Asterisk: 1.4.17 with sip realtime Openser 1.3.x Hi,
I had this setup working fine until I try putting OpenSER in the picture as a proxy. Unauthenticated calls go to a PRI based app via a ZAP channel, calls to sip users get send to them etc. Now with a proxy in the picture asterisk asks the incoming calls for authentication "407 Proxy Authentication Required". It seems that the sip channel matching is based only on source IP address instead of also checking the contact: header as mentioned in the O'Reilly book. According to Asterisk 2nd edition it says about insecure "... If you set insecure=invite, you'll determine which peer to match on by comparing the IP address or hostname and port number to those provided in the contact field of the SIP header with the host and port options in sip.conf. If a match is found, authentication will not be required on the initial INVITE, and the call will be allowed." The funny thing is that if I do a 'sip reload' and receive a call from one my DIDs through the provider it goes to the default context when received through OpenSER as expected. But once a sip realtime user makes a call it will match their peer instead of the one specified with the provider's Ip address. I've seen this in my logs after turning on sip debugging, it looks like different users get matched based on the sort of the sip peers list (which can change based on how long ago a reload was done and who has been active because of sip realtime). [Mar 24 17:04:23] Sending to 74.x.x.x : 5060 (no NAT) [Mar 24 17:04:23] Using INVITE request as basis request - [EMAIL PROTECTED] [Mar 24 17:04:23] Found peer 'some_peer' The sip users have their host=ip_of_openser so I can understand why it would get confused if it didn't check the contact header for clairification since a call is also coming from that source IP address when proxied through openser. Maybe I'm approaching this from the wrong direction, anyone have any ideas? Mike [privider1a] type=peer host=67.x.x.x insecure=invite,port context=default qualify=999 [provider1a] type=peer host=67.x.x.x insecure=invite,port context=default qualify=999 [provider2] type=peer ;host=sip.provider2.com host=64.x.x.x insecure=invite,port context=default qualify=999 _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users