I'm running bc-flexisip-1.0.10-222.el7.centos.x86_64
in front-end mode (or attempting to!).
I
have my auth module properly configured and authenticating requests:
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_wakeup(0xa3d780): events IN
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_recv_event(0xa3d780)
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_recv_iovec(0xa3d780) msg
0xbb7600 from (tcp/x.y.z.a:33320) has 794 bytes, veclen = 1
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_deliver(0xa3d780): msg 0xbb7600
(794 bytes) from tcp/a.b.c.d:33320 next=(nil)
- Mar 24
16:36:40 flex-server flexisip[3536]: nta: received REGISTER sip:mydomain
SIP/2.0 (CSeq 20)
- Mar 24
16:36:40 flex-server flexisip[3536]: nta: Via check: received=a.b.c.d
- Mar 24
16:36:40 flex-server flexisip[3536]: nta: REGISTER (20) to message
callback
- Mar 24
16:36:40 flex-server flexisip[3536]: New SipEvent 0xbba448 - msg 0xbb7600
- Mar 24
16:36:40 flex-server flexisip[3536]: Receiving new Request SIP message
REGISTER from sip:address@hidden :
-
REGISTER sip:domain
SIP/2.0
-
Via: SIP/2.0/TCP
c.d.e.f:41899;alias;branch=z9hG4bK.bVq7x7chD;rport=33320;received=a.b.c.d
-
From:
<sip:address@hidden>;tag=untdbt5Zj
-
To: sip:address@hidden
-
CSeq: 20 REGISTER
-
Call-ID: 8qIXZtqI1L
-
Max-Forwards: 70
-
Supported: replaces,
outbound
-
Accept: application/sdp,
text/plain, application/vnd.gsma.rcs-ft-http+xml
-
Contact:
<sip:address@hidden:33320;app-id=929724111839;pn-type=firebase;pn-tok=token;transport=tcp>;+sip.instance="<urn:uuid:uuid>"
-
Expires: 3600
-
User-Agent:
LinphoneAndroid/3.2.5 (belle-sip/1.6.1)
-
Content-Length: 0
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module
DoSProtection
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module
SanityChecker
- Mar 24
16:36:40 flex-server flexisip[3536]: Skipping onRequest() on module
GarbageIn
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module
NatHelper
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module
Authentication
- Mar 24 16:36:40
flex-server flexisip[3536]: New IncomingTransaction 0xbb8038
- Mar 24
16:36:40 flex-server flexisip[3536]: nta_incoming_create: created incoming
transaction 0xbb80c0
- Mar 24
16:36:40 flex-server flexisip[3536]: flexisip_auth_method_digest: no
credentials matched realm or no realm
- Mar 24
16:36:40 flex-server flexisip[3536]: New nonce 6A+A3AAAAADFAugGAAA3vjVKJ
- Mar 24
16:36:40 flex-server flexisip[3536]: Searching for ext password to have it
when the authenticated request comes
- Mar 24
16:36:40 flex-server flexisip[3536]: Replying Request SIP message: 401
Unauthorized
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_tsend(0xa3d780) tpn =
TCP/a.b.c.d:33320
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_vsend returned 489
- Mar 24
16:36:40 flex-server flexisip[3536]: tport(0xa3d780): set timer at 1800000
ms because keepalive
- Mar 24
16:36:40 flex-server flexisip[3536]: nta: sent 401 Unauthorized for
REGISTER (20)
- Mar 24
16:36:40 flex-server flexisip[3536]: nta: incoming_free(0xbb80c0)
- Mar 24
16:36:40 flex-server flexisip[3536]: incoming_reclaim: 0xbb80c0
- Mar 24
16:36:40 flex-server flexisip[3536]: nta_incoming_destroy: 0xbb80c0
- Mar 24
16:36:40 flex-server flexisip[3536]: Terminate SipEvent 0xbba448
- Mar 24
16:36:40 flex-server flexisip[3536]: Delete IncomingTransaction 0xbb8038
- Mar 24
