[OpenSER-Users] Need help with proxy_authorize for NATed UA
mark morreny
markmorreny at gmail.com
Thu May 29 11:11:31 CEST 2008
Hi,
I am using the same UA and Openser to do two tests. For the first case, UA
is pointing to the external IP of openser.; the other test points the UA to
openser's local ip. Registering is ok for both cases, but when I try to do
an INVITE, the UA pointing to the local IP works whereas the one pointing to
the external IP fails during proxy_authorize.
88.251.45.4 -> external ip of the entire network
192.168.1.104 -> openser's local ip
192.168.1.100 -> UA's local ip
Here is the INVITE with authentication digest from the UA pointing to the
external IP address of openser:
U 88.251.45.4:59864 -> 192.168.1.104:5060
INVITE sip:1005 at 88.251.45.4 <sip%3A1005 at 88.251.45.4> SIP/2.0.
Via: SIP/2.0/UDP 192.168.1.100:17480
;branch=z9hG4bK-d87543-ea31ca6af52bd14c-1--d87543-;rport.
Max-Forwards: 70.
Contact: <sip:1006 at 88.251.45.4:59864>.
To: "1005"<sip:1005 at 88.251.45.4 <sip%3A1005 at 88.251.45.4>>.
From: "1006"<sip:1006 at 88.251.45.4 <sip%3A1006 at 88.251.45.4>>;tag=d21e4745.
Call-ID: NGFlOTRmNTg3ZDFlYzJlYzdhNTlhNzZmMDRlOTJmOGY..
CSeq: 2 INVITE.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE,
INFO.
Content-Type: application/sdp.
Proxy-Authorization: Digest username="1006",realm="88.251.45.4
",nonce="483edcaf82beda80a0c91fc75f486b8fd3f7bbc3",uri="sip:1005 at 88.251.45.4<sip%3A1005 at 88.251.45.4>
",response="4423a99e44bb7266912de3a4af752b3f",cnonce="ece582bf4b1708b67bd1e86952313a63",nc=00000001,qop=auth,algorithm=MD5.
User-Agent: X-Lite release 1011s stamp 41150.
Content-Length: 423.
.
v=0.
o=- 1 2 IN IP4 192.168.1.100.
s=CounterPath X-Lite 3.0.
c=IN IP4 192.168.1.100.
t=0 0.
m=audio 34842 RTP/AVP 107 119 100 106 0 105 98 8 101.
a=alt:1 1 : bIn/n4cp vm9zXwFh 192.168.1.100 34842.
a=fmtp:101 0-15.
a=rtpmap:107 BV32/16000.
a=rtpmap:119 BV32-FEC/16000.
a=rtpmap:100 SPEEX/16000.
a=rtpmap:106 SPEEX-FEC/16000.
a=rtpmap:105 SPEEX-FEC/8000.
a=rtpmap:98 iLBC/8000.
a=rtpmap:101 telephone-event/8000.
a=sendrecv.
Here is the INVITE resend from the UA pointing to openser's local IP:
U 192.168.1.100:50314 -> 192.168.1.104:5060
INVITE sip:1005 at 192.168.1.104 <sip%3A1005 at 192.168.1.104> SIP/2.0.
Via: SIP/2.0/UDP 192.168.1.100:50314
;branch=z9hG4bK-d87543-c34be44e3704d673-1--d87543-;rport.
Max-Forwards: 70.
Contact: <sip:1006 at 192.168.1.100:50314>.
To: "1005"<sip:1005 at 192.168.1.104 <sip%3A1005 at 192.168.1.104>>.
From: "1006"<sip:1006 at 192.168.1.104 <sip%3A1006 at 192.168.1.104>
>;tag=d4048226.
Call-ID: YTc4OTE2NmIyMWRkMjk3ZGNmYmY4OTg3NTQ5NWRhZDI..
CSeq: 2 INVITE.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE,
INFO.
Content-Type: application/sdp.
Proxy-Authorization: Digest username="1006",realm="192.168.1.104
",nonce="483ede954fef336afd24141e99d516b0b7d9091a",uri="
sip:1005 at 192.168.1.104 <sip%3A1005 at 192.168.1.104>
",response="1b77bf191fef631049bd6d6b7dcc9094",cnonce="e96a7e7d9677c4c41952bce7ac2a36e2",nc=00000001,qop=auth,algorithm=MD5.
User-Agent: X-Lite release 1011s stamp 41150.
Content-Length: 423.
.
v=0.
o=- 7 2 IN IP4 192.168.1.100.
s=CounterPath X-Lite 3.0.
c=IN IP4 192.168.1.100.
t=0 0.
m=audio 14816 RTP/AVP 107 119 100 106 0 105 98 8 101.
a=alt:1 1 : SP8QJ5e9 96jlnBkg 192.168.1.100 14816.
a=fmtp:101 0-15.
a=rtpmap:107 BV32/16000.
a=rtpmap:119 BV32-FEC/16000.
a=rtpmap:100 SPEEX/16000.
a=rtpmap:106 SPEEX-FEC/16000.
a=rtpmap:105 SPEEX-FEC/8000.
a=rtpmap:98 iLBC/8000.
a=rtpmap:101 telephone-event/8000.
a=sendrecv.
The openser script associated wit proxy_authorize is :
if (!proxy_authorize("","subscriber")) {
xlog("not authorize need to do proxy challenge\n");
proxy_challenge("","1");
exit;
}
What could be wrong with my setup?
Thanks in advance for your help.
Thanks,
Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20080529/596f9108/attachment.htm
More information about the Users
mailing list