<div dir="ltr"><div>Hi Mohamed,<br></div><div><span tabindex="-1" id="result_box" class="" lang="en"><span class="">Thank you</span> <span class="">for your interest in</span> <span class="">helping me,I've configured the the auth_db module with the Asterisk DB URL and the SIP username and password table name and verified the MYSQL remote connection from Kamailio to the Asterisk DB and</span></span> get connected as predicted.<br><br></div><div>I tried to register a phone after applying the changes and Kamailio forwarded the register request to Asterisk only once and without successful authentication ! now i didn't change anything in the configuration file and can NOT get any registration requests forwarded from Kamailio to Asterisk and get only events on Kamailio that it can NOT register the incoming registration request like this.<br><br>root@debian:/usr/local/etc/kamailio# ngrep -W byline -d eth1 port 5060<br>U <a href="http://192.168.50.2:50886">192.168.50.2:50886</a> -> <a href="http://192.168.50.1:5060">192.168.50.1:5060</a><br>REGISTER sip:192.168.50.1 SIP/2.0.<br>Via: SIP/2.0/UDP 192.168.50.2:50886;branch=z9hG4bK-d8754z-cb65023b979d0a36-1---d8754z-;rport.<br>Max-Forwards: 70.<br>Contact: <sip:1001@192.168.50.2:50886;rinstance=8000799665fa4b54>.<br>To: "Mahmoud Ramadan Ali"<<a href="mailto:sip%3A1001@192.168.50.1">sip:1001@192.168.50.1</a>>.<br>From: "Mahmoud Ramadan Ali"<<a href="mailto:sip%3A1001@192.168.50.1">sip:1001@192.168.50.1</a>>;tag=9f381b5f.<br>Call-ID: MzcxNzYwMmUyN2E0M2FkMWRmOTI0ZjNkMjJmNWNhYTc.<br>CSeq: 2 REGISTER.<br>Expires: 3600.<br>Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO.<br>User-Agent: X-Lite 4.7.1 74247--W6.1.<br>Authorization: Digest username="1001",realm="192.168.50.1",nonce="VGqbxVRqmpngschsiE6AuMiOfCS/MIp7",uri="sip:192.168.50.1",response="1788f6b9cfc322b863a93c91f3b623dc",algorithm=MD5.<br>Content-Length: 0.<br>#<br>U <a href="http://192.168.50.1:5060">192.168.50.1:5060</a> -> <a href="http://192.168.50.2:50886">192.168.50.2:50886</a><br>SIP/2.0 401 Unauthorized.<br>Via: SIP/2.0/UDP 192.168.50.2:50886;branch=z9hG4bK-d8754z-cb65023b979d0a36-1---d8754z-;rport=50886.<br>To: "Mahmoud Ramadan Ali"<<a href="mailto:sip%3A1001@192.168.50.1">sip:1001@192.168.50.1</a>>;tag=b27e1a1d33761e85846fc98f5f3a7e58.0bcb.<br>From: "Mahmoud Ramadan Ali"<<a href="mailto:sip%3A1001@192.168.50.1">sip:1001@192.168.50.1</a>>;tag=9f381b5f.<br>Call-ID: MzcxNzYwMmUyN2E0M2FkMWRmOTI0ZjNkMjJmNWNhYTc.<br>CSeq: 2 REGISTER.<br>WWW-Authenticate: Digest realm="192.168.50.1", nonce="VGqbxVRqmpngschsiE6AuMiOfCS/MIp7".<br>Server: kamailio (4.1.6 (i386/linux)).<br>Content-Length: 0.<br><br></div><div>But when using the Ngrep command on Asterisk to capture traffic on port 5050 or even 5060 i get no thing ! other troubleshooting steps i followed including :<br></div><div>1.Verfiying the Mysql connection from Kamailio and the account tabe name and SIP username / password column.<br><br>root@debian:/usr/local/etc/kamailio# mysql -u sipuser -h 192.168.100.10 -p<br>Enter password:<br>Welcome to the MySQL monitor. Commands end with ; or \g.<br>Your MySQL connection id is 149<br>Server version: 5.1.73 Source distribution<br><br>Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.<br><br>Oracle is a registered trademark of Oracle Corporation and/or its<br>affiliates. Other names may be trademarks of their respective<br>owners.<br><br>Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br><br>mysql> use asterisk;<br>Reading table information for completion of table and column names<br>You can turn off this feature to get a quicker startup with -A<br><br>Database changed<br>mysql> SELECT * FROM sip;<br>+------+------------------+---------------------------------+-------+<br>| id | keyword | data | flags |<br>+------+------------------+---------------------------------+-------+<br>| 1001 | pickupgroup | | 22 |<br>| 1001 | callgroup | | 21 |<br>| 1001 | encryption | no | 20 |<br>| 1001 | icesupport | no | 19 |<br>| 1001 | force_avp | no | 18 |<br>| 1001 | avpf | no | 17 |<br>| 1001 | transport | udp,tcp,tls | 16 |<br>| 1001 | qualifyfreq | 60 | 15 |<br>| 1001 | qualify | yes | 14 |<br>| 1001 | port | 5050 | 13 |<br>| 1001 | nat | no | 12 |<br>| 1001 | type | friend | 11 |<br>| 1001 | sendrpid | no | 10 |<br>| 1001 | trustrpid | yes | 9 |<br>| 1001 | host | dynamic | 8 |<br>| 1001 | context | from-internal | 7 |<br>| 1001 | canreinvite | no | 6 |<br>| 1001 | dtmfmode | rfc2833 | 5 |<br>| 1001 | secret | 1001secret | 4 |<br>| 1001 | secret_origional | 1001secret | 3 |<br>| 1001 | sipdriver | chan_sip | 2 |<br>| 1001 | dial | SIP/1001 | 25 |<br>| 1002 | pickupgroup | | 22 |<br>| 1002 | callgroup | | 21 |<br>| 1002 | encryption | no | 20 |<br>| 1002 | icesupport | no | 19 |<br>| 1002 | force_avp | no | 18 |<br>| 1002 | avpf | no | 17 |<br>| 1002 | transport | udp,tcp,tls | 16 |<br>| 1002 | qualifyfreq | 60 | 15 |<br>| 1002 | qualify | yes | 14 |<br>| 1002 | port | 5060 | 13 |<br>| 1002 | nat | no | 12 |<br>| 1002 | type | friend | 11 |<br>| 1002 | sendrpid | no | 10 |<br>| 1002 | trustrpid | yes | 9 |<br>| 1002 | host | dynamic | 8 |<br>| 1002 | context | from-internal | 7 |<br>| 1002 | canreinvite | no | 6 |<br>| 1002 | dtmfmode | rfc2833 | 5 |<br>| 1002 | secret | 1002secret | 4 |<br>| 1002 | secret_origional | 1002secret | 3 |<br>| 1002 | sipdriver | chan_sip | 2 |<br>| 1002 | dial | SIP/1002 | 25 |<br>| 1002 | disallow | | 23 |<br>| 1002 | allow | | 24 |<br>| 1002 | accountcode | | 26 |<br>| 1002 | mailbox | 1002@device | 27 |<br>| 1002 | deny | <a href="http://0.0.0.0/0.0.0.0">0.0.0.0/0.0.0.0</a> | 28 |<br>| 1002 | permit | <a href="http://0.0.0.0/0.0.0.0">0.0.0.0/0.0.0.0</a> | 29 |<br>| 1002 | account | 1002 | 30 |<br>| 1002 | callerid | Ahmed Ramadan's Device <1002> | 31 |<br>| 1001 | disallow | | 23 |<br>| 1001 | allow | | 24 |<br>| 1001 | accountcode | | 26 |<br>| 1001 | mailbox | 1001@device | 27 |<br>| 1001 | deny | <a href="http://0.0.0.0/0.0.0.0">0.0.0.0/0.0.0.0</a> | 28 |<br>| 1001 | permit | <a href="http://0.0.0.0/0.0.0.0">0.0.0.0/0.0.0.0</a> | 29 |<br>| 1001 | account | 1001 | 30 |<br>| 1001 | callerid | Mahmoud Ramadan's Device <1001> | 31 |<br>+------+------------------+---------------------------------+-------+<br>60 rows in set (0.00 sec)<br> <br></div><div>2.Verifying that Asterisk can listen at 5050 which is the same Asterisk port configured on Kamailio.<br><br>[root@Asterisk VM 01 ~]# asterisk -r<br>Asterisk 11.13.1, Copyright (C) 1999 - 2013 Digium, Inc. and others.<br>Created by Mark Spencer <<a href="mailto:markster@digium.com">markster@digium.com</a>><br>Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.<br>This is free software, with components licensed under the GNU General Public<br>License version 2 and other licenses; you are welcome to redistribute it under<br>certain conditions. Type 'core show license' for details.<br>=========================================================================<br>Connected to Asterisk 11.13.1 currently running on Asterisk VM 01 (pid = 2456)<br>Asterisk VM 01*CLI> sip show settings<br><br><br>Global Settings:<br>----------------<br> UDP Bindaddress: <a href="http://0.0.0.0:5050">0.0.0.0:5050</a><br><br></div><div>I know it is a long message but i wanted to give you all the INFO you might need also I've attached my configuration file so you can check it.Thank you Mohamed for your assistance.<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Nov 16, 2014 at 8:25 PM, Muhammad Shahzad <span dir="ltr"><<a href="mailto:shaheryarkh@gmail.com" target="_blank">shaheryarkh@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Because both kamailio and asterisk use the same db table for authentication, see the auth_db module parameters in kamailio config.<br><br>The REGISTER request from sip user is authenticated by kamailio using auth_db module and upon success kamailio generates REGISTER request back to asterisk (using the credentials sent by sip user for authentication with kamailio), this request is now authenticated by asterisk using realtime sip users interface.<br><br></div>Thank you.<br><br><br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Nov 16, 2014 at 2:53 PM, Mahmoud Ramadan Ali <span dir="ltr"><<a href="mailto:cisco.and.more.blog@gmail.com" target="_blank">cisco.and.more.blog@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi Muhammad,<br></div>If the users MUST authenticate to Kamailio first,This means that Kamailio should be aware of the SIP users exist in the Asterisk DB to be able to authenticate them and NOT receive 401 Unauthorized error message from Kamailio.