16:36:40 flex-server flexisip[3536]: tport(0xa3d780): set timer at 1799999
ms because keepalive
- Mar 24
16:36:40 flex-server flexisip[3536]: tport(0xa3d780): set timer at 1799999
ms because keepalive
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_wakeup(0xa3d780): events IN
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_recv_event(0xa3d780)
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_recv_iovec(0xa3d780) msg
0xbb7600 from (tcp/a.b.c.d:33320) has 1071 bytes, veclen = 1
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_deliver(0xa3d780): msg 0xbb7600
(1071 bytes) from tcp/a.b.c.d:33320 next=(nil)
- Mar 24
16:36:40 flex-server flexisip[3536]: nta: received REGISTER sip:domain
SIP/2.0 (CSeq 21)
- Mar 24
16:36:40 flex-server flexisip[3536]: nta: Via check: received=a.b.c.d
- Mar 24
16:36:40 flex-server flexisip[3536]: nta: REGISTER (21) to message
callback
- Mar 24
16:36:40 flex-server flexisip[3536]: New SipEvent 0xbba3d8 - msg 0xbb7600
- Mar 24
16:36:40 flex-server flexisip[3536]: Receiving new Request SIP message
REGISTER from sip:address@hidden :
-
REGISTER sip:domain
SIP/2.0
-
Via: SIP/2.0/TCP
10.100.33.58:41899;alias;branch=z9hG4bK.PRoHn1Ff5;rport=33320;received=a.b.c.d
-
From:
<sip:address@hidden>;tag=untdbt5Zj
-
To: sip:address@hidden
-
CSeq: 21 REGISTER
-
Call-ID: 8qIXZtqI1L
-
Max-Forwards: 70
-
Supported: replaces,
outbound
-
Accept: application/sdp,
text/plain, application/vnd.gsma.rcs-ft-http+xml
-
Contact:
<sip:address@hidden:33320;app-id=929724111839;pn-type=firebase;pn-tok=fPG70V-JnSs:APA91bGE1ipM29ftNXpolE4l5BH0FpsZZCHd6bCJ407TUUTm7QeRzlftOi3khWWTVBHE9yNI5Szqaa2JWcGZMS0oBFnPmGPWCc9j1Oeq8o0Zn6YwX_QN2T59ydh2RZ54q8vvnRjQuRBR;transport=tcp>;+sip.instance="<urn:uuid:5e9cd44b-9ebb-4791-9b2d-d6428c38f144>"
-
Expires: 3600
-
User-Agent:
LinphoneAndroid/3.2.5 (belle-sip/1.6.1)
-
Content-Length: 0
-
Authorization: Digest
realm="domain", nonce="6A+A3AAAAADFAugGAAA3vjVKJP",
algorithm=MD5, opaque="+GNywA==", username="ext",
uri="sip:domain",
response="315faa16295c9840f4adca598c6ff2fd",
cnonce="893K~-rnfCLp2cWq", nc=00000001, qop=auth
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module
DoSProtection
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module
SanityChecker
- Mar 24
16:36:40 flex-server flexisip[3536]: Skipping onRequest() on module
GarbageIn
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module NatHelper
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module
Authentication
- Mar 24
16:36:40 flex-server flexisip[3536]: New IncomingTransaction 0xbbbaa8
- Mar 24
16:36:40 flex-server flexisip[3536]: nta_incoming_create: created incoming
transaction 0xbbbb30
- Mar 24
16:36:40 flex-server flexisip[3536]: Searching for auth digest response
for this proxy
- Mar 24
16:36:40 flex-server flexisip[3536]: auth_digest_response_get: 12
- Mar 24
16:36:40 flex-server flexisip[3536]: Examining auth digest response ext
domain
- Mar 24
16:36:40 flex-server flexisip[3536]: Expected realm found : domain
- Mar 24
16:36:40 flex-server flexisip[3536]: auth_digest_response_get: 12
- Mar 24
16:36:40 flex-server flexisip[3536]: Using auth digest response for realm
domain
- Mar 24
16:36:40 flex-server flexisip[3536]: Updating nonce
6A+A3AAAAADFAugGAAA3vjVKJP with nc=1
- Mar 24
16:36:40 flex-server flexisip[3536]: Suspend SipEvent 0xbba3d8
- Mar 24
16:36:40 flex-server flexisip[3536]: tport(0xa3d780): set timer at 1799972
ms because keepalive
