<html><body><div style="color:#000; background-color:#fff; font-family:tahoma, new york, times, serif;font-size:12pt"><div style="RIGHT: auto"><SPAN style="RIGHT: auto"></SPAN></div>
<DIV></DIV>
<DIV style="RIGHT: auto">Hi all</DIV>
<DIV style="RIGHT: auto"> </DIV>
<DIV style="RIGHT: auto">I use sipp tool accompanying opensips server to generate normal SIP traffic. I successfuly enable authentication in opensips; added some users in database and performed authentication proccess in register and invite requests. I see valid authentication as username and passwords are valid and failure in authentication as password is invalid. After sending first invite and receiving 407 (proxy auth req) message; In my scenario an Invite message is sent with authentication header containing valid nonce. My problem is that when URI of re-Invite request is invalid I receive 407 instead of 404 (not found). </DIV>
<DIV style="RIGHT: auto">I'm so <SPAN style="RIGHT: auto" class=hps closure_uid_allmq4="315" Pc="null">grateful about any help.</SPAN></DIV>
<DIV style="RIGHT: auto"> </DIV>
<DIV style="RIGHT: auto"> </DIV>
<DIV style="RIGHT: auto">This is my opensips config file (opensips.cfg):</DIV>
<DIV style="RIGHT: auto"> </DIV>
<DIV style="RIGHT: auto"> </DIV>
<DIV style="RIGHT: auto"> </DIV>
<DIV style="RIGHT: auto"> </DIV>
<DIV style="RIGHT: auto"> </DIV>
<DIV style="RIGHT: auto">#<BR># $Id: opensips.cfg 5503 2009-03-22 16:22:32Z bogdan_iancu $<BR>#<BR># OpenSIPS basic configuration script<BR># by Anca Vamanu <<A href="mailto:anca@voice-system.ro">anca@voice-system.ro</A>><BR>#<BR># Please refer to the Core CookBook at:<BR># <A href="http://www.opensips.org/index.php?n=Resources.DocsCookbooks">http://www.opensips.org/index.php?n=Resources.DocsCookbooks</A><BR># for a explanation of possible statements, functions and parameters.<BR>#</DIV>
<DIV style="RIGHT: auto"><BR>####### Global Parameters #########</DIV>
<DIV style="RIGHT: auto">#debug=3<BR>log_stderror=no<BR>log_facility=LOG_LOCAL0</DIV>
<DIV style="RIGHT: auto">fork=yes<BR>children=4</DIV>
<DIV style="RIGHT: auto">/* uncomment the following lines to enable debugging */<BR>debug=6<BR>#fork=no<BR>#log_stderror=yes</DIV>
<DIV style="RIGHT: auto">/* uncomment the next line to disable TCP (default on) */<BR>#disable_tcp=yes</DIV>
<DIV style="RIGHT: auto">/* uncomment the next line to enable the auto temporary blacklisting of <BR> not available destinations (default disabled) */<BR>#disable_dns_blacklist=no</DIV>
<DIV style="RIGHT: auto">/* uncomment the next line to enable IPv6 lookup after IPv4 dns <BR> lookup failures (default disabled) */<BR>#dns_try_ipv6=yes</DIV>
<DIV style="RIGHT: auto">/* uncomment the next line to disable the auto discovery of local aliases<BR> based on revers DNS on IPs (default on) */<BR>#auto_aliases=no</DIV>
<DIV style="RIGHT: auto">/* uncomment the following lines to enable TLS support (default off) */<BR>#disable_tls = no<BR>#listen = tls:your_IP:5061<BR>#tls_verify_server = 1<BR>#tls_verify_client = 1<BR>#tls_require_client_certificate = 0<BR>#tls_method = TLSv1<BR>#tls_certificate = "/usr/local/etc/opensips/tls/user/user-cert.pem"<BR>#tls_private_key = "/usr/local/etc/opensips/tls/user/user-privkey.pem"<BR>#tls_ca_list = "/usr/local/etc/opensips/tls/user/user-calist.pem"</DIV>
<DIV style="RIGHT: auto">port=5060</DIV>
<DIV style="RIGHT: auto">/* uncomment and configure the following line if you want opensips to <BR> bind on a specific interface/port/proto (default bind on all available) */<BR>listen=udp:194.225.238.244:5060</DIV>
<DIV style="RIGHT: auto"><BR>####### Modules Section ########</DIV>
<DIV style="RIGHT: auto">#set module path<BR>mpath="/usr/local/lib64/opensips/modules/"</DIV>
