Bogdan, I had a look at: http://www.opensips.org/html/docs/modules/1.9.x/auth.html#id250176 and I read what it said. Does this mean that anyone that knows my nonce can make a call and get through to my OpenSipS or is it only an issue if we have multiple boxes?
Regards, Dovid -----Original Message----- From: Bogdan-Andrei Iancu [mailto:[email protected]] Sent: Tuesday, February 12, 2013 10:45 To: OpenSIPS users mailling list Cc: Dovid Bender Subject: Re: [OpenSIPS-Users] Why is OpenSipS sending a 407 Hi Dovid, Because by default, the nonce re-usage is turn on in auth module - which means a nonce can be used for only a single auth processing! and in your case, same nonce is used in 2 auth cases. What you can do: 1) make processing in script stateful, so that the second SUBSCRIBE will be seen as a retransmission and will not hit the auth - use t_newtran() before the auth part. 2) disable the check for nonce reusage - see http://www.opensips.org/html/docs/modules/1.9.x/auth.html#id250176 Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer http://www.opensips-solutions.com On 02/11/2013 09:08 PM, Dovid Bender wrote: > Hi, > > Our set up is this: > Client -> OpenSipS -> Custom BLF service (on port 5080). > > In the DP we have: > if ( method == "MESSAGE" || method == "NOTIFY" || method == > "SUBSCRIBE" || method == "UNSUBSCRIBE" ) { > rewritehostport( "127.0.0.1:5080" ); > route( 2 ); > exit; > > Now we have some kind of issue with our BLF service where there is a delay > on the response from it. This causes the phone to send another SUBSCRIBE. > Here is what happens. > > 1) Phone (SUBSCRIBE) -> OpenSips > 2) Phone<- (407 with nonce) OpenSIpS > 3) Phone (SUBSCRIBE WITH nonce) -> OpenSips > 4) OpenSips -> Custom BLF service (port 5080) > There is no response and OpenSipS sends it again to port 5080 > 5) OpenSips -> Custom BLF service (port 5080) > 6) Phone (SUBSCRIBE WITH same nonce as earlier) -> OpenSips > 7) Phone<- (407 with NEW nonce) OpenSIpS > 8) OpenSipS<- (100 trying) Custom BLF Service > 9) OpenSIpS<- (200 OK) Custom BLF service > 10) Phone<- (200 OK) OpenSiPS > It seems that #9 and #10 are a result of #3. My question is why when the > phone sends the subscribe again in #6 does OpenSipS respond with a new nonce > and not to wait or something else along those lines. Yes I am using a really > old version 1.4.4. > > Please see an ngrep trace below. > > > > U 2013/02/11 12:04:11.011210 67.198.80.143:22413 -> 203.144.218.9:5060 > SUBSCRIBE sip:[email protected] SIP/2.0. > Via: SIP/2.0/UDP 10.0.0.102;branch=z9hG4bKbf285746A6088D1F. > From: "John Doe"<sip:[email protected]>;tag=892B04F3-2D3963A0. > To:<sip:[email protected]>. > CSeq: 1 SUBSCRIBE. > Call-ID: [email protected]. > Contact:<sip:[email protected]>. > Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, > PRACK, UPDATE, REFER. > Event: dialog. > User-Agent: PolycomSoundPointIP-SPIP_550-UA/3.3.3.0069. > Accept-Language: en. > Accept: application/dialog-info+xml. > Max-Forwards: 70. > Expires: 120. > Content-Length: 0. > . > > > > > U 2013/02/11 12:04:11.011693 203.144.218.9:5060 -> 67.198.80.143:22413 > SIP/2.0 407 Proxy Authentication Required. > Via: SIP/2.0/UDP > 10.0.0.102;branch=z9hG4bKbf285746A6088D1F;rport=22413;received=67.198.80.143 > . > From: "John Doe"<sip:[email protected]>;tag=892B04F3-2D3963A0. > To: > <sip:[email protected]>;tag=3cedc95538ff95eef7f88d49489ad924.2130 > . > CSeq: 1 SUBSCRIBE. > Call-ID: [email protected]. > Proxy-Authenticate: Digest