[OpenSIPS-Users] b2b authentication

Jayesh Nambiar jayesh.voip at gmail.com
Thu Jul 7 13:26:29 CEST 2011 

Hi Ovidiu,
Thanks for the reply. I still dont get the expected behaviour, may be I am
missing something obvious. Below is the trace of my call:
203.XXX.XXX.186 is the caller; 203.XXX.XXX.188 is the B2B Opensips and
203.XXX.XXX.189 is the upstream proxy which asks for Proxy Authentication.

U 203.XXX.XXX.186:5035 -> 203.XXX.XXX.188:5060
INVITE sip:9212121212 at 203.XXX.XXX.188 SIP/2.0.
Via: SIP/2.0/UDP 203.XXX.XXX.186:5035;rport;branch=z9hG4bK105036.
From: <sip:1000146 at 203.XXX.XXX.186>;tag=57086.
To: <sip:9212121212 at 203.XXX.XXX.188>.
Call-ID: 554fd84d69db52b2aec859f2beb0ba30 at 203.XXX.XXX.186.
CSeq: 20 INVITE.
Contact: <sip:1000146 at 203.XXX.XXX.186:5035>.
Content-Type: application/sdp.
Max-Forwards: 70.
User-Agent: Novanet C2D.
Subject: click2call.
X-Src-IP: 203.153.53.222.
Content-Length: 180.
.
v=0.
o=click2dial 0 0 IN IP4 203.XXX.XXX.186.
s=click2dial call.
c=IN IP4 203.XXX.XXX.186.
t=0 0.
m=audio 8000 RTP/AVP 0 8 18 3 4 97 98.
a=rtpmap:0 PCMU/8000.
a=rtpmap:18 G729/8000.


U 203.XXX.XXX.188:5060 -> 203.XXX.XXX.189:5060
INVITE sip:9212121212 at 203.XXX.XXX.189 SIP/2.0.
Via: SIP/2.0/UDP 203.XXX.XXX.188;branch=z9hG4bK0d56.a7833ad2.0.
To: sip:9212121212 at 203.XXX.XXX.189.
From: <sip:1000146 at 203.XXX.XXX.189>;tag=3302461778a934c5cb938a0d66c7bfc5.
CSeq: 21 INVITE.
Call-ID: B2B.236.911335.
Content-Length: 180.
User-Agent: OpenSIPS (1.7.0-beta-notls (x86_64/linux)).
Content-Type: application/sdp.
Max-Forwards: 69.
Contact: <sip:203.XXX.XXX.188:5060>.
.
v=0.
o=click2dial 0 0 IN IP4 203.XXX.XXX.186.
s=click2dial call.
c=IN IP4 203.XXX.XXX.186.
t=0 0.
m=audio 8000 RTP/AVP 0 8 18 3 4 97 98.
a=rtpmap:0 PCMU/8000.
a=rtpmap:18 G729/8000.


U 203.XXX.XXX.189:5060 -> 203.XXX.XXX.188:5060
SIP/2.0 407 Proxy Authentication Required.
Via: SIP/2.0/UDP 203.XXX.XXX.188;branch=z9hG4bK0d56.a7833ad2.0.
To: sip:9212121212 at 203.XXX.XXX.189
;tag=7dbab1763f29ae55bdba397633ed7fa1.cc60.
From: <sip:1000146 at 203.XXX.XXX.189>;tag=3302461778a934c5cb938a0d66c7bfc5.
CSeq: 21 INVITE.
Call-ID: B2B.236.911335.
Proxy-Authenticate: Digest realm="203.XXX.XXX.189",
nonce="4e1592530000000af0fc7ee76e7c0844c564a2dcbaf21e00".
Server: SipTrunk 1.6.4.6.
Content-Length: 0.
.


U 203.XXX.XXX.188:5060 -> 203.XXX.XXX.189:5060
ACK sip:9212121212 at 203.XXX.XXX.189 SIP/2.0.
Via: SIP/2.0/UDP 203.XXX.XXX.188;branch=z9hG4bK0d56.a7833ad2.0.
From: <sip:1000146 at 203.XXX.XXX.189>;tag=3302461778a934c5cb938a0d66c7bfc5.
Call-ID: B2B.236.911335.
To: sip:9212121212 at 203.XXX.XXX.189
;tag=7dbab1763f29ae55bdba397633ed7fa1.cc60.
CSeq: 21 ACK.
User-Agent: OpenSIPS (1.7.0-beta-notls (x86_64/linux)).
Content-Length: 0.
.


U 203.XXX.XXX.188:5060 -> 203.XXX.XXX.186:5035
SIP/2.0 407 Proxy Authentication Required.
Via: SIP/2.0/UDP 203.XXX.XXX.186:5035;rport=5035;branch=z9hG4bK105036.
From: <sip:1000146 at 203.XXX.XXX.186>;tag=57086.
To: <sip:9212121212 at 203.XXX.XXX.188>;tag=B2B.151.477.
Call-ID: 554fd84d69db52b2aec859f2beb0ba30 at 203.XXX.XXX.186.
CSeq: 20 INVITE.
Proxy-Authenticate: Digest realm="203.XXX.XXX.189",
nonce="4e1592530000000af0fc7ee76e7c0844c564a2dcbaf21e00".
Contact: <sip:203.XXX.XXX.188:5060>.
Server: OpenSIPS (1.7.0-beta-notls (x86_64/linux)).
Content-Length: 0.

My uac_auth is loaded before the b2b modules and the paramter in it is as
follows:
modparam("uac_auth", "credential", "1000146:203.XXX.XXX.189:ede488")

The realm sent in Proxy Authenticate is 203.XXX.XXX.189 only but still
203.XXX.XXX.188 relays the 407 back to 203.XXX.XXX.186 :(
Any pointers to figure this out?

Thanks in advance !!

--- Jayesh



> If  no credentials are found, then the 407 is relayed back to the caller.
> Make sure that the realm in the challenge matches the realm in
> uac_auth credentials list.
> Also make sure that uac_auth is loaded before the b2b modules.
>
>
> Regards,
> Ovidiu Sas
>
> On Thu, Jul 7, 2011 at 5:34 AM, Jayesh Nambiar <jayesh.voip at gmail.com>
> wrote:
> > Hi,
> > I was referring to the email posted by Ovidiu
> > here?http://lists.opensips.org/pipermail/news/2011-June/000142.html. I
> am
> > trying this but the b2b opensips does not reply back with credentials to
> the
> > 407 response. It just proxies back the 407 to the call initiator. I have
> > downloaded the latest revision from the SVN. Am i missing something here?
> > Just for information, I have loaded the refer scenario in the
> > b2b_init_request. The upstream proxy replies back with 407 Proxy
> > Authentication Required and I expected the client side of B2B to reply
> back
> > with the credentials mentioned in the uac_auth parameter list.
> > Any help in regards to testing this will be very useful.
> > Thanks,
> > --- Jayesh
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> >
>
>
>
> ------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> End of Users Digest, Vol 36, Issue 15
> *************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20110707/e003ec55/attachment.htm>

More information about the Users mailing list