<DIV style="RIGHT: auto">/* uncomment next line for MySQL DB support */<BR>loadmodule "db_mysql.so"<BR>loadmodule "signaling.so"<BR>loadmodule "sl.so"<BR>loadmodule "tm.so"<BR>loadmodule "rr.so"<BR>loadmodule "maxfwd.so"<BR>loadmodule "usrloc.so"<BR>loadmodule "registrar.so"<BR>loadmodule "textops.so"<BR>loadmodule "mi_fifo.so"<BR>loadmodule "uri_db.so"<BR>loadmodule "uri.so"<BR>loadmodule "xlog.so"<BR>loadmodule "acc.so"<BR>/* uncomment next lines for MySQL based authentication support <BR> NOTE: a DB (like db_mysql) module must be also loaded */<BR>loadmodule "auth.so"<BR>loadmodule "auth_db.so"<BR>/* uncomment next line for aliases support<BR> NOTE: a DB (like db_mysql) module must be also loaded */<BR>#loadmodule "alias_db.so"<BR>/* uncomment next line for multi-domain support<BR> NOTE: a DB (like db_mysql) module must be also loaded<BR> NOTE: be sure and enable multi-domain support in all used
modules<BR> (see "multi-module params" section ) */<BR>#loadmodule "domain.so"<BR>/* uncomment the next two lines for presence server support<BR> NOTE: a DB (like db_mysql) module must be also loaded */<BR>#loadmodule "presence.so"<BR>#loadmodule "presence_xml.so"</DIV>
<DIV style="RIGHT: auto"><BR># ----------------- setting module-specific parameters ---------------</DIV>
<DIV style="RIGHT: auto"><BR># ----- mi_fifo params -----<BR>modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")</DIV>
<DIV style="RIGHT: auto"><BR># ----- rr params -----<BR># add value to ;lr param to cope with most of the UAs<BR>modparam("rr", "enable_full_lr", 1)<BR># do not append from tag to the RR (no need for this script)<BR>modparam("rr", "append_fromtag", 0)</DIV>
<DIV style="RIGHT: auto"><BR># ----- registrar params -----<BR>modparam("registrar", "method_filtering", 1)<BR>/* uncomment the next line to disable parallel forking via location */<BR># modparam("registrar", "append_branches", 0)<BR>/* uncomment the next line not to allow more than 10 contacts per AOR */<BR>#modparam("registrar", "max_contacts", 10)</DIV>
<DIV style="RIGHT: auto"><BR># ----- usrloc params -----<BR>modparam("usrloc", "db_mode", 0)<BR>/* uncomment the following lines if you want to enable DB persistency<BR> for location entries */<BR>#modparam("usrloc", "db_mode", 2)<BR>#modparam("usrloc", "db_url",<BR># "mysql://opensips:opensipsrw@localhost/opensips")</DIV>
<DIV style="RIGHT: auto"><BR># ----- uri_db params -----<BR>/* by default we disable the DB support in the module as we do not need it<BR> in this configuration */<BR>modparam("uri_db", "use_uri_table", 0)<BR>modparam("uri_db", "db_url", "")</DIV>
<DIV style="RIGHT: auto"><BR># ----- acc params -----<BR>/* what sepcial events should be accounted ? */<BR>modparam("acc", "early_media", 1)<BR>modparam("acc", "report_ack", 1)<BR>modparam("acc", "report_cancels", 1)<BR>/* by default ww do not adjust the direct of the sequential requests.<BR> if you enable this parameter, be sure the enable "append_fromtag"<BR> in "rr" module */<BR>modparam("acc", "detect_direction", 0)<BR>/* account triggers (flags) */<BR>modparam("acc", "failed_transaction_flag", 3)<BR>modparam("acc", "log_flag", 1)<BR>modparam("acc", "log_missed_flag", 2)<BR>/* uncomment the following lines to enable DB accounting also */<BR>modparam("acc", "db_flag", 1)<BR>modparam("acc", "db_missed_flag", 2)</DIV>
<DIV style="RIGHT: auto"><BR># ----- auth_db params -----<BR>/* uncomment the following lines if you want to enable the DB based<BR> authentication */<BR>modparam("auth_db", "calculate_ha1", yes)<BR>modparam("auth_db", "password_column", "password")<BR>modparam("auth_db", "db_url",<BR> "mysql://opensips:opensipsrw@localhost/opensips")<BR>modparam("auth_db", "load_credentials", "")</DIV>
<DIV style="RIGHT: auto"><BR># ----- alias_db params -----<BR>/* uncomment the following lines if you want to enable the DB based<BR> aliases */<BR>#modparam("alias_db", "db_url",<BR># "mysql://opensips:opensipsrw@localhost/opensips")</DIV>
