[Users] pstn-to-openser, 403 Forbiden

Ion Minzu ion.minzu at cts.md
Thu Nov 9 08:36:28 CET 2006 

Hello Norman,
  thanks, Norman
  after I have closed the domain authorisation (proxy_authorize), everything works.
  It looks for me too sophisticated to use permission and domain module. I will try another method.
  now I want to make restrictions for voip users, I mean who has the right to make a call to pstn
  and who has not. someone has some ideeas?

Wednesday, November 8, 2006, 2:35:34 PM, you wrote:

> Hello Ion,

> Perhaps the "pstn" device is not responding to the authorization 
> request.  A SIP trace will show you if this is happening.

> "ngrep -W byline port 5060" should be all you need to trace SIP messages
> (if you're listening on eth1, then you might want to add "-d eth1" when
> invoking ngrep).  Older versions of ngrep did not have the "-W byline"
> option.  If this is your case, you probably should upgrade ngrep.

> A possible solution to you problem might be to use the "permissions"
> module and the "trusted" table.  Then, instead of 
> (www_authorize/www_challenge or in addition to, depending on your 
> particular situation) you might want to use the "allow_trusted()" 
> command to authenticate incoming INVITEs.

> Below is a little example

> <snip>

>       if (!is_from_local() && !allow_trusted()) {
>         if (!proxy_authorize("","subscriber")) {
>           proxy_challenge("","0");
>           exit;
>         } else if (!check_from()) {
>           sl_send_reply("403", "Use From=ID");
>           exit;
>         };
>       };

> </snip>

> Regards,
> Norm


> Ion Minzu wrote:
>> Hello ,
>>
>> I have connected openser with pstn through cisco. when I make a
>> call from voip network to pstn it's ok.
>> but from pstn to voip I have a problem:openser answers 403 forbiden.
>> in openser I do the authorisation on mysql, I have disabled authorisation on sip
>> gateway:
>>
>> if (src_ip!=X.X.X.X) {
>>         if (!www_authorize("DOMAIN.COM","subscriber")) {
>>         www_challenge("DOMAIN.COM","0");
>>         exit;
>>         }
>>         };
>>
>> What is the problem?
>>
>>  X.X.X.X is cisco
>>  
>> U X.X.X.X:54177 -> 172.17.6.2:5060
>>   INVITE sip:820022 at 172.17.6.2:5060 SIP/2.0..Via: SIP/2.0/UDP
>>   X.X.X.X:5060..From:
>> <sip:022250699 at X.X.X.X>;tag=1A0FBC30-1472..To: <sip:820022 at 172.1
>>   7.6.2>..Date: Wed, 08 Nov 2006 11:03:14 GMT..Call-ID:
>>   906DA628-6E4F11DB-9034EA4F-E981BA1F at X.X.X.X..Supported:
>> timer,100rel..Min-SE:  1800..Cisco-Guid
>>   : 2422905184-1850675675-2419190351-3917593119..User-Agent:
>> Cisco-SIPGateway/IOS-12.x..Allow: INVITE, OPTIONS, BYE, CANCEL,
>> ACK, PRACK, COMET, REFER, SUBS
>>   CRIBE, NOTIFY, INFO..CSeq: 101 INVITE..Max-Forwards:
>> 6..Remote-Party-ID:
>> <sip:022250699 at X.X.X.X>;party=calling;screen=yes;privacy=off..Timestamp:
>> 116
>>   2983794..Contact: <sip:022250699 at X.X.X.X:5060>..Expires:
>> 180..Allow-Events: telephone-event..Content-Type:
>> application/sdp..Content-Length: 235....v=
>>   0..o=CiscoSystemsSIP-GW-UserAgent 1226 5023 IN IP4 X.X.X.X..s=SIP
>>   Call..c=IN IP4 X.X.X.X..t=0 0..m=audio 16642 RTP/AVP 18 19..c=IN IP4
>>   X.X.X.X..a=rtpmap:18 G729/8000..a=fmtp:18
>> annexb=no..a=rtpmap:19 CN/8000..a=ptime:20..
>> #
>> U 172.17.6.2:5060 -> X.X.X.X:5060
>>   SIP/2.0 403 Use From=ID..Via: SIP/2.0/UDP  X.X.X.X:5060..From:
>>   <sip:022250699 at X.X.X.X>;tag=1A0FBC30-1472..To:
>>  
>> <sip:820022 at 172.17.6.2>;tag=329cfeaa6ded039da25ff8cbb8668bd2.13ec..Call-ID:
>> 906DA628-6E4F11DB-9034EA4F-E981BA1F at X.X.X.X..CSeq: 101
>> INVITE..Server: OpenSer (1.1.0-tls (x86_64/linux))..C
>>   ontent-Length: 0..Warning: 392 172.17.6.2:5060 "Noisy
>> feedback tells:  pid=32240 req_src_ip=X.X.X.X req_src_port=54177
>> in_uri=sip:820022 at 172.17.6.2:5
>>   060 out_uri=sip:820022 at 172.17.6.2:5060 via_cnt==1"....
>> #
>> U X.X.X.X:54177 -> 172.17.6.2:5060
>>   ACK sip:820022 at 172.17.6.2:5060 SIP/2.0..Via: SIP/2.0/UDP
>>   X.X.X.X:5060..From:
>> <sip:022250699 at X.X.X.X>;tag=1A0FBC30-1472..To: <sip:820022 at 172.17.6
>>   .2>;tag=329cfeaa6ded039da25ff8cbb8668bd2.13ec..Date: Wed, 08 Nov
>>   2006 11:03:14 GMT..Call-ID:
>>   906DA628-6E4F11DB-9034EA4F-E981BA1F at X.X.X.X..Max-Forward
>>   s: 6..Content-Length: 0..CSeq: 101 ACK....
>>
>>
>> Best regards,
>> Ion Minzu,
>> Specialist Tehnologii Informationale,
>> Administrator de sistem al Centrului de certificare,
>> Administrator VoIP,
>> I.S."Centrul de Telecomunicatii Speciale",
>> tel:250-517 (office), 069501208 (mob), 382869185 (ICQ)
>> mailto:ion.minzu at cts.md
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>>
>>   




-- 
Best regards,
 Ion                            mailto:ion.minzu at cts.md

More information about the Users mailing list