1. Brekeke PBX Version 2.0.7.2
3. Windows 2000
4. SJPhone, Voipswitch
6. Your problem:
I'm trying to authenticate clients on INVITE with a SIP softswitch downstream. I tried doing this by simply changing the $target to the IP of the downstream SIP softswitch in Brekeke SIP Server. Brekeke SIP Server proxied the authentication information perfectly collecting credentials from the client. However when I forward calls through Brekeke PBX, this no longer happens and when the 407 hits Brekeke PBX it forwards a 407 with no Proxy-Authentication to the client. I can only get this client to auth to the downstream softswitch by supplying explicit credentials in the ARS Route. Can I forward the client's auth/credentials to the ARS target somehow?
Proxy authentication
Moderator: Brekeke Support Team
-
- Posts: 528
- Joined: Tue Sep 20, 2005 9:10 am
- Location: Tannersville, Pennsylvania
Hi,
I'm not sure if I exactly understand your problem but I can offer some advice.
If you have your users registered to brekeke and you want them to be able to send calls thru another softswitch outside of Brekeke then set the softswitch up in the ARS section by creating an out pattern. There are many templates for service providers that you can use by just changing the credentials and ip address. What this does is authenticate brekeke with the softswitch so that when users are making calls thru that ARS it is the Brekeke ARS account that is authenticating with the softswitch, not each users individual credentials. Each users credentials are only used to authenticate to Brekeke.
In the case that I guessed wrong and you want each users credentials to be presented to the softswitch then of course Brekeke has a way. You need to turn on upper registration in the sip config screen (then restart sip server). There you will be able to specify and address for the softswitch.
What this does is allow the users to register thru Brekeke to the softswitch. The requires that the users softswitch user name and password be put into the users ata/phone and Brekeke's address be put into the proxy address of the ua/phone. Then, the ua will register to the remote softswitch.
There may be a third way of doing it which would require you to setup up brekeke's ip address as the register server on your ata and the softswitch as the proxy server on your ata.
Nick
I'm not sure if I exactly understand your problem but I can offer some advice.
If you have your users registered to brekeke and you want them to be able to send calls thru another softswitch outside of Brekeke then set the softswitch up in the ARS section by creating an out pattern. There are many templates for service providers that you can use by just changing the credentials and ip address. What this does is authenticate brekeke with the softswitch so that when users are making calls thru that ARS it is the Brekeke ARS account that is authenticating with the softswitch, not each users individual credentials. Each users credentials are only used to authenticate to Brekeke.
In the case that I guessed wrong and you want each users credentials to be presented to the softswitch then of course Brekeke has a way. You need to turn on upper registration in the sip config screen (then restart sip server). There you will be able to specify and address for the softswitch.
What this does is allow the users to register thru Brekeke to the softswitch. The requires that the users softswitch user name and password be put into the users ata/phone and Brekeke's address be put into the proxy address of the ua/phone. Then, the ua will register to the remote softswitch.
There may be a third way of doing it which would require you to setup up brekeke's ip address as the register server on your ata and the softswitch as the proxy server on your ata.
Nick
New issue with the configuration.
I set up the config according to the second scenario you mentioned where upper registration is enabled (credentials are passed to the softswitch). The UA is registering through Brekeke properly to the SIP softswitch, but when I make a call the softswitch sends Brekeke a 407 and Brekeke replies with an ACK with no authenication information and the calls are rejected.
The UA is configured with the softswitch user/pass and Brekeke is the registrar/proxy.
Any further help in this matter is greatly appreciated.
I set up the config according to the second scenario you mentioned where upper registration is enabled (credentials are passed to the softswitch). The UA is registering through Brekeke properly to the SIP softswitch, but when I make a call the softswitch sends Brekeke a 407 and Brekeke replies with an ACK with no authenication information and the calls are rejected.
The UA is configured with the softswitch user/pass and Brekeke is the registrar/proxy.
Any further help in this matter is greatly appreciated.
-
- Posts: 528
- Joined: Tue Sep 20, 2005 9:10 am
- Location: Tannersville, Pennsylvania
Hi,
The setup instructions are on page 52 in the administration guide.
http://www.brekeke-sip.com/download/bss ... min_en.pdf
Have you tried to set up an ARS that registers to the softswitch and put calls thru that ARS? You would have to turn of upper registration for it to work.
I don't have any ideas why the calls won't authenticate. An ethereal trace would probably be needed to debug it.
Nick
The setup instructions are on page 52 in the administration guide.
http://www.brekeke-sip.com/download/bss ... min_en.pdf
Have you tried to set up an ARS that registers to the softswitch and put calls thru that ARS? You would have to turn of upper registration for it to work.
I don't have any ideas why the calls won't authenticate. An ethereal trace would probably be needed to debug it.
Nick
-
- Posts: 528
- Joined: Tue Sep 20, 2005 9:10 am
- Location: Tannersville, Pennsylvania
I see.
If you are only talking a couple of users you could set up an ARS for each user to duplicate the credentials but that's not really the answer. For some reason the Upper Registration method is not properly authenticating the calls. I'm going to set up a test here and mimic what you are trying to do and let you know the results some time later today.
Nick
If you are only talking a couple of users you could set up an ARS for each user to duplicate the credentials but that's not really the answer. For some reason the Upper Registration method is not properly authenticating the calls. I'm going to set up a test here and mimic what you are trying to do and let you know the results some time later today.
Nick