Hello, I managed to get it working. Seems like i was overwriting fields used in computation of the digest response. Once i turn off authentication the call flow works perfectly. I will need to make necessary modifications to work with digest authentication.
As a next step i will be implementing encryption/decryption on the F.W server. Thanks and Regards, Vikram. Vikram Ragukumar wrote: > Hello, > > ------------- -------- --- -------- > |Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk| > ------------- -------- --- -------- > IP addresses: a.b.c.d q.w.e.r > > The SIP softphone(x-lite) is configured to register with the asterisk > server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup as > the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090). > Authentication credentials for the softphone match the user registered > in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio > listening on port 5060. > > The asterisk server is setup to listen on port 5060. > > The Firewall(F.W), uses a libnetfilter_queue based program to : > > (a) Rewrite the destination port 9090 as 5060, and rewrite all other > occurrences of 9090 as 5060 in the SIP message, for packets from the > softphone to the asterisk server. > > (b) Rewrite the source port 5060 as 9090, and rewrite all other > occurrences of 5060 as 9090 in the SIP message, for packets from the > asterisk server to the softphone. > > The following exchange of SIP messages take place > -Sip softphone sends a REGISTER message to asterisk > -Asterisk responds with a 401 UNAUTHORIZED > -Sip softphone replies with a REGISTER message containing auth. info. > -Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION > > The above setup works when the softphone uses port 5060, so there > problem here does not have anything to do with Authorization credentials. > > Is it possible i might be modifying parts of the packet that shouldn't > be modified or i might not be modifying some relevant parts of the packet ? > > Thanks in advance, > Vikram. > > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users