<DIV style="RIGHT: auto"><BR># ----- domain params -----<BR>/* uncomment the following lines to enable multi-domain detection<BR> support */<BR>#modparam("domain", "db_url",<BR># "mysql://opensips:opensipsrw@localhost/opensips")<BR>#modparam("domain", "db_mode", 1) # Use caching</DIV>
<DIV style="RIGHT: auto"><BR># ----- multi-module params -----<BR>/* uncomment the following line if you want to enable multi-domain support<BR> in the modules (dafault off) */<BR>#modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)</DIV>
<DIV style="RIGHT: auto"><BR># ----- presence params -----<BR>/* uncomment the following lines if you want to enable presence */<BR>#modparam("presence|presence_xml", "db_url",<BR># "mysql://opensips:opensipsrw@localhost/opensips")<BR>#modparam("presence_xml", "force_active", 1)<BR>#modparam("presence", "server_address", "sip:192.168.1.2:5060")</DIV>
<DIV style="RIGHT: auto"><BR>####### Routing Logic ########</DIV>
<DIV style="RIGHT: auto"><BR># main request routing logic</DIV>
<DIV style="RIGHT: auto">route{</DIV>
<DIV style="RIGHT: auto"> if (!mf_process_maxfwd_header("10")) {<BR> sl_send_reply("483","Too Many Hops");<BR> exit;<BR> }</DIV>
<DIV style="RIGHT: auto"> if (has_totag()) {<BR> # sequential request withing a dialog should<BR> # take the path determined by record-routing<BR> if (loose_route()) {<BR> if (is_method("BYE")) {<BR> setflag(1); # do accounting ...<BR> setflag(3); # ... even if the transaction fails<BR> } else if (is_method("INVITE")) {<BR> # even if in most of the cases is useless, do RR for<BR> # re-INVITEs alos, as some buggy clients do change route set<BR> # during the dialog.<BR> record_route();<BR> }<BR> # route it out to whatever destination was set by loose_route()<BR> # in $du (destination URI).<BR> route(1);<BR> } else {<BR> /* uncomment the following lines if
you want to enable presence */<BR> ##if (is_method("SUBSCRIBE") && $rd == "your.server.ip.address") {<BR> ## # in-dialog subscribe requests<BR> ## route(2);<BR> ## exit;<BR> ##}<BR> if ( is_method("ACK") ) {<BR> if ( t_check_trans() ) {<BR> # non loose-route, but stateful ACK; must be an ACK after <BR> # a 487 or e.g. 404 from upstream server<BR> t_relay();<BR> exit;<BR> } else {<BR> # ACK without matching transaction -><BR> # ignore and discard<BR> exit;<BR> }<BR> } <BR> sl_send_reply("404","Not
here");<BR> }<BR> exit;<BR> }</DIV>
<DIV style="RIGHT: auto"> #initial requests</DIV>
<DIV style="RIGHT: auto"> # CANCEL processing<BR> if (is_method("CANCEL"))<BR> {<BR> if (t_check_trans())<BR> t_relay();<BR> exit;<BR> }</DIV>
<DIV style="RIGHT: auto"> t_check_trans();</DIV>
<DIV style="RIGHT: auto"> # authenticate if from local subscriber (uncomment to enable auth)<BR> # authenticate all initial non-REGISTER request that pretend to be<BR> # generated by local subscriber (domain from FROM URI is local)<BR> if (!(method=="REGISTER") && from_uri==myself) /*no multidomain version*/<BR> ##if (!(method=="REGISTER") && is_from_local()) /*multidomain version*/<BR> {<BR> if (!proxy_authorize("", "subscriber")) {<BR> proxy_challenge("", "0");<BR> exit;<BR> }<BR> if (!check_from()) {<BR> sl_send_reply("403","Forbidden auth ID");<BR> exit;<BR> }<BR> <BR> consume_credentials();<BR> # caller authenticated<BR> }</DIV>
<DIV style="RIGHT: auto"> # preloaded route checking<BR> if (loose_route()) {<BR> xlog("L_ERR",<BR> "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");<BR> if (!is_method("ACK"))<BR> sl_send_reply("403","Preload Route denied");<BR> exit;<BR> }</DIV>
<DIV style="RIGHT: auto"> # record routing<BR> if (!is_method("REGISTER|MESSAGE"))<BR> record_route();</DIV>