realm="nyc-02.mydomain.net", > nonce="511924a900005c1ba157752dafbb90e3ea950be45fe6a055". > Server: PBX_MANAGER. > Content-Length: 0. > Warning: 392 203.144.218.9:5060 "Noisy feedback tells: pid=12565 > req_src_ip=67.198.80.143 req_src_port=22413 > in_uri=sip:[email protected] > out_uri=sip:[email protected] via_cnt==1". > . > > > > > U 2013/02/11 12:04:11.036514 67.198.80.143:22413 -> 203.144.218.9:5060 > SUBSCRIBE sip:[email protected] SIP/2.0. > Via: SIP/2.0/UDP 10.0.0.102;branch=z9hG4bKe11f68b965DEA98. > From: "John Doe"<sip:[email protected]>;tag=892B04F3-2D3963A0. > To:<sip:[email protected]>. > CSeq: 2 SUBSCRIBE. > Call-ID: [email protected]. > Contact:<sip:[email protected]>. > Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, > PRACK, UPDATE, REFER. > Event: dialog. > User-Agent: PolycomSoundPointIP-SPIP_550-UA/3.3.3.0069. > Accept-Language: en. > Accept: application/dialog-info+xml. > Proxy-Authorization: Digest username="51810401", > realm="nyc-02.mydomain.net", > nonce="511924a900005c1ba157752dafbb90e3ea950be45fe6a055", > uri="sip:[email protected]", > response="579c8a1809c8e4bc1d88c9b070185b11", algorithm=MD5. > Max-Forwards: 70. > Expires: 120. > Content-Length: 0. > . > > > > > U 2013/02/11 12:04:11.037479 203.144.218.9:5060 -> 127.0.0.1:5080 > SUBSCRIBE sip:[email protected]:5080;transport=udp SIP/2.0. > Record-Route:<sip:203.144.218.9;lr=on;ftag=892B04F3-2D3963A0>. > Via: SIP/2.0/UDP 203.144.218.9;branch=z9hG4bK315.0ca86cc.0. > Via: SIP/2.0/UDP > 10.0.0.102;rport=22413;received=67.198.80.143;branch=z9hG4bKe11f68b965DEA98. > From: "John Doe"<sip:[email protected]>;tag=892B04F3-2D3963A0. > To:<sip:[email protected]>. > CSeq: 2 SUBSCRIBE. > Call-ID: [email protected]. > Contact:<sip:[email protected]:22413>. > Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, > PRACK, UPDATE, REFER. > Event: dialog. > User-Agent: PolycomSoundPointIP-SPIP_550-UA/3.3.3.0069. > Accept-Language: en. > Accept: application/dialog-info+xml. > Proxy-Authorization: Digest username="51810401", > realm="nyc-02.mydomain.net", > nonce="511924a900005c1ba157752dafbb90e3ea950be45fe6a055", > uri="sip:[email protected]", > response="579c8a1809c8e4bc1d88c9b070185b11", algorithm=MD5. > Max-Forwards: 69. > Expires: 120. > Content-Length: 0. > X-Enswitch-RURI: sip:[email protected]. > X-Enswitch-Source: 67.198.80.143:22413. > . > > > > > U 2013/02/11 12:04:11.528263 203.144.218.9:5060 -> 127.0.0.1:5080 > SUBSCRIBE sip:[email protected]:5080;transport=udp SIP/2.0. > Record-Route:<sip:203.144.218.9;lr=on;ftag=892B04F3-2D3963A0>. > Via: SIP/2.0/UDP 203.144.218.9;branch=z9hG4bK315.0ca86cc.0. > Via: SIP/2.0/UDP > 10.0.0.102;rport=22413;received=67.198.80.143;branch=z9hG4bKe11f68b965DEA98. > From: "John Doe"<sip:[email protected]>;tag=892B04F3-2D3963A0. > To:<sip:[email protected]>. > CSeq: 2 SUBSCRIBE. > Call-ID: [email protected]. > Contact:<sip:[email protected]:22413>. > Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, > PRACK, UPDATE, REFER. > Event: dialog. > User-Agent: PolycomSoundPointIP-SPIP_550-UA/3.3.3.0069. > Accept-Language: en. > Accept: application/dialog-info+xml. > Proxy-Authorization: Digest username="51810401", > realm="nyc-02.mydomain.net", > nonce="511924a900005c1ba157752dafbb90e3ea950be45fe6a055", > uri="sip:[email protected]", > response="579c8a1809c8e4bc1d88c9b070185b11", algorithm=MD5. > Max-Forwards: 69. > Expires: 120. > Content-Length: 0. > X-Enswitch-RURI: sip:[email protected]. > X-Enswitch-Source: 67.198.80.143:22413. > . > > > > > U 2013/02/11 12:04:11.615394 