This seems to be fine. The user MUST authenticate to Kamailio, only then Kamailio will create REGISTER request that is send to asterisk. That's the key security feature behind the idea.
Look at the register architecture diagram, http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb#registration Thank you. On Sat, Nov 15, 2014 at 10:31 PM, Mahmoud Ramadan Ali < cisco.and.more.b...@gmail.com> wrote: > Hi Dears, > I'm trying to configure Kamailio as SBC in multi home mode for Asterisk by > authenticating the inbound SIP registration requests,i'm following this > tutorial > http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb > to achieve this goal. i have modified the necessary changes like the > Asterisk DB URL and the SIP table name and Username and password column and > verified the connection. > > My topology like this *Asterisk (192.168.100.10) > <----Internal:192.168.100.1---->Kamailio<---External:192.168.50.1-----> SIP > Phone (192.168.50.2)* > But when trying to register a SIP phone Kamailio does NOT forward the > authentication request to Asterisk and sends 401 Unauthorized error > message.I've attached my config file if any one wants to check it and > thanks in advance. > Best Regards > > > U 192.168.50.2:37297 -> 192.168.50.1:5060 > REGISTER sip:192.168.50.1;transport=UDP SIP/2.0. > Via: SIP/2.0/UDP 192.168.50.2:37297 > ;branch=z9hG4bK-d8754z-a46e0c7c9d98fe52-1---d8754z-;rport;transport=UDP. > Max-Forwards: 70. > Contact: <sip:1001@192.168.50.2:37297 > ;rinstance=1d7c44dbcb8a7a2f;transport=UDP>. > To: <sip:1001@192.168.50.1;transport=UDP>. > From: <sip:1001@192.168.50.1;transport=UDP>;tag=1d222e19. > Call-ID: NTc2NDBjMGQ2YWFmZjdmNWI0MzVmN2Y4NzYyODJlMTc.. > CSeq: 2 REGISTER. > Expires: 70. > Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, > SUBSCRIBE. > Supported: replaces, norefersub, extended-refer, timer, X-cisco-serviceuri. > User-Agent: Z 3.2.21357 r21367. > Authorization: Digest > username="1001",realm="192.168.50.1",nonce="VGfAuFRnv4wMvoTG7wA9tqYD9fgZDe3D",uri="sip:192.168.50.1;transport=UDP",response="8bbd01d879250585eafee4f510689f73",algorithm=MD5. > Allow-Events: presence, kpml. > Content-Length: 0. > # > U 192.168.50.1:5060 -> 192.168.50.2:37297 > SIP/2.0 401 Unauthorized. > Via: SIP/2.0/UDP 192.168.50.2:37297 > ;branch=z9hG4bK-d8754z-a46e0c7c9d98fe52-1---d8754z-;rport=37297;transport=UDP. > To: <sip:1001@192.168.50.1 > ;transport=UDP>;tag=b27e1a1d33761e85846fc98f5f3a7e58.fe8b. > From: <sip:1001@192.168.50.1;transport=UDP>;tag=1d222e19. > Call-ID: NTc2NDBjMGQ2YWFmZjdmNWI0MzVmN2Y4NzYyODJlMTc.. > CSeq: 2 REGISTER. > WWW-Authenticate: Digest realm="192.168.50.1", > nonce="VGfAuFRnv4wMvoTG7wA9tqYD9fgZDe3D". > Server: kamailio (4.1.6 (i386/linux)). > Content-Length: 0. > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > >
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
