Re: [SR-Users] INVITE proxy auth

Tue, 04 Mar 2014 12:58:17 -0800 

Hello,
a proxy cannot authenticate itself with username and password without breaking RFC (respectively cseq sequence numbers). The best and the standard practice is to accept the traffic from the proxy based on source IP. 

Cheers,
Daniel

On 04/03/14 20:38, Marc Soda wrote:

Hey all,

I have a pretty general SIP question that I'm hoping some of you can
shed some light on.  I hope this ok for the list.

I am setting up a SIP proxy with Kamailio.  The backend server
(Asterisk in my case) requires authentication.  Is it standard/best
practice to require a proxy to authenticate to a backend server for
INVITEs?

I am already registering, with authentication, on behalf of the
client, i.e, the client registers to the proxy, then the proxy
registers to the backend server, all with authentication.  I was
hoping not to have to do this on INVITEs, but if I don't I'm left with
the following:

client                        proxy                        backend
   |     -------INVITE------->   |                             |
   |     <--------407---------   |                             |
   |     ---------ACK-------->   |                             |
   |     ----INVITE(auth)---->   |                             |
   |     <--------100---------   |                             |
   |                             |     -------INVITE------->   |
   |                             |     <--------401---------   |
   |                             |     ---------ACK-------->   |
   |     <--------401---------   |                             |
   |     ---------ACK-------->   |                             |
   |     ----INVITE(auth)---->   |                             |
   |     <--------100---------   |                             |
   |                             |     ----INVITE(auth)---->   |
   |                             |     <--------100---------   |
   |                             |     <---------OK---------   |
   |     <---------OK---------   |                             |
   |     ---------ACK-------->   |                             |
   |                             |     ---------ACK-------->   |

It works, but, it's terrible...

Before I try to make it work differently, what do you all think it should do?

Marc

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users






















					Reply via email to