- Mar 24
16:36:40 flex-server flexisip[3536]: auth_digest_ha1() has A1 = MD5(ext:domain:*******)
= 2746f0bc9cf968ae805e481cf5d09886
- Mar 24
16:36:40 flex-server flexisip[3536]: A2 = MD5(REGISTER:sip:domain)
- Mar 24
16:36:40 flex-server flexisip[3536]: auth_response:
315faa16295c9840f4adca598c6ff2fd = MD5(2746f0bc9cf968ae805e481cf5d09886:6A+A3AAAAADFAugGAAA3vjVKJP:00000001:893K~-rnfCLp2cWq:auth:5970a4030e02b82303635b8891602e55)
(qop=auth)
- Mar 24
16:36:40 flex-server flexisip[3536]: auth_method_digest: successful
authentication
- Mar 24
16:36:40 flex-server flexisip[3536]: auth_digest_response_get: 12
- Mar 24
16:36:40 flex-server flexisip[3536]: Examining auth digest response ext
domain
- Mar 24
16:36:40 flex-server flexisip[3536]: Expected realm found : domain
I
also have the register module configured to proxy to a back-end server and have
the Route module set to my back-end server. On successful auth, flexisip is
properly sending the register on to my back end server:
-
- Mar 24
16:36:40 flex-server flexisip[3536]: Inject Request SIP message:
-
REGISTER sip:domain
SIP/2.0
-
Via: SIP/2.0/TCP
x.y.z.a:41899;alias;branch=z9hG4bK.PRoHn1Ff5;rport=33320;received=a.b.c.d
-
From:
<sip:address@hidden>;tag=untdbt5Zj
-
To: sip:address@hidden
-
CSeq: 21 REGISTER
-
Call-ID: 8qIXZtqI1L
-
Max-Forwards: 70
-
Supported: replaces,
outbound
-
Accept: application/sdp,
text/plain, application/vnd.gsma.rcs-ft-http+xml
-
Contact:
<sip:address@hidden:33320;app-id=id;pn-type=firebase;pn-tok=token;transport=tcp>;+sip.instance="<urn:uuid:uuid>"
-
Expires: 3600
-
User-Agent:
LinphoneAndroid/3.2.5 (belle-sip/1.6.1)
-
Content-Length: 0
- Mar 24
16:36:40 flex-server flexisip[3536]: Restart SipEvent 0xbba3d8
- Mar 24
16:36:40 flex-server flexisip[3536]: Injecting request event after
Authentication
- Mar 24
16:36:40 flex-server flexisip[3536]: Skipping onRequest() on module
Redirect
- Mar 24
16:36:40 flex-server flexisip[3536]: Skipping onRequest() on module
GatewayAdapter
- Mar 24
16:36:40 flex-server flexisip[3536]: Skipping onRequest() on module
Presence
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module
Registrar
- Mar 24
16:36:40 flex-server flexisip[3536]: Path added to:
sip:w.x.y.z:5060;transport=tcp;lr
- Mar 24
16:36:40 flex-server flexisip[3536]: Replying Request SIP message: 100
Trying
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_tsend(0xa3d780) tpn =
TCP/a.b.c.d:33320
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_vsend returned 321
- Mar 24
16:36:40 flex-server flexisip[3536]: tport(0xa3d780): set timer at 1800000
ms because keepalive
- Mar 24
16:36:40 flex-server flexisip[3536]: nta: sent 100 Trying for REGISTER
(21)
- Mar 24
16:36:40 flex-server flexisip[3536]: New OutgoingTransaction 0xbbe338
- Mar 24
16:36:40 flex-server flexisip[3536]: Contacts
:<sip:address@hidden:33320;app-id=appid;pn-type=firebase;pn-tok=token;transport=tcp>;+sip.instance="<urn:uuid:uuid>"
- Mar 24
16:36:40 flex-server flexisip[3536]: Removed instance and push params:
-
<sip:address@hidden:33320;transport=tcp>;+sip.instance="<urn:uuid:uuid>"
- Mar 24
16:36:40 flex-server flexisip[3536]: Removed paths
- Mar 24
16:36:40 flex-server flexisip[3536]: Skipping onRequest() on module
StatisticsCollector
- Mar 24
16:36:40 flex-server flexisip[3536]: Skipping onRequest() on module
ContactRouteInserter
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module Router
