SIP服務器中的驗證問題

我能夠與Intranet SIP服務器進行通信，並且能夠正常進行文字聊天/視頻&音頻聊天。但是當我將相同的設置移到centOS專用服務器和ubuntu服務器上的公共域時，它根本無法工作。SIP服務器中的驗證問題

我在幾乎四臺服務器上嘗試了相同的設置，SIP服務器運行良好，我無法從用戶身份驗證，並且下面涉嫌授權問題。請指教，如果別的：

--------------------------------------------------------------------------------------------------------------------------- 
[email protected]:/home/ubuntu# netstat -lnptu 
Active Internet connections (only servers) 
Proto Recv-Q Send-Q Local Address   Foreign Address   State  PID/Program name 
tcp  0  0 10.130.137.143:5060  0.0.0.0:*    LISTEN  1588/kamailio 
tcp  0  0 127.0.0.1:5060   0.0.0.0:*    LISTEN  1588/kamailio 
tcp  0  0 127.0.0.1:3306   0.0.0.0:*    LISTEN  752/mysqld 
tcp  0  0 0.0.0.0:22    0.0.0.0:*    LISTEN  628/sshd 
tcp6  0  0 :::22     :::*     LISTEN  628/sshd 
udp  0  0 10.130.137.143:5060  0.0.0.0:*       1566/kamailio 
udp  0  0 127.0.0.1:5060   0.0.0.0:*       1566/kamailio 
udp  0  0 0.0.0.0:68    0.0.0.0:*       421/dhclient3 

----------------------------------------------------------------------------------------------------------------------------- 
[email protected]:/home/ubuntu# ngrep -p -q -W byline port 5060 
interface: eth0 (10.130.137.0/255.255.255.0) 
filter: (ip or ip6) and (port 5060) 

U 182.65.181.3:5060 -> 10.130.137.143:5060 
REGISTER sip:54.251.243.10 SIP/2.0. 
Call-ID: [email protected]:0:0:0:0:0:0:0. 
CSeq: 1 REGISTER. 
From: "vijay" <sip:[email protected]>;tag=f5fcb710. 
To: "vijay" <sip:[email protected]>. 
Via: SIP/2.0/UDP 192.168.0.107:5060;branch=z9hG4bK-393933-ffcd7de8d4032279df0bf50bc606776c. 
Max-Forwards: 70. 
User-Agent: Jitsi2.2.4603.9615Windows 7. 
Expires: 600. 
Contact: "vijay" <sip:[email protected]:5060;transport=udp;registering_acc=54_251_243_10>;expires=600. 
Content-Length: 0. 
. 


U 10.130.137.143:5060 -> 182.65.181.3:5060 
SIP/2.0 401 Unauthorized. 
Call-ID: [email protected]:0:0:0:0:0:0:0. 
CSeq: 1 REGISTER. 
From: "vijay" <sip:[email protected]>;tag=f5fcb710. 
To: "vijay" <sip:[email protected]>;tag=b27e1a1d33761e85846fc98f5f3a7e58.6006. 
Via: SIP/2.0/UDP 192.168.0.107:5060;branch=z9hG4bK-393933-ffcd7de8d4032279df0bf50bc606776c;received=182.65.181.3. 
WWW-Authenticate: Digest realm="54.251.243.10", nonce="UfX6g1H1+Vf1PJF95KZYQuU+RvZsHV6u". 
Server: kamailio (4.0.2 (x86_64/linux)). 
Content-Length: 0. 
. 


U 182.65.181.3:5060 -> 10.130.137.143:5060 
REGISTER sip:54.251.243.10 SIP/2.0. 
Call-ID: [email protected]:0:0:0:0:0:0:0. 
CSeq: 2 REGISTER. 
From: "vijay" <sip:[email protected]>;tag=f5fcb710. 
To: "vijay" <sip:[email protected]>. 
Max-Forwards: 70. 
User-Agent: Jitsi2.2.4603.9615Windows 7. 
Expires: 600. 
Contact: "vijay" <sip:[email protected]:5060;transport=udp;registering_acc=54_251_243_10>;expires=600. 
Via: SIP/2.0/UDP 192.168.0.107:5060;branch=z9hG4bK-393933-dd9c63d103bebfec91b34722d0df1607. 
Authorization: Digest username="vijay",realm="54.251.243.10",nonce="UfX6g1H1+Vf1PJF95KZYQuU+RvZsHV6u",uri="sip:54.251.243.10",response="25f103c48f491c3d9c274088b5efcfa0". 
Content-Length: 0. 
. 


