authentication on > kamailio and it sends register with authentication to asterisk. > > Thanks in advance > > > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users(a)lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users@lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierlahttp://www.asipto.comhttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Eric Koome

5:49 a.m.

If using asterisk realtime, create a view of the sip users table with password set to null. This will scale if sharing databases which are replicated. Then you can use Kamailio to authenticate and Asterisk to handle media.

...

On 31 Mar 2016, at 10:21, Alberto Sagredo <alberto.sagredo(a)avanzada7.com> wrote: Thanks Daniel. Will take a look to that. 2016-03-31 11:06 GMT+02:00 Daniel-Constantin Mierla <miconda(a)gmail.com>om>:

On 31/03/16 10:57, Alberto Sagredo wrote: I have it working, authenticating in Kamailio. And just works. But there is a farm with lots of Asterisk and i was looking for an easy way to do not modify secret= and permit= on every Asterisk Machine... Thats why i was looking for that.. 2016-03-31 10:55 GMT+02:00 Marrold <kamailio(a)marrold.co.uk>uk>:

Why not just authenticate on Kamailio in that case? Also, be aware that the Authorization Username ($au) is included in SIP digest authentication. $au and $fu aren't necessarily the same, but on most end points the default is to use the same value for both. If you manipulate $fu or $au it may cause auth issues. > On Thu, Mar 31, 2016 at 9:49 AM, Alberto Sagredo <alberto.sagredo(a)avanzada7.com> wrote: > Hi Marrold. I want to authenticate user on Kamailio but want Asterisk to see them registered with kamailio ip as contact. > > I making also some manipulations in $fu as users are different (emp_xxx_ext) in kamailio than in Asterisk xxx_ext > > Thanks > > 2016-03-31 10:48 GMT+02:00 Marrold <kamailio(a)marrold.co.uk>uk>: >> Why not just relay the registration messages to Asterisk itself? What's the use case? >> >> Cheers >> >> On Thu, Mar 31, 2016 at 9:34 AM, Alberto Sagredo <alberto.sagredo(a)avanzada7.com> wrote: >>> Hi >>> >>> Im trying to modify example for Asterisk/Kamailio integration that miconda did, and trying to handle Forwarded register to Asterisk in an authenticated way instead removing secret in asterisk. >>> >>> I have made this changes >>> >>> >>> route[REGFWD] { >>> if(!is_method("REGISTER")) >>> { >>> return; >>> } >>> >>> $var(rip) = $var(astip); >>> $uac_req(method)="REGISTER"; >>> $uac_req(ruri)="sip:" + $var(rip) + ":" + $var(astport); >>> $uac_req(furi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); >>> $uac_req(turi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); >>> $uac_req(hdrs)="Contact: <sip:" + $au + "@" >>> + $sel(cfg_get.kamailio.bindip) >>> + ":" + $sel(cfg_get.kamailio.bindport) + ">\r\n"; >>> if($sel(contact.expires) != $null) >>> $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $sel(contact.expires) + "\r\n"; >>> else >>> $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $hdr(Expires) + "\r\n"; >>> >>> xlog("Dentro de REGFWD"); >>> >>> t_on_failure("REG_AST"); >>> >>> uac_req_send(); >>> >>> } >>> >>> >>> >>> >>> failure_route[REG_AST] { >>> >>> if (t_is_canceled()) { >>> exit; >>> } >>> >>> xlog("Dentro de REG AST"); >>> >>> if(t_check_status("401|407")) { >>> xlog("Dentro de 401"); >>> $avp(auser) = "test"; >>> $avp(apass) = "test"; >>> uac_auth(); >>> t_relay(); >>> exit; >>> } >>> } >>> >>> What i see on traces: >>> >>> U x.x.x..240:5060 -> x.x.x..56:5060 >>> REGISTER sip:x.x.x.56:5060 SIP/2.0. >>> Via: SIP/2.0/UDP x.x.x.240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0. >>> To: <sip:200@x.x.x.56>. >>> From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. >>> CSeq: 10 REGISTER. >>> Call-ID: 09dc120d65932ed7-16044(a)127.0.0.1. >>> Max-Forwards: 70. >>> Content-Length: 0. >>> User-Agent: ANY. >>> Contact: <sip:emp_001_200@x.x.x.240:5060>. >>> Expires: 3600. >>> . >>> >>> # >>> U x.x.x.56:5060 -> x.x.x..240:5060 >>> SIP/2.0 401 Unauthorized. >>> Via: SIP/2.0/UDP x.x.x..240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0;received=x.x.x..240;rport=5060. >>> From: <sip:200@x.x.x.56>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. >>> To: <sip:200@x.x.x.56>;tag=as62b47138. >>> Call-ID: 09dc120d65932ed7-16044(a)127.0.0.1. >>> CSeq: 10 REGISTER. >>> Server: FPBX-2.11.0(11.17.1). >>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE. >>> Supported: replaces, timer. >>> WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="59e39692". >>> Content-Length: 0. >>> . >>> >>> >>> But Kamailio is not sending authentication . >>> >>> Any idea what could be wrong? Or any tip to do what i try. >>> >>> The idea is that a sip endpoint register with authentication on kamailio and it sends register with authentication to asterisk. >>> >>> Thanks in advance >>> >>> >>> >>> _______________________________________________ >>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >>> sr-users(a)lists.sip-router.org >>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >> >> >> _______________________________________________ >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >> sr-users(a)lists.sip-router.org >> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users(a)lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- Daniel-Constantin Mierla http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

3220

days inactive

3220

days old

sr-users@lists.kamailio.org

Manage subscription

7 comments

4 participants

tags (0)

participants (4)

Alberto Sagredo
Daniel-Constantin Mierla
Eric Koome
Marrold