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module
PushNotification
- Mar 24
16:36:40 flex-server flexisip[3536]: Skipping onRequest() on module
LoadBalancer
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module
MediaRelay
- Mar 24
16:36:40 flex-server flexisip[3536]: Skipping onRequest() on module
Transcoder
- Mar 24
16:36:40 flex-server flexisip[3536]: Invoking onRequest() on module
Forward
- Mar 24
16:36:40 flex-server flexisip[3536]: Found back-end-server in /etc/hosts
- Mar 24
16:36:40 flex-server flexisip[3536]: tport: not found from primary 0xa33cc0,
trying another one...*/g.h.i.j:5060
- Mar 24
16:36:40 flex-server flexisip[3536]: tport: not found from primary
0xa34820, trying another one...*/g.h.i.j:5060
- Mar 24
16:36:40 flex-server flexisip[3536]: Path added to: sip:w.x.y.z:5060;fs-proxy-id=1d3e543c35a762d1;lr
- Mar 24
16:36:40 flex-server flexisip[3536]: Sending Request SIP message to
sip:g.h.i.j:5060
-
REGISTER
sip:back-end-server:5060 SIP/2.0
-
Via: SIP/2.0/TCP
x.y.z.a:41899;alias;branch=z9hG4bK.PRoHn1Ff5;rport=33320;received=a.b.c.d
-
From:
<sip:address@hidden>;tag=untdbt5Zj
-
To: sip:address@hidden
-
CSeq: 21 REGISTER
-
Call-ID: 8qIXZtqI1L
-
Max-Forwards: 69
-
Supported: replaces,
outbound
-
Accept: application/sdp,
text/plain, application/vnd.gsma.rcs-ft-http+xml
-
Contact:
<sip:address@hidden:33320;transport=tcp>;+sip.instance="<urn:uuid:uuid>"
-
Expires: 3600
-
User-Agent:
LinphoneAndroid/3.2.5 (belle-sip/1.6.1)
-
Content-Length: 0
-
Path:
<sip:w.x.y.z:5060;fs-proxy-id=1d3e543c35a762d1;lr>
- Mar 24
16:36:40 flex-server flexisip[3536]: Message is sent through an outgoing
transaction.
- Mar 24
16:36:40 flex-server flexisip[3536]: nta: selecting scheme sip
- Mar 24
16:36:40 flex-server flexisip[3536]: tport: not found from primary
0xa33cc0, trying another one...udp/g.h.i.j:5060
- Mar 24
16:36:40 flex-server flexisip[3536]: tport: not found from primary
0xa34820, trying another one...udp/g.h.i.j:5060
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_tsend(0xa33cc0) tpn =
udp/g.h.i.j:5060
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_resolve addrinfo = g.h.i.j:5060
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_by_addrinfo(0xa33cc0): not
found by name udp/g.h.i.j:5060
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_vsend returned 764
- Mar 24
16:36:40 flex-server flexisip[3536]: nta: sent REGISTER (21) to
udp/g.h.i.j:5060
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_pend(0xa33cc0): pending
0xbb7600 for udp/w.x.y.z:5060 (already 0)
- Mar 24
16:36:40 flex-server flexisip[3536]: Terminate SipEvent 0xbba3d8
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_wakeup_pri(0xa33cc0): events IN
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_recv_event(0xa33cc0)
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_recv_iovec(0xa33cc0) msg
0xbbfb80 from (udp/w.x.y.z:5060) has 500 bytes, veclen = 1
- Mar 24
16:36:40 flex-server flexisip[3536]: tport_deliver(0xa33cc0): msg 0xbbfb80
(500 bytes) from udp/g.h.i.j:5060 next=(nil)
My
problem is that the back end server (as it should) challenges this proxied
register with a 407 and flexisip does not pass along auth. In the Auth module I
have tried setting new-auth-on-407 to both true and false, but in neither
condition will it respond to the challenge; it just feeds it back to my client
(in this case the Linphone Android app), who ignores it.