67.198.80.143:22413 -> 203.144.218.9:5060 > SUBSCRIBE sip:[email protected] SIP/2.0. > Via: SIP/2.0/UDP 10.0.0.102;branch=z9hG4bKe11f68b965DEA98. > From: "John Doe"<sip:[email protected]>;tag=892B04F3-2D3963A0. > To:<sip:[email protected]>. > CSeq: 2 SUBSCRIBE. > Call-ID: [email protected]. > Contact:<sip:[email protected]>. > Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, > PRACK, UPDATE, REFER. > Event: dialog. > User-Agent: PolycomSoundPointIP-SPIP_550-UA/3.3.3.0069. > Accept-Language: en. > Accept: application/dialog-info+xml. > Proxy-Authorization: Digest username="51810401", > realm="nyc-02.mydomain.net", > nonce="511924a900005c1ba157752dafbb90e3ea950be45fe6a055", > uri="sip:[email protected]", > response="579c8a1809c8e4bc1d88c9b070185b11", algorithm=MD5. > Max-Forwards: 70. > Expires: 120. > Content-Length: 0. > . > > > > > U 2013/02/11 12:04:11.615986 203.144.218.9:5060 -> 67.198.80.143:22413 > SIP/2.0 407 Proxy Authentication Required. > Via: SIP/2.0/UDP > 10.0.0.102;branch=z9hG4bKe11f68b965DEA98;rport=22413;received=67.198.80.143. > From: "John Doe"<sip:[email protected]>;tag=892B04F3-2D3963A0. > To: > <sip:[email protected]>;tag=3cedc95538ff95eef7f88d49489ad924.aec3 > . > CSeq: 2 SUBSCRIBE. > Call-ID: [email protected]. > Proxy-Authenticate: Digest realm="nyc-02.mydomain.net", > nonce="511924a900005c69243e513a5c63be6043071b3f968afd87". > Server: PBX_MANAGER. > Content-Length: 0. > Warning: 392 203.144.218.9:5060 "Noisy feedback tells: pid=12566 > req_src_ip=67.198.80.143 req_src_port=22413 > in_uri=sip:[email protected] > out_uri=sip:[email protected] via_cnt==1". > . > > > > > U 2013/02/11 12:04:11.809258 127.0.0.1:5080 -> 203.144.218.9:5060 > SIP/2.0 100 Trying. > Via: SIP/2.0/UDP 203.144.218.9;branch=z9hG4bK315.0ca86cc.0. > Via: SIP/2.0/UDP > 10.0.0.102;rport=22413;received=67.198.80.143;branch=z9hG4bKe11f68b965DEA98. > From: "John Doe"<sip:[email protected]>;tag=892B04F3-2D3963A0. > To:<sip:[email protected]>. > Call-ID: [email protected]. > CSeq: 2 SUBSCRIBE. > User-Agent: Enswitch SIP server. > Content-Length: 0. > . > > > > > U 2013/02/11 12:04:11.818491 127.0.0.1:5080 -> 203.144.218.9:5060 > SIP/2.0 200 OK. > Via: SIP/2.0/UDP 203.144.218.9;branch=z9hG4bK315.0ca86cc.0. > Via: SIP/2.0/UDP > 10.0.0.102;rport=22413;received=67.198.80.143;branch=z9hG4bKe11f68b965DEA98. > From: "John Doe"<sip:[email protected]>;tag=892B04F3-2D3963A0. > To:<sip:[email protected]>;tag=13606022516209. > Call-ID: [email protected]. > CSeq: 2 SUBSCRIBE. > Expires: 120. > Contact:<sip:[email protected]>. > User-Agent: Enswitch SIP server. > Content-Length: 0. > . > > > > > U 2013/02/11 12:04:11.818654 203.144.218.9:5060 -> 67.198.80.143:22413 > SIP/2.0 200 OK. > Via: SIP/2.0/UDP > 10.0.0.102;rport=22413;received=67.198.80.143;branch=z9hG4bKe11f68b965DEA98. > From: "John Doe"<sip:[email protected]>;tag=892B04F3-2D3963A0. > To:<sip:[email protected]>;tag=13606022516209. > Call-ID: [email protected]. > CSeq: 2 SUBSCRIBE. > Expires: 120. > Contact:<sip:[email protected]>. > User-Agent: Enswitch SIP server. > Content-Length: 0. > . > > > > > U 2013/02/11 12:04:11.841756 203.144.218.9:46866 -> 203.144.218.9:5060 > NOTIFY sip:[email protected]:5060 SIP/2.0. > Via: SIP/2.0/UDP 127.0.0.1. > From:<sip:[email protected]>;tag=13606022516209. > To:<sip:[email protected]>;tag=892B04F3-2D3963A0. > Contact:<sip:[email protected]>. > Call-ID: [email protected]. > CSeq: 480931435 NOTIFY. > User-Agent: Enswitch presence server. > Event: dialog. > Subscription-State: active;expires=119. > Content-Type: application/dialog-info+xml. > Content-Length: 379. > . > <?xml version="1.0" encoding="UTF-8"?