<br></div>My question now might be simple but it a point of confusion to me and it is how to tell Kamailio about the SIP users in the Asterisk DB ?!<br></div><br>Best Regards,<br><div><div><br></div></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Nov 16, 2014 at 3:01 PM, Muhammad Shahzad <span dir="ltr"><<a href="mailto:shaheryarkh@gmail.com" target="_blank">shaheryarkh@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>This seems to be fine. The user MUST authenticate to Kamailio, only then Kamailio will create REGISTER request that is send to asterisk. That's the key security feature behind the idea.<br><br></div>Look at the register architecture diagram,<br><br><a href="http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb#registration" target="_blank">http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb#registration</a><br><br></div>Thank you.<br><br><br></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Sat, Nov 15, 2014 at 10:31 PM, Mahmoud Ramadan Ali <span dir="ltr"><<a href="mailto:cisco.and.more.blog@gmail.com" target="_blank">cisco.and.more.blog@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div><div><div>Hi Dears,<br></div>I'm trying to configure Kamailio as SBC in multi home mode for Asterisk by authenticating the inbound SIP registration requests,i'm following this tutorial <a href="http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb" target="_blank">http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb</a> to achieve this goal. i have modified the necessary changes like the Asterisk DB URL and the SIP table name and Username and password column and verified the connection.<br><br></div><div>My topology like this <b>Asterisk (192.168.100.10) <span style="color:rgb(255,0,0)"><span style="background-color:rgb(255,255,255)"> <----Internal:192.168.100.1---->Kamailio<---External:192.168.50.1-----> </span></span>SIP Phone (192.168.50.2)</b><br></div>But when trying to register a SIP phone Kamailio does NOT forward the authentication request to Asterisk and sends 401 Unauthorized error message.I've attached my config file if any one wants to check it and thanks in advance.<br></div><div>Best Regards<br></div><div><br><br>U <a href="http://192.168.50.2:37297" target="_blank">192.168.50.2:37297</a> -> <a href="http://192.168.50.1:5060" target="_blank">192.168.50.1:5060</a><br>REGISTER sip:192.168.50.1;transport=UDP SIP/2.0.<br>Via: SIP/2.0/UDP 192.168.50.2:37297;branch=z9hG4bK-d8754z-a46e0c7c9d98fe52-1---d8754z-;rport;transport=UDP.<br>Max-Forwards: 70.<br>Contact: <sip:1001@192.168.50.2:37297;rinstance=1d7c44dbcb8a7a2f;transport=UDP>.<br>To: <<a href="mailto:sip%3A1001@192.168.50.1" target="_blank">sip:1001@192.168.50.1</a>;transport=UDP>.<br>From: <<a href="mailto:sip%3A1001@192.168.50.1" target="_blank">sip:1001@192.168.50.1</a>;transport=UDP>;tag=1d222e19.<br>Call-ID: NTc2NDBjMGQ2YWFmZjdmNWI0MzVmN2Y4NzYyODJlMTc..<br>CSeq: 2 REGISTER.<br>Expires: 70.<br>Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE.<br>Supported: replaces, norefersub, extended-refer, timer, X-cisco-serviceuri.<br>User-Agent: Z 3.2.21357 r21367.<br>Authorization: Digest username="1001",realm="192.168.50.1",nonce="VGfAuFRnv4wMvoTG7wA9tqYD9fgZDe3D",uri="sip:192.168.50.1;transport=UDP",response="8bbd01d879250585eafee4f510689f73",algorithm=MD5.<br>Allow-Events: presence, kpml.<br>Content-Length: 0.<br>#<br>U <a href="http://192.168.50.1:5060" target="_blank">192.168.50.1:5060</a> -> <a href="http://192.168.50.2:37297" target="_blank">192.168.50.2:37297</a><br>SIP/2.0 401 Unauthorized.<br>Via: SIP/2.0/UDP 192.168.50.2:37297;branch=z9hG4bK-d8754z-a46e0c7c9d98fe52-1---d8754z-;rport=37297;transport=UDP.<br>To: <<a href="mailto:sip%3A1001@192.168.50.1" target="_blank">sip:1001@192.168.50.1</a>;transport=UDP>;tag=b27e1a1d33761e85846fc98f5f3a7e58.fe8b.<br>From: <<a href="mailto:sip%3A1001@192.168.50.1" target="_blank">sip:1001@192.168.50.1</a>;transport=UDP>;tag=1d222e19.<br>Call-ID: NTc2NDBjMGQ2YWFmZjdmNWI0MzVmN2Y4NzYyODJlMTc..<br>CSeq: 2 REGISTER.<br>WWW-Authenticate: Digest realm="192.168.50.1", nonce="VGfAuFRnv4wMvoTG7wA9tqYD9fgZDe3D".<br>Server: kamailio (4.1.6 (i386/linux)).<br>Content-Length: 0.<br></div></div>
<br></div></div>_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br></div>