<DIV style="RIGHT: auto"> # account only INVITEs<BR> if (is_method("INVITE")) {<BR> setflag(1); # do accounting<BR> }<BR> if (!uri==myself)<BR> ## replace with following line if multi-domain support is used<BR> ##if (!is_uri_host_local())<BR> {<BR> append_hf("P-hint: outbound\r\n"); <BR> # if you have some interdomain connections via TLS<BR> ##if($rd=="tls_domain1.net") {<BR> ## t_relay("tls:domain1.net");<BR> ## exit;<BR> ##} else if($rd=="tls_domain2.net") {<BR> ## t_relay("tls:domain2.net");<BR> ## exit;<BR> ##}<BR> route(1);<BR> }</DIV>
<DIV style="RIGHT: auto"> # requests for my domain</DIV>
<DIV style="RIGHT: auto"> ## uncomment this if you want to enable presence server <BR> ## and comment the next 'if' block<BR> ## NOTE: uncomment also the definition of route[2] from below<BR> ##if( is_method("PUBLISH|SUBSCRIBE"))<BR> ## route(2);</DIV>
<DIV style="RIGHT: auto"> if (is_method("PUBLISH"))<BR> {<BR> sl_send_reply("503", "Service Unavailable");<BR> exit;<BR> }<BR> </DIV>
<DIV style="RIGHT: auto"> if (is_method("REGISTER"))<BR> {<BR> # authenticate the REGISTER requests (uncomment to enable auth)<BR> if (!www_authorize("", "subscriber"))<BR> {<BR> www_challenge("", "0");<BR> exit;<BR> }</DIV>
<DIV style="RIGHT: auto"> if (!check_to()) <BR> {<BR> sl_send_reply("403","Forbidden auth ID");<BR> exit;<BR> }</DIV>
<DIV style="RIGHT: auto"> if (!save("location"))<BR> sl_reply_error();</DIV>
<DIV style="RIGHT: auto"> exit;<BR> }</DIV>
<DIV style="RIGHT: auto"> if ($rU==NULL) {<BR> # request with no Username in RURI<BR> sl_send_reply("484","Address Incomplete");<BR> exit;<BR> }</DIV>
<DIV style="RIGHT: auto"> # apply DB based aliases (uncomment to enable)<BR> ##alias_db_lookup("dbaliases");</DIV>
<DIV style="RIGHT: auto"> if (!lookup("location")) {<BR> switch ($retcode) {<BR> case -1:<BR> case -3:<BR> t_newtran();<BR> t_reply("404", "Not Found");<BR> exit;<BR> case -2:<BR> sl_send_reply("405", "Method Not Allowed");<BR> exit;<BR> }<BR> }</DIV>
<DIV style="RIGHT: auto"> # when routing via usrloc, log the missed calls also<BR> setflag(2);</DIV>
<DIV style="RIGHT: auto"> route(1);<BR>}</DIV>
<DIV style="RIGHT: auto"><BR>route[1] {<BR> # for INVITEs enable some additional helper routes<BR> if (is_method("INVITE")) {<BR> t_on_branch("2");<BR> t_on_reply("2");<BR> t_on_failure("1");<BR> }</DIV>
<DIV style="RIGHT: auto"> if (!t_relay()) {<BR> sl_reply_error();<BR> };<BR> exit;<BR>}</DIV>
<DIV style="RIGHT: auto"><BR># Presence route<BR>/* uncomment the whole following route for enabling presence<BR> NOTE: do not forget to enable the call of this route from the main<BR> route */<BR>##route[2]<BR>##{<BR>## if (!t_newtran())<BR>## {<BR>## sl_reply_error();<BR>## exit;<BR>## };<BR>##<BR>## if(is_method("PUBLISH"))<BR>## {<BR>## handle_publish();<BR>## t_release();<BR>## }<BR>## else<BR>## if( is_method("SUBSCRIBE"))<BR>## {<BR>## handle_subscribe();<BR>## t_release();<BR>## }<BR>##<BR>## exit;<BR>##}</DIV>
<DIV style="RIGHT: auto"><BR>branch_route[2] {<BR> xlog("new branch at $ru\n");<BR>}</DIV>
<DIV style="RIGHT: auto"><BR>onreply_route[2] {<BR> xlog("incoming reply\n");<BR>}</DIV>
<DIV style="RIGHT: auto"><BR>failure_route[1] {<BR> if (t_was_cancelled()) {<BR> exit;<BR> }</DIV>
<DIV style="RIGHT: auto"> # uncomment the following lines if you want to block client <BR> # redirect based on 3xx replies.<BR> ##if (t_check_status("3[0-9][0-9]")) {<BR> ##t_reply("404","Not found");<BR> ## exit;<BR> ##}</DIV>
<DIV style="RIGHT: auto"> # uncomment the following lines if you want to redirect the failed <BR> # calls to a different new destination<BR> ##if (t_check_status("486|408")) {<BR> ## sethostport("192.168.2.100:5060");<BR> ## # do not set the missed call flag again<BR> ## t_relay();<BR> ##}<BR>}</DIV>
<DIV><SPAN style="FONT-FAMILY: tahoma, times, serif; FONT-SIZE: 18px"></SPAN></DIV>
<DIV style="RIGHT: auto"><SPAN style="FONT-FAMILY: tahoma, times, serif; FONT-SIZE: 18px"><SPAN style="BACKGROUND-COLOR: transparent"></SPAN><BR><BR><BR></SPAN></DIV></div></body></html>