·
Mar 24 16:36:42 flex-server flexisip[3536]:
tport_wakeup_pri(0xa33cc0): events IN
·
Mar 24 16:36:42 flex-server flexisip[3536]:
tport_recv_event(0xa33cc0)
·
Mar 24 16:36:42 flex-server flexisip[3536]:
tport_recv_iovec(0xa33cc0) msg 0xbc5db0 from (udp/w.x.y.z:5060) has 500 bytes,
veclen = 1
·
Mar 24 16:36:42 flex-server flexisip[3536]:
tport_deliver(0xa33cc0): msg 0xbc5db0 (500 bytes) from udp/g.h.i.j:5060
next=(nil)
·
Mar 24 16:36:42 flex-server flexisip[3536]:
nta: received 407 Proxy Authentication Required for REGISTER (21)
·
Mar 24 16:36:42 flex-server flexisip[3536]:
nta: 407 Proxy Authentication Required is going to a transaction
·
Mar 24 16:36:42 flex-server flexisip[3536]:
nta_outgoing: RTT is 91.146 ms
·
Mar 24 16:36:42 flex-server flexisip[3536]:
tport_release(0xa33cc0): 0xbbd970 by 0xbc4f60 with 0xbc5db0
·
Mar 24 16:36:42 flex-server flexisip[3536]:
OutgoingTransaction callback 0xbc4568
·
Mar 24 16:36:42 flex-server flexisip[3536]:
New SipEvent 0xbc6618 - 0xbc5db0
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Receiving new Response SIP message: 407
§ SIP/2.0
407 Proxy Authentication Required
§ Proxy-Authenticate:
Digest realm="domain",
nonce="bc10251a309c626012fec3668e5e01fb"
§ Via:
SIP/2.0/UDP
w.x.y.z;rport;branch=z9hG4bK.F2FB2SvD9FDcj2ryBrjHjZU82e;received=w.x.y.z
§ Via:
SIP/2.0/TCP
x.y.z.a:41899;alias;branch=z9hG4bK.HLB-HTOST;rport=33320;received=a.b.c.d
§ To:
<sip:address@hidden>
§ From:
<sip:address@hidden>;tag=3vuvioXsa
§ Call-ID:
RaqxKK1GIB
§ CSeq:
21 REGISTER
§ Content-Length:
0
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Invoking onResponse() on module DoSProtection
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Invoking onResponse() on module SanityChecker
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Skipping onResponse() on module GarbageIn
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Invoking onResponse() on module NatHelper
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Invoking onResponse() on module Authentication
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Skipping onResponse() on module Redirect
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Skipping onResponse() on module GatewayAdapter
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Skipping onResponse() on module Presence
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Invoking onResponse() on module Registrar
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Skipping onResponse() on module StatisticsCollector
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Skipping onResponse() on module ContactRouteInserter
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Invoking onResponse() on module Router
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Invoking onResponse() on module PushNotification
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Skipping onResponse() on module LoadBalancer
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Invoking onResponse() on module MediaRelay
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Skipping onResponse() on module Transcoder
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Invoking onResponse() on module Forward
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Sending response: (via popped)
§ SIP/2.0
407 Proxy Authentication Required
§ Proxy-Authenticate:
Digest realm="domain",
nonce="bc10251a309c626012fec3668e5e01fb"
§ Via:
SIP/2.0/TCP
x.y.z.a:41899;alias;branch=z9hG4bK.HLB-HTOST;rport=33320;received=a.b.c.d
§ To:
<sip:address@hidden>
§ From:
<sip:address@hidden>;tag=3vuvioXsa
§ Call-ID:
RaqxKK1GIB
§ CSeq:
21 REGISTER
§ Content-Length:
0
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Response is sent through an incoming transaction.
·
Mar 24 16:36:42 flex-server flexisip[3536]:
tport_tsend(0xa3d780) tpn = TCP/a.b.c.d:33320
·
Mar 24 16:36:42 flex-server flexisip[3536]:
tport_vsend returned 399
·
Mar 24 16:36:42 flex-server flexisip[3536]:
tport(0xa3d780): set timer at 1800000 ms because keepalive
·
Mar 24 16:36:42 flex-server flexisip[3536]:
nta: sent 407 Proxy Authentication Required for REGISTER (21)
·
Mar 24 16:36:42 flex-server flexisip[3536]:
nta: incoming_free(0xbc0400)
·
Mar 24 16:36:42 flex-server flexisip[3536]:
incoming_reclaim: 0xbc0400
·
Mar 24 16:36:42 flex-server flexisip[3536]:
nta_incoming_destroy: 0xbc0400
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Terminate SipEvent 0xbc6618
·
Mar 24 16:36:42 flex-server flexisip[3536]:
tport(0xa3d780): set timer at 1799999 ms because keepalive
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Delete IncomingTransaction 0xbc0378
·
Mar 24 16:36:42 flex-server flexisip[3536]:
Delete OutgoingTransaction 0xbc4568
How
do I get Flexisip to properly respond to this challenge? Does anyone have a
primer for setting up the front-end / back-end?