U 10.130.137.143:5060 -> 182.65.181.3:5060 
SIP/2.0 403 Not relaying. 
Call-ID: [email protected]:0:0:0:0:0:0:0. 
CSeq: 2 REGISTER. 
From: "vijay" <sip:[email protected]>;tag=f5fcb710. 
To: "vijay" <sip:[email protected]>;tag=b27e1a1d33761e85846fc98f5f3a7e58.ff09. 
Via: SIP/2.0/UDP 192.168.0.107:5060;branch=z9hG4bK-393933-dd9c63d103bebfec91b34722d0df1607;received=182.65.181.3. 
Server: kamailio (4.0.2 (x86_64/linux)). 
Content-Length: 0. 
. 


U 182.65.181.3:5060 -> 10.130.137.143:5060 
REGISTER sip:54.251.243.10 SIP/2.0. 
Call-ID: [email protected]:0:0:0:0:0:0:0. 
CSeq: 3 REGISTER. 
From: "vijay" <sip:[email protected]>;tag=f5fcb710. 
To: "vijay" <sip:[email protected]>. 
Max-Forwards: 70. 
User-Agent: Jitsi2.2.4603.9615Windows 7. 
Expires: 600. 
Contact: "vijay" <sip:[email protected]:5060;transport=udp;registering_acc=54_251_243_10>;expires=600. 
Via: SIP/2.0/UDP 192.168.0.107:5060;branch=z9hG4bK-393933-630ada674eec24c25e106288f1de871f. 
Content-Length: 0. 
. 


U 10.130.137.143:5060 -> 182.65.181.3:5060 
SIP/2.0 401 Unauthorized. 
Call-ID: [email protected]:0:0:0:0:0:0:0. 
CSeq: 3 REGISTER. 
From: "vijay" <sip:[email protected]>;tag=f5fcb710. 
To: "vijay" <sip:[email protected]>;tag=b27e1a1d33761e85846fc98f5f3a7e58.90cb. 
Via: SIP/2.0/UDP 192.168.0.107:5060;branch=z9hG4bK-393933-630ada674eec24c25e106288f1de871f;received=182.65.181.3. 
WWW-Authenticate: Digest realm="54.251.243.10", nonce="UfX6i1H1+V++hTJe2yLYBqYaqRF7F5Xo". 
Server: kamailio (4.0.2 (x86_64/linux)). 
Content-Length: 0. 
---------------------------------------------------------------------------------------------------------------------------- 
I enabled the dubug mode and error message is 

