[OpenSER-Users] Proxy Authorization - Two Digests

Ash Rah ash at droshta.net
Wed Apr 23 10:35:39 CEST 2008


Hello,

I am trying to make a design like below to work.

X-Lite ----- OpenSER ----- Asterisk ----->(PSTN Calls)

X-Lite registers with OpenSer and PSTN calls are routed through Asterisk 
from OpenSER. When a call is sent to Asterisk, Asterisk tries to 
authenticate the user on X-Lite. I maintain same username and password 
for both OpenSER and Asterisk.

Now when an INVITE from X-Lite hits OpenSER, it goes through the 
following script and is asked for Proxy Authorization:

if (!proxy_authorize("","subscriber")) {
                        proxy_challenge("","0");
                        exit;
}

When I dial a PSTN number from X-Lite, X-Lite at some point, ends up 
sending two Digests (one for OpenSER and one for Atserisk) in same 
INVITE but gets stuck with Proxy Authorization failure (from OpenSER). 
If I take off the above proxy_authorize section from OpenSER script, 
everything works fine.

Can anyone suggest a solution to this.

Thanks in advance.



U 2008/04/23 13:28:42.314669 110.110.110.110:26986 -> 120.120.120.120:5060
INVITE sip:6048484848484 at sip.dummydomain.com SIP/2.0.
Via: SIP/2.0/UDP 
172.16.40.14:26986;branch=z9hG4bK-d87543-886860777744b40e-1--d87543-;rport.
Max-Forwards: 70.
Contact: <sip:1274229212 at 110.110.110.110:26986>.
To: "6048484848484"<sip:6048484848484 at sip.dummydomain.com>.
From: "1274229212"<sip:1274229212 at sip.dummydomain.com>;tag=7d74b26b.
Call-ID: ZjIyNDQzOWIxZTM2MWJjMTgzNmE1YWE3ZDY1M2RjZWE..
CSeq: 3 INVITE.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, 
SUBSCRIBE, INFO.
Content-Type: application/sdp.
Proxy-Authorization: Digest 
username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848484 at sip.dummydomain.com",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorithm=MD5.
Proxy-Authorization: Digest 
username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f977cae40a747d26f7e9c5f",uri="sip:6048484848484 at sip.dummydomain.com",response="361700cce632c00ff70ede5e5126c6ac",algo
rithm=MD5.
User-Agent: X-Lite release 1011s stamp 41150.
Content-Length: 333.
.
v=0.
o=- 9 2 IN IP4 172.16.40.14.
s=CounterPath X-Lite 3.0.
c=IN IP4 172.16.40.14.
t=0 0.
m=audio 45136 RTP/AVP 0 101.
a=alt:1 3 : gpvy8HMY JXNZYRF+ 172.16.40.14 45136.
a=alt:2 2 : 8S3XPC3M 6q9Z76Pq 192.168.38.1 45136.
a=alt:3 1 : rISpUdBc PRYZ7B/8 192.168.23.1 45136.
a=fmtp:101 0-15.
a=rtpmap:101 telephone-event/8000.
a=sendrecv.


U 2008/04/23 13:28:42.314910 120.120.120.120:5060 -> 110.110.110.110:26986
SIP/2.0 407 Proxy Authentication Required.
Via: SIP/2.0/UDP 
172.16.40.14:26986;branch=z9hG4bK-d87543-886860777744b40e-1--d87543-;rport=26986;received=110.110.110.110.
To: 
"6048484848484"<sip:6048484848484 at sip.dummydomain.com>;tag=058e81974577b8ca6a831d36c0f6fe25.d85d.
From: "1274229212"<sip:1274229212 at sip.dummydomain.com>;tag=7d74b26b.
Call-ID: ZjIyNDQzOWIxZTM2MWJjMTgzNmE1YWE3ZDY1M2RjZWE..
CSeq: 3 INVITE.
Proxy-Authenticate: Digest realm="sip.dummydomain.com", 
nonce="480ee6560e7141c28e990448575d0918ce86a82d".
Server: OpenSER (1.3.1-notls (i386/linux)).
Content-Length: 0.




More information about the Users mailing list