> > <dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" version="0" > state="full" entity="sip:[email protected]"> > <dialog id="51810401" direction="recipient"> > <state>terminated</state> > <local> > <identity>sip:[email protected]</identity> > </local> > <remote> > <identity></identity> > </remote> > </dialog> > </dialog-info> > > > > > U 2013/02/11 12:04:11.842822 203.144.218.9:5060 -> 67.198.80.143:22413 > NOTIFY sip:[email protected] SIP/2.0. > Max-Forwards: 10. > Record-Route:<sip:203.144.218.9;lr=on;ftag=13606022516209>. > Via: SIP/2.0/UDP 203.144.218.9;branch=z9hG4bK0509.b94f1f21.0. > Via: SIP/2.0/UDP 127.0.0.1;rport=46866;received=203.144.218.9. > From:<sip:[email protected]>;tag=13606022516209. > To:<sip:[email protected]>;tag=892B04F3-2D3963A0. > Contact:<sip:[email protected]>. > Call-ID: [email protected]. > CSeq: 480931435 NOTIFY. > User-Agent: Enswitch presence server. > Event: dialog. > Subscription-State: active;expires=119. > Content-Type: application/dialog-info+xml. > Content-Length: 379. > X-Enswitch-RURI: sip:[email protected]:5060. > X-Enswitch-Source: 203.144.218.9:46866. > . > <?xml version="1.0" encoding="UTF-8"?> > <dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" version="0" > state="full" entity="sip:[email protected]"> > <dialog id="51810401" direction="recipient"> > <state>terminated</state> > <local> > <identity>sip:[email protected]</identity> > </local> > <remote> > <identity></identity> > </remote> > </dialog> > </dialog-info> > > > > > U 2013/02/11 12:04:11.865256 67.198.80.143:22413 -> 203.144.218.9:5060 > SIP/2.0 481 Call Leg/Transaction Does Not Exist. > Via: SIP/2.0/UDP 203.144.218.9;branch=z9hG4bK0509.b94f1f21.0. > Via: SIP/2.0/UDP 127.0.0.1;rport=46866;received=203.144.218.9. > From:<sip:[email protected]>;tag=13606022516209. > To:<sip:[email protected]>;tag=892B04F3-2D3963A0. > CSeq: 480931435 NOTIFY. > Call-ID: [email protected]. > Record-Route:<sip:203.144.218.9;lr=on;ftag=13606022516209>. > Event: dialog. > User-Agent: PolycomSoundPointIP-SPIP_550-UA/3.3.3.0069. > Accept-Language: en. > Content-Length: 0. > . > > > > > U 2013/02/11 12:04:11.865428 203.144.218.9:5060 -> 203.144.218.9:46866 > SIP/2.0 481 Call Leg/Transaction Does Not Exist. > Via: SIP/2.0/UDP 127.0.0.1;rport=46866;received=203.144.218.9. > From:<sip:[email protected]>;tag=13606022516209. > To:<sip:[email protected]>;tag=892B04F3-2D3963A0. > CSeq: 480931435 NOTIFY. > Call-ID: [email protected]. > Record-Route:<sip:203.144.218.9;lr=on;ftag=13606022516209>. > Event: dialog. > User-Agent: PolycomSoundPointIP-SPIP_550-UA/3.3.3.0069. > Accept-Language: en. > Content-Length: 0. > . > > > > > U 2013/02/11 12:04:12.271287 127.0.0.1:5080 -> 203.144.218.9:5060 > SIP/2.0 100 Trying. > Via: SIP/2.0/UDP 203.144.218.9;branch=z9hG4bK315.0ca86cc.0. > Via: SIP/2.0/UDP > 10.0.0.102;rport=22413;received=67.198.80.143;branch=z9hG4bKe11f68b965DEA98. > From: "John Doe"<sip:[email protected]>;tag=892B04F3-2D3963A0. > To:<sip:[email protected]>. > Call-ID: [email protected]. > CSeq: 2 SUBSCRIBE. > User-Agent: Enswitch SIP server. > Content-Length: 0. > . > > > > > U 2013/02/11 12:04:12.279134 127.0.0.1:5080 -> 203.144.218.9:5060 > SIP/2.0 200 OK. > Via: SIP/2.0/UDP 203.144.218.9;branch=z9hG4bK315.0ca86cc.0. > Via: SIP/2.0/UDP > 10.0.0.102;rport=22413;received=67.198.80.143;branch=z9hG4bKe11f68b965DEA98. > From: "John