[OpenSIPS-Users] SIP Registration in a Loadbalancing environment

Kevin Mathy k.mathy at hexanet.fr
Thu Jan 2 10:57:44 CET 2014 

Hi List,

I'm trying to make the SIP Registering working for my customers with two
Opensips 1.9 servers sharing the same DNS name.

Here is a schematic :

                                              /=====> Registrar Server 1
SIP Phone =====> Access SBC
                                              \=====> Registrar Server 2


I've got the same opensips.cfg on both servers, and here are some
interesting points of the config :

loadmodule "auth_db.so"
> # ----- auth_db params -----
> modparam("auth_db", "calculate_ha1", yes)
> modparam("auth_db", "use_domain", no)
> modparam("auth_db", "user_column", "username")
> modparam("auth_db", "password_column", "password")
> modparam("auth_db", "password_column_2", "ha1b")
> modparam("auth_db",
> "db_url","mysql://****************************************** ")
> modparam("auth_db", "load_credentials", "$avp(password)=password")
>
> # ----------------- module auth ---------------
> loadmodule "auth.so"
> # ----- auth params -----
> modparam("auth","username_spec","$var(username)")
> modparam("auth","password_spec","$avp(password)")
> modparam("auth","calculate_ha1",1)
> *modparam("auth","disable_nonce_check", 1)*





 if (is_method("REGISTER"))
>     {
>         xlog("L_INFO","$ci -- New REGISTER received from $si with Contact
> : $ct\n");
>
>         if (!www_authorize("", "subscriber"))
>         {
>             if ($rc < 0)
>             {
>                 switch ($rc)
>                 {
>                     case -5:
>                     xlog("L_INFO","$ci -- REGISTER Failed because of :
> Generic Error");
>                     break;
>                     case -4:
>                     xlog("L_INFO","$ci -- REGISTER Failed because of : No
> Credentials");
>                     break;
>                     case -3:
>                     xlog("L_INFO","$ci -- REGISTER Failed because of :
> Stale nonce");
>                     break;
>                     case -2:
>                     xlog("L_INFO","$ci -- REGISTER Failed because of :
> Valid User but Wrong Password");
>                     break;
>                     case -1:
>                     xlog("L_INFO","$ci -- REGISTER Failed because of :
> Invalid User");
>                     break;
>                 }
>             }
>             www_challenge("", "0");
>             exit;
>         }
>
>         if (!save("location"))
>         {
>             xlog("L_INFO","$ci -- error with save_location from $au\n");
>         }
>         else
>         {
>             xlog("L_INFO","$ci -- save_location is OK from $au\n");
>         }
>
>         exit;
>     }



So, as you can see, I configured the auth module with "disable_nonce_check"
parameter, because of my "loadbalanced" architecture as it's said in the
documentation (
http://www.opensips.org/html/docs/modules/1.9.x/auth.html#id250075) .

But, when a SIP Phone tries to register, the first Register (without any
credentials) is sent to the 1st Registrar. It's answered with a 401
Unauthorized containing a nonce.
Then, the 2nd Register (with credentials, and the previously given nonce)
is sent to the 2nd Registrar; but it's still answered with a 401.

Thanks to the return code of www_authorize, I see that it's for the "Stale
Nonce" reason, even if "disable_nonce_check" is set to 1 ...

Maybe there's a misconfiguration, or a bug; so, I need your help :-)

Thanks a lot,



*Bien cordialement, Best Regards,  **Kevin MATHY* | Ingénieur VoIP

-- 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140102/bff1d7f0/attachment-0001.htm>

More information about the Users mailing list