presence blf

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

presence blf

Slava Bendersky-2
Hello Everyone,
I am trying make BLF working and how opensips should handle PUBLISH where server reply 407 ?
Do we need forward to end point ?
Opensips send PUBLISH then 3CX send 407 and conversation done.
Here some trace

[root@aitossbc01 ~]# cat BLF.txt
2018/10/25 12:22:19.148093 10.100.104.10:5060 -> 10.2.24.124:5060
PUBLISH sip:[hidden email]:5060 SIP/2.0
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
To: sip:[hidden email]:5060
From: <sip:[hidden email]:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
Call-ID: 0324183200c79905-20534@10.100.104.10
Max-Forwards: 70
Content-Length: 549
User-Agent: OpenSIPS (3.0.0-dev (x86_64/linux))
Event: dialog
Expires: 3601
Content-Type: application/dialog-info+xml

<?xml version="1.0"?>
<dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" state="partial" entity="sip:[hidden email]:5060"><dialog id="0_3095066305@192.168.88.146" call-id="0_3095066305@192.168.88.146" direction="recipient"><state>confirmed</state><remote><identity>sip:[hidden email]:5060</identity><target uri="sip:[hidden email]:5060"/></remote><local><identity>sip:[hidden email]:5060</identity><target uri="sip:[hidden email]:5060"/></local></dialog></dialog-info>


2018/10/25 12:22:19.198773 10.2.24.124:5060 -> 10.100.104.10:5060
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
Proxy-Authenticate: Digest nonce="414d53595bd1fbcb12:61835c52c28e8a89737c489e16fa5965",algorithm=MD5,realm="3CXPhoneSystem"
To: <sip:[hidden email]:5060>;tag=d9bb492f
From: <sip:[hidden email]:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
Call-ID: 0324183200c79905-20534@10.100.104.10
CSeq: 10 PUBLISH
User-Agent: 3CXPhoneSystem 15.5.15502.6 (15502)
Content-Length: 0

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: presence blf

Bogdan-Andrei Iancu-2
Hi Slave,

If you cannot do an IP authentication / whitelisting for OpenSIPS in 3CX, you could use the uac_auth module and the uac_auth() function to perform user side authentication in OpenSIPS. See
    http://www.opensips.org/html/docs/modules/2.4.x/uac.html
    http://www.opensips.org/html/docs/modules/2.4.x/uac_auth.html

Best regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/25/2018 09:49 PM, Slava Bendersky wrote:
Hello Everyone,
I am trying make BLF working and how opensips should handle PUBLISH where server reply 407 ?
Do we need forward to end point ?
Opensips send PUBLISH then 3CX send 407 and conversation done.
Here some trace

[root@aitossbc01 ~]# cat BLF.txt
2018/10/25 12:22:19.148093 10.100.104.10:5060 -> 10.2.24.124:5060
PUBLISH <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060">sip:120@...:5060 SIP/2.0
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
To: <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060">sip:120@...:5060
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
Max-Forwards: 70
Content-Length: 549
User-Agent: OpenSIPS (3.0.0-dev (x86_64/linux))
Event: dialog
Expires: 3601
Content-Type: application/dialog-info+xml

<?xml version="1.0"?>
<dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" state="partial" entity=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060">"sip:120@...:5060"><dialog id=[hidden email] call-id=[hidden email] direction="recipient"><state>confirmed</state><remote><identity><a class="moz-txt-link-freetext" href="sip:221@domain.tld:5060">sip:221@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:221@domain.tld:5060">"sip:221@...:5060"/></remote><local><identity><a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060">sip:120@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060">"sip:120@...:5060"/></local></dialog></dialog-info>


2018/10/25 12:22:19.198773 10.2.24.124:5060 -> 10.100.104.10:5060
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
Proxy-Authenticate: Digest nonce="414d53595bd1fbcb12:61835c52c28e8a89737c489e16fa5965",algorithm=MD5,realm="3CXPhoneSystem"
To: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060"><sip:120@...:5060>;tag=d9bb492f
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
User-Agent: 3CXPhoneSystem 15.5.15502.6 (15502)
Content-Length: 0


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: presence blf

Bogdan-Andrei Iancu-2
Hi Slava,

Sorry for the mistyping your name :D....one wrong character and something a bit weird resulted :D.

Regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/26/2018 09:34 AM, Bogdan-Andrei Iancu wrote:
Hi Slave,

If you cannot do an IP authentication / whitelisting for OpenSIPS in 3CX, you could use the uac_auth module and the uac_auth() function to perform user side authentication in OpenSIPS. See
    http://www.opensips.org/html/docs/modules/2.4.x/uac.html
    http://www.opensips.org/html/docs/modules/2.4.x/uac_auth.html

Best regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/25/2018 09:49 PM, Slava Bendersky wrote:
Hello Everyone,
I am trying make BLF working and how opensips should handle PUBLISH where server reply 407 ?
Do we need forward to end point ?
Opensips send PUBLISH then 3CX send 407 and conversation done.
Here some trace

[root@aitossbc01 ~]# cat BLF.txt
2018/10/25 12:22:19.148093 10.100.104.10:5060 -> 10.2.24.124:5060
PUBLISH <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" moz-do-not-send="true">sip:120@...:5060 SIP/2.0
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
To: <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" moz-do-not-send="true">sip:120@...:5060
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" moz-do-not-send="true"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
Max-Forwards: 70
Content-Length: 549
User-Agent: OpenSIPS (3.0.0-dev (x86_64/linux))
Event: dialog
Expires: 3601
Content-Type: application/dialog-info+xml

<?xml version="1.0"?>
<dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" state="partial" entity=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" moz-do-not-send="true">"sip:120@...:5060"><dialog id=[hidden email] call-id=[hidden email] direction="recipient"><state>confirmed</state><remote><identity><a class="moz-txt-link-freetext" href="sip:221@domain.tld:5060" moz-do-not-send="true">sip:221@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:221@domain.tld:5060" moz-do-not-send="true">"sip:221@...:5060"/></remote><local><identity><a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" moz-do-not-send="true">sip:120@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" moz-do-not-send="true">"sip:120@...:5060"/></local></dialog></dialog-info>


2018/10/25 12:22:19.198773 10.2.24.124:5060 -> 10.100.104.10:5060
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
Proxy-Authenticate: Digest nonce="414d53595bd1fbcb12:61835c52c28e8a89737c489e16fa5965",algorithm=MD5,realm="3CXPhoneSystem"
To: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" moz-do-not-send="true"><sip:120@...:5060>;tag=d9bb492f
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" moz-do-not-send="true"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
User-Agent: 3CXPhoneSystem 15.5.15502.6 (15502)
Content-Length: 0


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: presence blf

Slava Bendersky-2
Hello Bogdan,
The issue that opensips is not handling user authentication, password is stored in 3cx. Is there are way set avp or into cache intial credentials ?
I come up with something like this.
My though  was.

modparam("uac_auth","auth_realm_avp","$avp(10)")
modparam("uac_auth","auth_username_avp","$avp(11)")
modparam("uac_auth","auth_password_avp","$avp(12)")

route[PUBLISH_407] {
        if(is_method("PUBLISH") && has_body("application/dialog-info+xml") && $avp(DLG_dir)=="frompbx") {
                xlog("L_INFO", "[$rm] from $si\n");
                t_on_reply("6");
}

onreply_route[6] {
        if(is_method("PUBLISH") && t_check_status("407")) {
                xlog("L_INFO", "OnReply_Route6: [$rm] Direction: [FS ~> Client] asked for 407\n");
                t_on_failure("SUPPLY_AUTH");
        }
}

failure_route[SUPPLY_AUTH] {
        don't know how to supply credential  yet
        uac_auth();
}

volga629


From: "Bogdan-Andrei Iancu" <[hidden email]>
To: "OpenSIPS users mailling list" <[hidden email]>, "Slava Bendersky" <[hidden email]>
Sent: Friday, October 26, 2018 5:28:09 AM
Subject: Re: [OpenSIPS-Users] presence blf

Hi Slava,

Sorry for the mistyping your name :D....one wrong character and something a bit weird resulted :D.

Regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/26/2018 09:34 AM, Bogdan-Andrei Iancu wrote:
Hi Slave,

If you cannot do an IP authentication / whitelisting for OpenSIPS in 3CX, you could use the uac_auth module and the uac_auth() function to perform user side authentication in OpenSIPS. See
    http://www.opensips.org/html/docs/modules/2.4.x/uac.html
    http://www.opensips.org/html/docs/modules/2.4.x/uac_auth.html

Best regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/25/2018 09:49 PM, Slava Bendersky wrote:
Hello Everyone,
I am trying make BLF working and how opensips should handle PUBLISH where server reply 407 ?
Do we need forward to end point ?
Opensips send PUBLISH then 3CX send 407 and conversation done.
Here some trace

[root@aitossbc01 ~]# cat BLF.txt
2018/10/25 12:22:19.148093 10.100.104.10:5060 -> 10.2.24.124:5060
PUBLISH <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank">sip:120@...:5060 SIP/2.0
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
To: <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank">sip:120@...:5060
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
Max-Forwards: 70
Content-Length: 549
User-Agent: OpenSIPS (3.0.0-dev (x86_64/linux))
Event: dialog
Expires: 3601
Content-Type: application/dialog-info+xml

<?xml version="1.0"?>
<dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" state="partial" entity=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank">"sip:120@...:5060"><dialog id=[hidden email] call-id=[hidden email] direction="recipient"><state>confirmed</state><remote><identity><a class="moz-txt-link-freetext" href="sip:221@domain.tld:5060" target="_blank">sip:221@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:221@domain.tld:5060" target="_blank">"sip:221@...:5060"/></remote><local><identity><a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank">sip:120@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank">"sip:120@...:5060"/></local></dialog></dialog-info>


2018/10/25 12:22:19.198773 10.2.24.124:5060 -> 10.100.104.10:5060
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
Proxy-Authenticate: Digest nonce="414d53595bd1fbcb12:61835c52c28e8a89737c489e16fa5965",algorithm=MD5,realm="3CXPhoneSystem"
To: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank"><sip:120@...:5060>;tag=d9bb492f
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
User-Agent: 3CXPhoneSystem 15.5.15502.6 (15502)
Content-Length: 0


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: presence blf

Slava Bendersky-2
Is possible that issue in mid_registrar  ?
I adjusted fail route to 

failure_route[SUPPLY_AUTH] {
        if(uac_auth()) {
                append_branch();
                t_relay();
        }
        exit;
 and look like uac_auth() is never executed.

volga629


From: "Slava Bendersky" <[hidden email]>
To: "Bogdan-Andrei Iancu" <[hidden email]>
Cc: "OpenSIPS users mailling list" <[hidden email]>
Sent: Saturday, October 27, 2018 12:42:09 AM
Subject: Re: [OpenSIPS-Users] presence blf

Hello Bogdan,
The issue that opensips is not handling user authentication, password is stored in 3cx. Is there are way set avp or into cache intial credentials ?
I come up with something like this.
My though  was.

modparam("uac_auth","auth_realm_avp","$avp(10)")
modparam("uac_auth","auth_username_avp","$avp(11)")
modparam("uac_auth","auth_password_avp","$avp(12)")

route[PUBLISH_407] {
        if(is_method("PUBLISH") && has_body("application/dialog-info+xml") && $avp(DLG_dir)=="frompbx") {
                xlog("L_INFO", "[$rm] from $si\n");
                t_on_reply("6");
}

onreply_route[6] {
        if(is_method("PUBLISH") && t_check_status("407")) {
                xlog("L_INFO", "OnReply_Route6: [$rm] Direction: [FS ~> Client] asked for 407\n");
                t_on_failure("SUPPLY_AUTH");
        }
}

failure_route[SUPPLY_AUTH] {
        don't know how to supply credential  yet
        uac_auth();
}

volga629


From: "Bogdan-Andrei Iancu" <[hidden email]>
To: "OpenSIPS users mailling list" <[hidden email]>, "Slava Bendersky" <[hidden email]>
Sent: Friday, October 26, 2018 5:28:09 AM
Subject: Re: [OpenSIPS-Users] presence blf

Hi Slava,

Sorry for the mistyping your name :D....one wrong character and something a bit weird resulted :D.

Regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/26/2018 09:34 AM, Bogdan-Andrei Iancu wrote:
Hi Slave,

If you cannot do an IP authentication / whitelisting for OpenSIPS in 3CX, you could use the uac_auth module and the uac_auth() function to perform user side authentication in OpenSIPS. See
    http://www.opensips.org/html/docs/modules/2.4.x/uac.html
    http://www.opensips.org/html/docs/modules/2.4.x/uac_auth.html

Best regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/25/2018 09:49 PM, Slava Bendersky wrote:
Hello Everyone,
I am trying make BLF working and how opensips should handle PUBLISH where server reply 407 ?
Do we need forward to end point ?
Opensips send PUBLISH then 3CX send 407 and conversation done.
Here some trace

[root@aitossbc01 ~]# cat BLF.txt
2018/10/25 12:22:19.148093 10.100.104.10:5060 -> 10.2.24.124:5060
PUBLISH <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank">sip:120@...:5060 SIP/2.0
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
To: <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank">sip:120@...:5060
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
Max-Forwards: 70
Content-Length: 549
User-Agent: OpenSIPS (3.0.0-dev (x86_64/linux))
Event: dialog
Expires: 3601
Content-Type: application/dialog-info+xml

<?xml version="1.0"?>
<dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" state="partial" entity=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank">"sip:120@...:5060"><dialog id=[hidden email] call-id=[hidden email] direction="recipient"><state>confirmed</state><remote><identity><a class="moz-txt-link-freetext" href="sip:221@domain.tld:5060" target="_blank">sip:221@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:221@domain.tld:5060" target="_blank">"sip:221@...:5060"/></remote><local><identity><a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank">sip:120@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank">"sip:120@...:5060"/></local></dialog></dialog-info>


2018/10/25 12:22:19.198773 10.2.24.124:5060 -> 10.100.104.10:5060
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
Proxy-Authenticate: Digest nonce="414d53595bd1fbcb12:61835c52c28e8a89737c489e16fa5965",algorithm=MD5,realm="3CXPhoneSystem"
To: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank"><sip:120@...:5060>;tag=d9bb492f
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
User-Agent: 3CXPhoneSystem 15.5.15502.6 (15502)
Content-Length: 0


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: presence blf

Bogdan-Andrei Iancu-2
In reply to this post by Slava Bendersky-2
Hi Salva,

In failure route, you should check first for the 407 (btw, you do not have to go via the onreply route, you can use only failure_route, directly). If so, call uac_auth(), but be sure you the $avp(10),
$avp(11) and $avp(12) *already* contain the values for realm, username and password. You can load that info from a DB for example.

Best regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/27/2018 06:42 AM, Slava Bendersky wrote:
Hello Bogdan,
The issue that opensips is not handling user authentication, password is stored in 3cx. Is there are way set avp or into cache intial credentials ?
I come up with something like this.
My though  was.

modparam("uac_auth","auth_realm_avp","$avp(10)")
modparam("uac_auth","auth_username_avp","$avp(11)")
modparam("uac_auth","auth_password_avp","$avp(12)")

route[PUBLISH_407] {
        if(is_method("PUBLISH") && has_body("application/dialog-info+xml") && $avp(DLG_dir)=="frompbx") {
                xlog("L_INFO", "[$rm] from $si\n");
                t_on_reply("6");
}

onreply_route[6] {
        if(is_method("PUBLISH") && t_check_status("407")) {
                xlog("L_INFO", "OnReply_Route6: [$rm] Direction: [FS ~> Client] asked for 407\n");
                t_on_failure("SUPPLY_AUTH");
        }
}

failure_route[SUPPLY_AUTH] {
        don't know how to supply credential  yet
        uac_auth();
}

volga629


From: "Bogdan-Andrei Iancu" [hidden email]
To: "OpenSIPS users mailling list" [hidden email], "Slava Bendersky" [hidden email]
Sent: Friday, October 26, 2018 5:28:09 AM
Subject: Re: [OpenSIPS-Users] presence blf

Hi Slava,

Sorry for the mistyping your name :D....one wrong character and something a bit weird resulted :D.

Regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/26/2018 09:34 AM, Bogdan-Andrei Iancu wrote:
Hi Slave,

If you cannot do an IP authentication / whitelisting for OpenSIPS in 3CX, you could use the uac_auth module and the uac_auth() function to perform user side authentication in OpenSIPS. See
    http://www.opensips.org/html/docs/modules/2.4.x/uac.html
    http://www.opensips.org/html/docs/modules/2.4.x/uac_auth.html

Best regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/25/2018 09:49 PM, Slava Bendersky wrote:
Hello Everyone,
I am trying make BLF working and how opensips should handle PUBLISH where server reply 407 ?
Do we need forward to end point ?
Opensips send PUBLISH then 3CX send 407 and conversation done.
Here some trace

