Hi<br><br>I have an OpenSER 1.1 box on a public IP running a config taken more-or-less verbatim from the <a href="http://iptel.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">iptel.org</a> getting started examples. I have a UA behind a PIX which is translating port 5060 on the phone to port 8907 on the firewall. OpenSER is ignoring this and sending replies to INVITEs to port 5060 on the firewall.
<br><br>If it's likely to make any difference, the PATed IP and the IP of the OpenSER box are on the same network.<br><br> 31 61.574505 193.x.x.15 -> 193.x.x.5 SIP/SDP Request: INVITE <a href="mailto:sip:5551212@193.x.x.5" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
sip:5551212@193.x.x.5</a>;user=phone, with session description<br> 32 61.575998 193.x.x.5 -> 193.x.x.15 SIP Status: 407 Proxy Authentication Required<br><br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: SIP Request:
<br>
Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: method: <INVITE><br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: uri: <<a href="mailto:sip:5551212@193.x.x.5" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
sip:5551212@193.x.x.5</a>;user=phone><br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: version: <SIP/2.0>
<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=2<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: Found param type 232, <branch> = <z9hG4bK4ae31c203ab6ceb>; state=16<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: end of header reached, state=5
<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: Via found, flags=2<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: this is the first via<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: After parse_msg...
<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: preparing to run routing scripts...<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=100<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG:parse_to:end of header reached, state=10
<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DBUG:parse_to: display={}, ruri={<a href="mailto:sip:5551212@193.x.x.5" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">sip:5551212@193.x.x.5</a>;user=phone}
<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: get_hdr_field: <To> [39]; uri=[
<a href="mailto:sip:5551212@193.x.x.5" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">sip:5551212@193.x.x.5</a>;user=phone]<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: to body [<<a href="mailto:sip:5551212@193.x.x.5" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
sip:5551212@193.x.x.5</a>;user=phone>^M ]
<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: get_hdr_field: cseq <CSeq>: <1> <INVITE><br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: get_hdr_body : content_length=284<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: found end of header
<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: is_maxfwd_present: max_forwards header not found!<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG: add_param: tag=3783260355<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG:parse_to:end of header reached, state=29
<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DBUG:parse_to: display={}, ruri={<a href="mailto:sip:84410001@193.x.x.5" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">sip:84410001@193.x.x.5</a>
;user=phone}<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=200
<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: find_first_route: No Route headers found<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: loose_route: There is no Route HF<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: grep_sock_info - checking if host==us: 12==12 && [
193.x.x.5] == [193.x.x.5]<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: grep_sock_info - checking if port 5060 matches port 5060<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: XXX INVITE handler: start<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=10000
<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: pre_auth(): Credentials with given realm not found<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: XXX INVITE handler: proxy_authorize failed<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: build_auth_hf(): 'Proxy-Authenticate: Digest realm="
193.x.x.5", nonce="44d3636e40c00e3f51456a587f994d0f285325af"^M '<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: parse_headers: flags=ffffffffffffffff<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: check_via_address(
193.x.x.15, <a href="http://10.200.100.46" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">10.200.100.46</a>, 0)<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: DEBUG:destroy_avp_list: destroying list (nil)
<br>Aug 4 16:05:38 sip3 /usr/sbin/openser[22195]: receive_msg: cleaning up
<br><br>How can I force proxy_challenge() to send its challenge to port 8907?<br><br>Cheers,<br><br>Mark<br><br><br>Config:<br><br>debug=8<br>fork=yes<br>log_stderror=no<br><br>listen=<a href="http://193.82.139.5" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
193.82.139.5
</a><br>port=5060<br>children=4<br><br>dns=no<br>rev_dns=no<br>fifo="/tmp/ser_fifo"<br>fifo_db_url="mysql://openserro:openserro@localhost/openser"<br><br>loadmodule "/usr/lib/openser/modules/mysql.so"
<br>loadmodule "/usr/lib/openser/modules/sl.so"<br>loadmodule "/usr/lib/openser/modules/tm.so"<br>loadmodule "/usr/lib/openser/modules/rr.so"<br>loadmodule "/usr/lib/openser/modules/maxfwd.so"
<br>loadmodule "/usr/lib/openser/modules/usrloc.so"<br>loadmodule "/usr/lib/openser/modules/registrar.so"<br>loadmodule "/usr/lib/openser/modules/auth.so"<br>loadmodule "/usr/lib/openser/modules/auth_db.so"
