[Serusers] configure SER to work as a gateway

"Martínez García, Rebeca" remartinez at indra.es
Fri Jan 15 12:41:59 CET 2010


Authentication in my upstream server is a MUST in my case and I cannot disable it, sorry. 
In fact I would be going against the standards for what I am configuring if I disabled authentication.

I only wanted SER for the special case of internal calls inside a private LAN, but I am realising it is not as simple
as I though it would be.

In any case, thanks for the support.

Regards,
Rebeca Martínez

-----Mensaje original-----
De: rupert.organ at bt.com [mailto:rupert.organ at bt.com]
Enviado el: vie 15/01/2010 12:06
Para: Martínez García, Rebeca
Asunto: RE: [Serusers] configure SER to work as a gateway
 
Not that I know of... 
 
Anyway, we had the same problem....but solved it by disabling authentication on the upstream server.
 
After all...you are now in a "trusted zone"....you have successfully "auth challenged" on the SER...so no need to do it twice....SER  "IS" the Registrar, thats what it is designed to be....an architecture with 2 Registrars is not good.
 
If you can turn off auth on the upstream server then this is best. When you t_replicate Registers SER just ignores the 200ok back from the upstream server....after all it is just sending the register as a courtesy gesture. 
 
Rupert

________________________________

From: "Martínez García, Rebeca" [mailto:remartinez at indra.es] 
Sent: 15 January 2010 10:54
To: Organ,RJE,Rupert,DRK R
Cc: serusers at lists.iptel.org; "Huertas García, Victor"
Subject: RE: [Serusers] configure SER to work as a gateway




Hi all,

Rupert you were right, SER does not permit to save the location based on the reg of a different upstream server; which means
that I have to make "save_contacts("location") when SER receives the REGISTER.
However, as it then sends directly to my client a 200 OK, when the client receives the "401 Unauthorized" error from my server,
it does not authenticate with it because it has received a previous 200 OK (from SER...).

So, here is my question: Is it possible to make SER not send a 200 OK when saving the location of the user?
(I am only asking because I do not know).

Thanks in advance,
Rebeca Martinez

-----Mensaje original-----
De: rupert.organ at bt.com [mailto:rupert.organ at bt.com]
Enviado el: lun 11/01/2010 12:37
Para: Martínez García, Rebeca
Asunto: RE: [Serusers] configure SER to work as a gateway

Rebeca,

i am not an expert, but if I had to guess...then i would guess it would be because there is no contacts in the 200 to a Register.

In our ser.cfg we     save("location");  after testing      if (method=="REGISTER") {

but I can see that you are making registration and saving of info into location dependent on successful reg on a different upstream server. I do not think that is possible because you need to make the decision to save into location based on the reg that SER has received...and not based on the response of an upstream element....but if I am wrong I would be interested in the answer...

Rupert

________________________________

From: "Martínez García, Rebeca" [mailto:remartinez at indra.es]
Sent: 11 January 2010 11:21
To: Organ,RJE,Rupert,DRK R
Cc: serusers at lists.iptel.org; "Huertas García, Victor"
Subject: RE: [Serusers] configure SER to work as a gateway




Hi all,

Thanks Rupert for your answer, I realise that my explanation was not very clear but the scenario I am
working into is a little bit complex.

Finally, I have decided to change my configuration and make the client sends its REGISTER message to
SER and then it will forward the same message to my Server. However, the Server carries out the authentication
process (I can not change it), so SER has to save the location contact after the client is authenticated in the Server.

My function for the REGISTER message in SER is the following one:

route[REGISTER]
{
        t_newtran();  
        # send the register to the proxy
                rewritehostport("open-ims.test:4060");
                t_on_reply("REGISTER_reply");
                #t_on_failure("REGISTER_failure");
                if (!t_relay()) {
                        sl_send_reply("500","Error forwarding to P-CSCF");
                        break;
                }
}
onreply_route[REGISTER_reply]
{     
        if (t_check_status("401")){   
                log(-1, "A response from the P-CSCF!");
                break;
        }
        if (t_check_status("200")){
                log(-1, "User registered in the IMS Core!");
                save_contacts("location");
                break;
        }
}

But SER does not start. It shows this error:

cng at cng:~$ sudo /etc/init.d/ser start -P /var/run/ser/ser.pid
Starting ser: ser 0(2545) parse error (147,19-20): Command cannot be used in the block

I have checked where is the error and it complains about the "save_contacts("location"))", but I
do not know why I can not use it inside the onreply_route.

Thanks in advance,
Rebeca Martinez

-----Mensaje original-----
De: rupert.organ at bt.com [mailto:rupert.organ at bt.com]
Enviado el: vie 08/01/2010 15:03
Para: Martínez García, Rebeca
Asunto: RE: [Serusers] configure SER to work as a gateway

Hi Rebeca,

I think I understand what you are trying to do, albeit you describe it in a strange way.

SER is designed to be a Registrar / SIP Proxy.

It is not designed to proxy REGISTER messages.

However I had to interface it to a SIP Application Server that wanted to see the REGISTER messages. However SER was my REGISTRAR and performed my security / authentication.

Therefore I filter on the REGISTER messages using

 if (method=="REGISTER") {

after doing the auth challenge in the ser.cfg, and after doing an eNum lookup and some user agent field checks I simply t_replicate the REGISTER.

i.e. t_replicate("rebeca.node.es.com", "5060");

or if you do not use DNS

 t_replicate("10.1.x.y", "5060");

Note this replication does not include the auth challenge....but it satisfys my SIP app server functionality nicely,

Also you can overwrite the useragent field if you wish...

e.g. if (subst_uri("/;userAgent=rupert")) {
                        subst('/^User-Agent:.*$/User-Agent: Rebeca/ig');

Good luck

Rupert




________________________________

From: serusers-bounces at lists.iptel.org [mailto:serusers-bounces at lists.iptel.org] On Behalf Of "Martínez García, Rebeca"
Sent: 08 January 2010 11:52
To: serusers at lists.iptel.org
Cc: "Huertas García, Victor"
Subject: [Serusers] configure SER to work as a gateway




Hello all,

Solved the installation problem I had, now I am trying to configure SER in a certain way.
My configuration is the following one:

Client ------------------------- SER ---------------------------- Server/Proxy
192.168.x.x         192.168.x.y       10.1.x.x           10.1.x.y

Unlike the normal case where SER is used as the Registrar, my client (in a private LAN) must register in a Server/Proxy
and SER has to act as a SIP gateway. However, at the same time, SER has to register locally this client (for internal calls).

So, put in other words, SER should forward the REGISTER message (directed from the client to the Server/Proxy) and save locally the
location of that client. Once registered the user, SER should act as a transparent proxy.

But in the practice, it does nothing if I put that the client registers in the Server/Proxy. The messages reach SER but it does not
forward them, nor it registers locally the clients.
So I tried configuring the client to register in SER instead of the Server/Proxy and then SER started to work.

Is a listening problem? What I have to include to the ser.cfg so SER handles also messages which are not directed to it but to the Server/Proxy?
I hope somebody could help me.

Thanks in advance,
Rebeca Martinez









-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.iptel.org/pipermail/serusers/attachments/20100115/1316943a/attachment.htm>


More information about the Serusers mailing list