[root@aitossbc01 ~]# cat BLF.txt
2018/10/25 12:22:19.148093 10.100.104.10:5060 -> 10.2.24.124:5060
PUBLISH <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">sip:120@...:5060 SIP/2.0
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
To: <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">sip:120@...:5060
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
Max-Forwards: 70
Content-Length: 549
User-Agent: OpenSIPS (3.0.0-dev (x86_64/linux))
Event: dialog
Expires: 3601
Content-Type: application/dialog-info+xml

<?xml version="1.0"?>
<dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" state="partial" entity=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">"sip:120@...:5060"><dialog id=[hidden email] call-id=[hidden email] direction="recipient"><state>confirmed</state><remote><identity><a class="moz-txt-link-freetext" href="sip:221@domain.tld:5060" target="_blank" moz-do-not-send="true">sip:221@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:221@domain.tld:5060" target="_blank" moz-do-not-send="true">"sip:221@...:5060"/></remote><local><identity><a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">sip:120@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">"sip:120@...:5060"/></local></dialog></dialog-info>


2018/10/25 12:22:19.198773 10.2.24.124:5060 -> 10.100.104.10:5060
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
Proxy-Authenticate: Digest nonce="414d53595bd1fbcb12:61835c52c28e8a89737c489e16fa5965",algorithm=MD5,realm="3CXPhoneSystem"
To: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true"><sip:120@...:5060>;tag=d9bb492f
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
User-Agent: 3CXPhoneSystem 15.5.15502.6 (15502)
Content-Length: 0


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: presence blf

Bogdan-Andrei Iancu-2
In reply to this post by Slava Bendersky-2
you do not need mid_registrar. The logic should be :


route[PUBLISH_407] {
        if(is_method("PUBLISH") && has_body("application/dialog-info+xml") && $avp(DLG_dir)=="frompbx") {
                xlog("L_INFO", "[$rm] from $si\n");
                t_on_failure("SUPPLY_AUTH");
}

failure_route[SUPPLY_AUTH] {
        if (is_method("PUBLISH") && t_check_status("407")) {
            populate $avp(10/11/12) from a DB with the credentials
            if (uac_auth())
                t_relay();
        }
}
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/27/2018 10:34 PM, Slava Bendersky wrote:
Is possible that issue in mid_registrar  ?
I adjusted fail route to 

failure_route[SUPPLY_AUTH] {
        if(uac_auth()) {
                append_branch();
                t_relay();
        }
        exit;
 and look like uac_auth() is never executed.

volga629


From: "Slava Bendersky" [hidden email]
To: "Bogdan-Andrei Iancu" [hidden email]
Cc: "OpenSIPS users mailling list" [hidden email]
Sent: Saturday, October 27, 2018 12:42:09 AM
Subject: Re: [OpenSIPS-Users] presence blf

Hello Bogdan,
The issue that opensips is not handling user authentication, password is stored in 3cx. Is there are way set avp or into cache intial credentials ?
I come up with something like this.
My though  was.

modparam("uac_auth","auth_realm_avp","$avp(10)")
modparam("uac_auth","auth_username_avp","$avp(11)")
modparam("uac_auth","auth_password_avp","$avp(12)")

route[PUBLISH_407] {
        if(is_method("PUBLISH") && has_body("application/dialog-info+xml") && $avp(DLG_dir)=="frompbx") {
                xlog("L_INFO", "[$rm] from $si\n");
                t_on_reply("6");
}

onreply_route[6] {
        if(is_method("PUBLISH") && t_check_status("407")) {
                xlog("L_INFO", "OnReply_Route6: [$rm] Direction: [FS ~> Client] asked for 407\n");
                t_on_failure("SUPPLY_AUTH");
        }
}

failure_route[SUPPLY_AUTH] {
        don't know how to supply credential  yet
        uac_auth();
}

volga629


From: "Bogdan-Andrei Iancu" [hidden email]
To: "OpenSIPS users mailling list" [hidden email], "Slava Bendersky" [hidden email]
Sent: Friday, October 26, 2018 5:28:09 AM
Subject: Re: [OpenSIPS-Users] presence blf

Hi Slava,

Sorry for the mistyping your name :D....one wrong character and something a bit weird resulted :D.

Regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/26/2018 09:34 AM, Bogdan-Andrei Iancu wrote:
Hi Slave,

If you cannot do an IP authentication / whitelisting for OpenSIPS in 3CX, you could use the uac_auth module and the uac_auth() function to perform user side authentication in OpenSIPS. See
    http://www.opensips.org/html/docs/modules/2.4.x/uac.html
    http://www.opensips.org/html/docs/modules/2.4.x/uac_auth.html

Best regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/25/2018 09:49 PM, Slava Bendersky wrote:
Hello Everyone,
I am trying make BLF working and how opensips should handle PUBLISH where server reply 407 ?
Do we need forward to end point ?
Opensips send PUBLISH then 3CX send 407 and conversation done.
Here some trace

[root@aitossbc01 ~]# cat BLF.txt
2018/10/25 12:22:19.148093 10.100.104.10:5060 -> 10.2.24.124:5060
PUBLISH <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">sip:120@...:5060 SIP/2.0
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
To: <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">sip:120@...:5060
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
Max-Forwards: 70
Content-Length: 549
User-Agent: OpenSIPS (3.0.0-dev (x86_64/linux))
Event: dialog
Expires: 3601
Content-Type: application/dialog-info+xml

<?xml version="1.0"?>
<dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" state="partial" entity=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">"sip:120@...:5060"><dialog id=[hidden email] call-id=[hidden email] direction="recipient"><state>confirmed</state><remote><identity><a class="moz-txt-link-freetext" href="sip:221@domain.tld:5060" target="_blank" moz-do-not-send="true">sip:221@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:221@domain.tld:5060" target="_blank" moz-do-not-send="true">"sip:221@...:5060"/></remote><local><identity><a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">sip:120@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">"sip:120@...:5060"/></local></dialog></dialog-info>


2018/10/25 12:22:19.198773 10.2.24.124:5060 -> 10.100.104.10:5060
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
Proxy-Authenticate: Digest nonce="414d53595bd1fbcb12:61835c52c28e8a89737c489e16fa5965",algorithm=MD5,realm="3CXPhoneSystem"
To: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true"><sip:120@...:5060>;tag=d9bb492f
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
User-Agent: 3CXPhoneSystem 15.5.15502.6 (15502)
Content-Length: 0


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: presence blf

Slava Bendersky-2
Hello Bogdan,
So only option is get to 3CX database or API ?

volga629


From: "Bogdan-Andrei Iancu" <[hidden email]>
To: "Slava Bendersky" <[hidden email]>, "OpenSIPS users mailling list" <[hidden email]>
Sent: Monday, October 29, 2018 9:31:29 AM
Subject: Re: [OpenSIPS-Users] presence blf

you do not need mid_registrar. The logic should be :


route[PUBLISH_407] {
        if(is_method("PUBLISH") && has_body("application/dialog-info+xml") && $avp(DLG_dir)=="frompbx") {
                xlog("L_INFO", "[$rm] from $si\n");
                t_on_failure("SUPPLY_AUTH");
}

failure_route[SUPPLY_AUTH] {
        if (is_method("PUBLISH") && t_check_status("407")) {
            populate $avp(10/11/12) from a DB with the credentials
            if (uac_auth())
                t_relay();
        }
}
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/27/2018 10:34 PM, Slava Bendersky wrote:
Is possible that issue in mid_registrar  ?
I adjusted fail route to 

failure_route[SUPPLY_AUTH] {
        if(uac_auth()) {
                append_branch();
                t_relay();
        }
        exit;
 and look like uac_auth() is never executed.

volga629


From: "Slava Bendersky" [hidden email]
To: "Bogdan-Andrei Iancu" [hidden email]
Cc: "OpenSIPS users mailling list" [hidden email]
Sent: Saturday, October 27, 2018 12:42:09 AM
Subject: Re: [OpenSIPS-Users] presence blf

Hello Bogdan,
The issue that opensips is not handling user authentication, password is stored in 3cx. Is there are way set avp or into cache intial credentials ?
I come up with something like this.
My though  was.

modparam("uac_auth","auth_realm_avp","$avp(10)")
modparam("uac_auth","auth_username_avp","$avp(11)")
modparam("uac_auth","auth_password_avp","$avp(12)")

route[PUBLISH_407] {
        if(is_method("PUBLISH") && has_body("application/dialog-info+xml") && $avp(DLG_dir)=="frompbx") {
                xlog("L_INFO", "[$rm] from $si\n");
                t_on_reply("6");
}

onreply_route[6] {
        if(is_method("PUBLISH") && t_check_status("407")) {
                xlog("L_INFO", "OnReply_Route6: [$rm] Direction: [FS ~> Client] asked for 407\n");
                t_on_failure("SUPPLY_AUTH");
        }
}

failure_route[SUPPLY_AUTH] {
        don't know how to supply credential  yet
        uac_auth();
}

volga629


From: "Bogdan-Andrei Iancu" [hidden email]
To: "OpenSIPS users mailling list" [hidden email], "Slava Bendersky" [hidden email]
Sent: Friday, October 26, 2018 5:28:09 AM
Subject: Re: [OpenSIPS-Users] presence blf

Hi Slava,

Sorry for the mistyping your name :D....one wrong character and something a bit weird resulted :D.

Regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/26/2018 09:34 AM, Bogdan-Andrei Iancu wrote:
Hi Slave,

If you cannot do an IP authentication / whitelisting for OpenSIPS in 3CX, you could use the uac_auth module and the uac_auth() function to perform user side authentication in OpenSIPS. See
    http://www.opensips.org/html/docs/modules/2.4.x/uac.html
    http://www.opensips.org/html/docs/modules/2.4.x/uac_auth.html

Best regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/25/2018 09:49 PM, Slava Bendersky wrote:
Hello Everyone,
I am trying make BLF working and how opensips should handle PUBLISH where server reply 407 ?
Do we need forward to end point ?
Opensips send PUBLISH then 3CX send 407 and conversation done.
Here some trace

[root@aitossbc01 ~]# cat BLF.txt
2018/10/25 12:22:19.148093 10.100.104.10:5060 -> 10.2.24.124:5060
PUBLISH <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank">sip:120@...:5060 SIP/2.0
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
To: <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank">sip:120@...:5060
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
Max-Forwards: 70
Content-Length: 549
User-Agent: OpenSIPS (3.0.0-dev (x86_64/linux))
Event: dialog
Expires: 3601
Content-Type: application/dialog-info+xml

<?xml version="1.0"?>
<dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" state="partial" entity=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank">"sip:120@...:5060"><dialog id=[hidden email] call-id=[hidden email] direction="recipient"><state>confirmed</state><remote><identity><a class="moz-txt-link-freetext" href="sip:221@domain.tld:5060" target="_blank">sip:221@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:221@domain.tld:5060" target="_blank">"sip:221@...:5060"/></remote><local><identity><a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank">sip:120@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank">"sip:120@...:5060"/></local></dialog></dialog-info>


2018/10/25 12:22:19.198773 10.2.24.124:5060 -> 10.100.104.10:5060
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
Proxy-Authenticate: Digest nonce="414d53595bd1fbcb12:61835c52c28e8a89737c489e16fa5965",algorithm=MD5,realm="3CXPhoneSystem"
To: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank"><sip:120@...:5060>;tag=d9bb492f
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
User-Agent: 3CXPhoneSystem 15.5.15502.6 (15502)
Content-Length: 0


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: presence blf

Bogdan-Andrei Iancu-2
Well, you need to get the Pwd from the 3cx somehow - it depends on what interfacing capabilities the 3cx has

Regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/29/2018 03:48 PM, Slava Bendersky wrote:
Hello Bogdan,
So only option is get to 3CX database or API ?

volga629


From: "Bogdan-Andrei Iancu" [hidden email]
To: "Slava Bendersky" [hidden email], "OpenSIPS users mailling list" [hidden email]
Sent: Monday, October 29, 2018 9:31:29 AM
Subject: Re: [OpenSIPS-Users] presence blf

you do not need mid_registrar. The logic should be :


route[PUBLISH_407] {
        if(is_method("PUBLISH") && has_body("application/dialog-info+xml") && $avp(DLG_dir)=="frompbx") {
                xlog("L_INFO", "[$rm] from $si\n");
                t_on_failure("SUPPLY_AUTH");
}

failure_route[SUPPLY_AUTH] {
        if (is_method("PUBLISH") && t_check_status("407")) {
            populate $avp(10/11/12) from a DB with the credentials
            if (uac_auth())
                t_relay();
        }
}
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/27/2018 10:34 PM, Slava Bendersky wrote:
Is possible that issue in mid_registrar  ?
I adjusted fail route to 

failure_route[SUPPLY_AUTH] {
        if(uac_auth()) {
                append_branch();
                t_relay();
        }
        exit;
 and look like uac_auth() is never executed.