Doe"<sip:[email protected]>;tag=892B04F3-2D3963A0. > To:<sip:[email protected]>;tag=13606022526514. > Call-ID: [email protected]. > CSeq: 2 SUBSCRIBE. > Expires: 120. > Contact:<sip:[email protected]>. > User-Agent: Enswitch SIP server. > Content-Length: 0. > . > > > > > U 2013/02/11 12:04:12.299347 203.144.218.9:35600 -> 203.144.218.9:5060 > NOTIFY sip:[email protected]:5060 SIP/2.0. > Via: SIP/2.0/UDP 127.0.0.1. > From:<sip:[email protected]>;tag=13606022526514. > To:<sip:[email protected]>;tag=892B04F3-2D3963A0. > Contact:<sip:[email protected]>. > Call-ID: [email protected]. > CSeq: 480931448 NOTIFY. > User-Agent: Enswitch presence server. > Event: dialog. > Subscription-State: active;expires=119. > Content-Type: application/dialog-info+xml. > Content-Length: 379. > . > <?xml version="1.0" encoding="UTF-8"?> > <dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" version="0" > state="full" entity="sip:[email protected]"> > <dialog id="51810401" direction="recipient"> > <state>terminated</state> > <local> > <identity>sip:[email protected]</identity> > </local> > <remote> > <identity></identity> > </remote> > </dialog> > </dialog-info> > > > > > U 2013/02/11 12:04:12.300172 203.144.218.9:5060 -> 67.198.80.143:22413 > NOTIFY sip:[email protected] SIP/2.0. > Max-Forwards: 10. > Record-Route:<sip:203.144.218.9;lr=on;ftag=13606022526514>. > Via: SIP/2.0/UDP 203.144.218.9;branch=z9hG4bK9509.edab2244.0. > Via: SIP/2.0/UDP 127.0.0.1;rport=35600;received=203.144.218.9. > From:<sip:[email protected]>;tag=13606022526514. > To:<sip:[email protected]>;tag=892B04F3-2D3963A0. > Contact:<sip:[email protected]>. > Call-ID: [email protected]. > CSeq: 480931448 NOTIFY. > User-Agent: Enswitch presence server. > Event: dialog. > Subscription-State: active;expires=119. > Content-Type: application/dialog-info+xml. > Content-Length: 379. > X-Enswitch-RURI: sip:[email protected]:5060. > X-Enswitch-Source: 203.144.218.9:35600. > . > <?xml version="1.0" encoding="UTF-8"?> > <dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" version="0" > state="full" entity="sip:[email protected]"> > <dialog id="51810401" direction="recipient"> > <state>terminated</state> > <local> > <identity>sip:[email protected]</identity> > </local> > <remote> > <identity></identity> > </remote> > </dialog> > </dialog-info> > > > > > U 2013/02/11 12:04:12.321247 67.198.80.143:22413 -> 203.144.218.9:5060 > SIP/2.0 481 Call Leg/Transaction Does Not Exist. > Via: SIP/2.0/UDP 203.144.218.9;branch=z9hG4bK9509.edab2244.0. > Via: SIP/2.0/UDP 127.0.0.1;rport=35600;received=203.144.218.9. > From:<sip:[email protected]>;tag=13606022526514. > To:<sip:[email protected]>;tag=892B04F3-2D3963A0. > CSeq: 480931448 NOTIFY. > Call-ID: [email protected]. > Record-Route:<sip:203.144.218.9;lr=on;ftag=13606022526514>. > Event: dialog. > User-Agent: PolycomSoundPointIP-SPIP_550-UA/3.3.3.0069. > Accept-Language: en. > Content-Length: 0. > . > > > > > U 2013/02/11 12:04:12.321354 203.144.218.9:5060 -> 203.144.218.9:35600 > SIP/2.0 481 Call Leg/Transaction Does Not Exist. > Via: SIP/2.0/UDP 127.0.0.1;rport=35600;received=203.144.218.9. > From:<sip:[email protected]>;tag=13606022526514. > To:<sip:[email protected]>;tag=892B04F3-2D3963A0. > CSeq: 480931448 NOTIFY. > Call-ID: [email protected]. > Record-Route:<sip:203.144.218.9;lr=on;ftag=13606022526514>. > Event: dialog. > User-Agent: PolycomSoundPointIP-SPIP_550-UA/3.3.3.0069. > Accept-Language: en. > Content-Length: 0. > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
