<div dir="ltr">Hi All<br><br>Wow, thanks so much for the conversation on sorting this out.<br><br>I think you are right, it is likely a session timer issue.<br><br>I found this tag on the 200 ok from the carrier:<br><br>Session-Expires: 300;refresher=uas<br><div class="gmail_extra"><br></div><div class="gmail_extra">It may not help anything but I would like to try setting the <span style="font-size:12.8000001907349px">session-timer = refuse as </span><span style="font-size:12.8000001907349px">Michael suggested.</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">I did a search for how to do this and came up empty, didn't see in the SST module. I think I may be missing something simple.</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">Could any one tell me how to set this up?</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">Thanks again to every one.</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">All the best.</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">Will Ferrer</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">Switchsoft</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span><div class="gmail_quote">On Thu, Feb 19, 2015 at 10:10 AM, Alex Balashov <span dir="ltr"><<a href="mailto:abalashov@evaristesys.com" target="_blank">abalashov@evaristesys.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi,<span class=""><br>
<br>
On 02/19/2015 12:59 PM, Andres wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
We have struggled with this issue ourselves. The problem was that we<br>
did not want our SIP server to behave like an open relay. We were<br>
seeing that the session-timer Re-Invites have a Request-URI with the IP<br>
of the other<br>
endpoint instead of the Proxy. If the SIP server is an open relay then<br>
no problem, but ours is not so the config file was very strict and<br>
dropped the Re-Invite (since the Request-URI had an external IP) thus<br>
dropping the call. The config file could be enhanced by testing for<br>
has_totag() since the Re-Invite has the totag but an original Invite<br>
does not, but the hacker could put a bogus totag and make calls so its<br>
more secure to leave it this way. We ended up disabling session-timers<br>
at some our clients PBXs. Its always a balancing act between<br>
convenience/services and more security. We chose more security.<br>
</blockquote>
<br></span>
>From a SIP point of view, this is a strange position to take. An "open relay" is an idea that normally applies to the unrestricted relay of _initial_ requests to foreign domains. Requests flowing within a dialog (i.e. loose-routed) are _supposed_ to have an RURI pointing to the endpoint's domain: this is known as the "remote target" of a dialog, and is set by the Contact URI of both dialog parties.<br>
<br>
I suppose it's true that one could compel your proxy to relay a sequential request (like a reinvite) to any domain by including a Route header and a To-tag, but what effect would this have on the far-end UA? It would not match the spoofed request to an existing dialog.<span class=""><font color="#888888"><br>
<br>
-- Alex<br>
<br>
-- <br>
Alex Balashov - Principal<br>
Evariste Systems LLC<br>
235 E Ponce de Leon Ave<br>
Suite 106<br>
Decatur, GA 30030<br>
United States<br>
<br>
Tel: <a href="tel:%2B1-678-954-0670" value="+16789540670" target="_blank">+1-678-954-0670</a><br>
Web: <a href="http://www.evaristesys.com/" target="_blank">http://www.evaristesys.com/</a>, <a href="http://www.alexbalashov.com/" target="_blank">http://www.alexbalashov.com/</a></font></span><div class=""><div class="h5"><br>
<br>
______________________________<u></u>_________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/<u></u>cgi-bin/mailman/listinfo/sr-<u></u>users</a><br>
</div></div></blockquote></div><br></div></div>