volga629


From: "Slava Bendersky" [hidden email]
To: "Bogdan-Andrei Iancu" [hidden email]
Cc: "OpenSIPS users mailling list" [hidden email]
Sent: Saturday, October 27, 2018 12:42:09 AM
Subject: Re: [OpenSIPS-Users] presence blf

Hello Bogdan,
The issue that opensips is not handling user authentication, password is stored in 3cx. Is there are way set avp or into cache intial credentials ?
I come up with something like this.
My though  was.

modparam("uac_auth","auth_realm_avp","$avp(10)")
modparam("uac_auth","auth_username_avp","$avp(11)")
modparam("uac_auth","auth_password_avp","$avp(12)")

route[PUBLISH_407] {
        if(is_method("PUBLISH") && has_body("application/dialog-info+xml") && $avp(DLG_dir)=="frompbx") {
                xlog("L_INFO", "[$rm] from $si\n");
                t_on_reply("6");
}

onreply_route[6] {
        if(is_method("PUBLISH") && t_check_status("407")) {
                xlog("L_INFO", "OnReply_Route6: [$rm] Direction: [FS ~> Client] asked for 407\n");
                t_on_failure("SUPPLY_AUTH");
        }
}

failure_route[SUPPLY_AUTH] {
        don't know how to supply credential  yet
        uac_auth();
}

volga629


From: "Bogdan-Andrei Iancu" [hidden email]
To: "OpenSIPS users mailling list" [hidden email], "Slava Bendersky" [hidden email]
Sent: Friday, October 26, 2018 5:28:09 AM
Subject: Re: [OpenSIPS-Users] presence blf

Hi Slava,

Sorry for the mistyping your name :D....one wrong character and something a bit weird resulted :D.

Regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/26/2018 09:34 AM, Bogdan-Andrei Iancu wrote:
Hi Slave,

If you cannot do an IP authentication / whitelisting for OpenSIPS in 3CX, you could use the uac_auth module and the uac_auth() function to perform user side authentication in OpenSIPS. See
    http://www.opensips.org/html/docs/modules/2.4.x/uac.html
    http://www.opensips.org/html/docs/modules/2.4.x/uac_auth.html

Best regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
  http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 10/25/2018 09:49 PM, Slava Bendersky wrote:
Hello Everyone,
I am trying make BLF working and how opensips should handle PUBLISH where server reply 407 ?
Do we need forward to end point ?
Opensips send PUBLISH then 3CX send 407 and conversation done.
Here some trace

[root@aitossbc01 ~]# cat BLF.txt
2018/10/25 12:22:19.148093 10.100.104.10:5060 -> 10.2.24.124:5060
PUBLISH <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">sip:120@...:5060 SIP/2.0
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
To: <a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">sip:120@...:5060
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
Max-Forwards: 70
Content-Length: 549
User-Agent: OpenSIPS (3.0.0-dev (x86_64/linux))
Event: dialog
Expires: 3601
Content-Type: application/dialog-info+xml

<?xml version="1.0"?>
<dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" state="partial" entity=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">"sip:120@...:5060"><dialog id=[hidden email] call-id=[hidden email] direction="recipient"><state>confirmed</state><remote><identity><a class="moz-txt-link-freetext" href="sip:221@domain.tld:5060" target="_blank" moz-do-not-send="true">sip:221@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:221@domain.tld:5060" target="_blank" moz-do-not-send="true">"sip:221@...:5060"/></remote><local><identity><a class="moz-txt-link-freetext" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">sip:120@...:5060</identity><target uri=<a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true">"sip:120@...:5060"/></local></dialog></dialog-info>


2018/10/25 12:22:19.198773 10.2.24.124:5060 -> 10.100.104.10:5060
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.100.104.10:5060;branch=z9hG4bK9f23.99096732.0
Proxy-Authenticate: Digest nonce="414d53595bd1fbcb12:61835c52c28e8a89737c489e16fa5965",algorithm=MD5,realm="3CXPhoneSystem"
To: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true"><sip:120@...:5060>;tag=d9bb492f
From: <a class="moz-txt-link-rfc2396E" href="sip:120@domain.tld:5060" target="_blank" moz-do-not-send="true"><sip:120@...:5060>;tag=4c20d2ebf66939afcc7c67fb6893f1be-672a
CSeq: 10 PUBLISH
User-Agent: 3CXPhoneSystem 15.5.15502.6 (15502)
Content-Length: 0


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users