<br>loadmodule "/usr/lib/openser/modules/uri.so"<br>loadmodule "/usr/lib/openser/modules/uri_db.so"<br>loadmodule "/usr/lib/openser/modules/nathelper.so"<br>loadmodule "/usr/lib/openser/modules/textops.so"
<br><br>modparam("auth_db|uri_db|usrloc", "db_url", "mysql://openserro:openserro@localhost/openser")<br>modparam("auth_db", "calculate_ha1", 1)<br>modparam("auth_db", "password_column", "password")
<br><br>modparam("nathelper", "natping_interval", 30)<br>modparam("nathelper", "ping_nated_only", 1)<br>modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")
<br><br>modparam("usrloc", "db_mode", 2)<br><br>modparam("registrar", "nat_flag", 6)<br><br>modparam("rr", "enable_full_lr", 1)<br><br>route {<br><br> # -----------------------------------------------------------------
<br> # Sanity Check Section<br> # -----------------------------------------------------------------<br> if (!mf_process_maxfwd_header("10")) {<br> sl_send_reply("483", "Too Many Hops");
<br> return;<br> };<br><br> if (msg:len > max_len) {<br> sl_send_reply("513", "Message Overflow");<br> return;<br> };<br><br> # -----------------------------------------------------------------
<br> # Record Route Section<br> # -----------------------------------------------------------------<br> if (method!="REGISTER") {<br> record_route();<br> };<br><br> if (method=="BYE" || method=="CANCEL") {
<br> unforce_rtp_proxy();<br> }<br><br> # -----------------------------------------------------------------<br> # Loose Route Section<br> # -----------------------------------------------------------------
<br> if (loose_route()) {<br><br> if ((method=="INVITE" || method=="REFER") && !has_totag()) {<br> sl_send_reply("403", "Forbidden");
<br> return;<br> };<br><br> if (method=="INVITE") {<br><br> if (!proxy_authorize("","subscriber")) {<br> proxy_challenge("","0");
<br> return;<br> } else if (!check_from()) {<br> sl_send_reply("403", "Use From=ID");<br> return;
<br> };<br> consume_credentials();<br><br> if (nat_uac_test("19")) {<br> setflag(6);<br> force_rport();
<br> fix_nated_contact();<br> };<br> force_rtp_proxy("l");<br> };<br> route(1);<br> return;
<br> };<br><br> # -----------------------------------------------------------------<br> # Call Type Processing Section<br> # -----------------------------------------------------------------<br>
if (uri!=myself) {<br> route(4);<br> route(1);<br> return;<br> };<br><br> if (method=="ACK") {<br> route(1);<br> return;
<br> } else if (method=="CANCEL") {<br> route(1);<br> return;<br> } else if (method=="INVITE") {<br> route(3);<br> return;<br>
} else if (method=="REGISTER") {
<br> route(2);<br> return;<br> };<br><br> lookup("aliases");<br> if (uri!=myself) {<br> route(4);<br> route(1);<br> return;
<br> };<br><br> if (!lookup("location")) {<br> sl_send_reply("404", "User Not Found");<br> return;<br> };<br><br> route(1);<br>}<br>
<br>
route[1] {<br> log("XXX default handler: start");<br><br> # -----------------------------------------------------------------<br> # Default Message Handler<br> # -----------------------------------------------------------------
<br><br> t_on_reply("1");<br><br> if (!t_relay()) {<br> if (method=="INVITE" && isflagset(6)) {<br> unforce_rtp_proxy();<br> };
<br> sl_reply_error();<br> };<br>}<br><br>route[2] {<br> log("XXX REGISTER handler: start");<br><br> # -----------------------------------------------------------------<br> # REGISTER Message Handler
<br> # ----------------------------------------------------------------<br><br> if (!search("^Contact:[ ]*\*") && nat_uac_test("19")) {<br> log("XXX REGISTER handler: valid contact and nat_uac_test(19) true");
<br> setflag(6);<br> fix_nated_register();<br> force_rport();<br> };<br><br> log("XXX REGISTER handler: 100 trying");<br> sl_send_reply("100", "Trying");
<br><br> if (!www_authorize("","subscriber")) {<br> log("XXX REGISTER handler: www_authorize failed");<br> www_challenge("","0");<br>
return;
<br> };<br><br> if (!check_to()) {<br> sl_send_reply("401", "Unauthorized");<br> return;<br> };<br><br> consume_credentials();<br><br> if (!save("location")) {
<br> sl_reply_error();<br> };<br> log("XXX REGISTER handler: location saved");<br>}<br><br>route[3] {<br> log("XXX INVITE handler: start");<br><br> # -----------------------------------------------------------------
<br> # INVITE Message Handler<br> # -----------------------------------------------------------------<br><br> if (!proxy_authorize("","subscriber")) {<br> log("XXX INVITE handler: proxy_authorize failed");
<br> proxy_challenge("","0");<br> return;<br> } else if (!check_from()) {<br> sl_send_reply("403", "Use From=ID");<br> return;
<br> };<br><br> consume_credentials();<br><br> if (nat_uac_test("19")) {<br> setflag(6);<br> }<br><br> lookup("aliases");<br> if (uri!=myself) {
<br> route(4);<br> route(1);<br> return;<br> };<br><br> if (!lookup("location")) {<br> sl_send_reply("404", "User Not Found");
<br> return;<br> };<br><br> route(4);<br> route(1);<br>}<br><br>route[4] {<br> log("XXX NAT traversal: start");<br><br> # -----------------------------------------------------------------
<br> # NAT Traversal Section<br> # -----------------------------------------------------------------<br><br> if (isflagset(6)) {<br> force_rport();<br> fix_nated_contact();
<br> force_rtp_proxy();<br> }<br>}<br><br>onreply_route[1] {<br> log("XXX onreply_route: start");<br><br> if (isflagset(6) && status=~"(180)|(183)|2[0-9][0-9]") {
<br> if (!search("^Content-Length:[ ]*0")) {<br> force_rtp_proxy();<br> };<br> };<br><br> if (nat_uac_test("1")) {<br> log("XXX onreply_route: nat_uac_test(1) true");
<br> fix_nated_contact();<br> };<br>}<br><br>