17(1588) DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89cca0, 27, 3, 0x7f46bd3c57b0), fd_no=19 
17(1588) DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89cca0, 29, 3, 0x7f46bd3c57d0), fd_no=20 
17(1588) DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89cca0, 31, 3, 0x7f46bd3c57f0), fd_no=21 
8(1575) DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request: 
8(1575) DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <REGISTER> 
8(1575) DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri:  <sip:54.251.243.10> 
8(1575) DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version: <SIP/2.0> 
8(1575) DEBUG: <core> [parser/msg_parser.c:170]: get_hdr_field(): get_hdr_field: cseq <CSeq>: <1> <REGISTER> 
8(1575) DEBUG: <core> [parser/parse_to.c:799]: parse_to(): end of header reached, state=10 
8(1575) DEBUG: <core> [parser/msg_parser.c:190]: get_hdr_field(): DEBUG: get_hdr_field: <To> [35]; uri=[sip:[email protected]] 
8(1575) DEBUG: <core> [parser/msg_parser.c:192]: get_hdr_field(): DEBUG: to body ["vijay" <sip:[email protected]> 
] 
8(1575) DEBUG: <core> [parser/parse_via.c:1284]: parse_via_param(): Found param type 232, <branch> = <z9hG4bK-393933-ffcd7de8d4032279df0bf50bc606776c>; state=16 
8(1575) DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header reached, state=5 
8(1575) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers(): parse_headers: Via found, flags=2 
8(1575) DEBUG: <core> [parser/msg_parser.c:515]: parse_headers(): parse_headers: this is the first via 
8(1575) DEBUG: <core> [receive.c:149]: receive_msg(): After parse_msg... 
8(1575) DEBUG: <core> [receive.c:190]: receive_msg(): preparing to run routing scripts... 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=464 a=5 n=route 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=574 a=16 n=if 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=569 a=25 n=mf_process_maxfwd_header 
8(1575) DEBUG: maxfwd [mf_funcs.c:85]: is_maxfwd_present(): value = 70 
8(1575) DEBUG: maxfwd [maxfwd.c:161]: process_maxfwd_header(): value 70 decreased to 16 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=579 a=16 n=if 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=574 a=26 n=sanity_check 
8(1575) DEBUG: <core> [parser/msg_parser.c:204]: get_hdr_field(): DEBUG: get_hdr_body : content_length=0 
8(1575) DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of header 
8(1575) DEBUG: <core> [parser/parse_to.c:176]: parse_to_param(): DEBUG: add_param: tag=f5fcb710 
8(1575) DEBUG: <core> [parser/parse_to.c:799]: parse_to(): end of header reached, state=29 
8(1575) DEBUG: sanity [mod_sanity.c:255]: w_sanity_check(): sanity checks result: 1 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=467 a=5 n=route 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=767 a=2 n=return 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=479 a=16 n=if 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=470 a=25 n=is_method 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=479 a=5 n=route 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=623 a=16 n=if 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=583 a=24 n=has_totag 
8(1575) DEBUG: siputils [checks.c:103]: has_totag(): no totag 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=483 a=24 n=t_check_trans 
8(1575) DEBUG: tm [t_lookup.c:1095]: t_check_msg(): DEBUG: t_check_msg: msg id=1 global id=0 T start=0xffffffffffffffff 
8(1575) DEBUG: tm [t_lookup.c:534]: t_lookup_request(): t_lookup_request: start searching: hash=38419, isACK=0 
8(1575) DEBUG: tm [t_lookup.c:492]: matching_3261(): DEBUG: RFC3261 transaction matching failed 
8(1575) DEBUG: tm [t_lookup.c:716]: t_lookup_request(): DEBUG: t_lookup_request: no transaction found 
8(1575) DEBUG: tm [t_lookup.c:1164]: t_check_msg(): DEBUG: t_check_msg: msg id=1 global id=1 T end=(nil) 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=744 a=16 n=if 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=731 a=25 n=is_method 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=739 a=16 n=if 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=734 a=27 n=auth_check 
8(1575) DEBUG: auth_db [authorize.c:476]: auth_check(): realm [54.251.243.10] table [subscriber] flags [1] 
8(1575) DEBUG: auth [api.c:86]: pre_auth(): auth:pre_auth: Credentials with realm '54.251.243.10' not found 
8(1575) DEBUG: auth_db [authorize.c:252]: digest_authenticate(): no credentials 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=735 a=26 n=auth_challenge 
8(1575) DEBUG: auth [challenge.c:127]: get_challenge_hf(): build_challenge_hf: realm='54.251.243.10' 
8(1575) DEBUG: auth [challenge.c:269]: get_challenge_hf(): auth: 'WWW-Authenticate: Digest realm="54.251.243.10", nonce="UfX6g1H1+Vf1PJF95KZYQuU+RvZsHV6u" 
' 
8(1575) DEBUG: sl [sl.c:289]: send_reply(): reply in stateless mode (sl) 
8(1575) DEBUG: <core> [msg_translator.c:206]: check_via_address(): check_via_address(182.65.181.3, 192.168.0.107, 0) 
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=736 a=2 n=exit 
8(1575) DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil) 
8(1575) DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil) 
8(1575) DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil) 
8(1575) DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil) 
8(1575) DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil) 
8(1575) DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil) 
8(1575) DEBUG: <core> [xavp.c:447]: xavp_destroy_list(): destroying xavp list (nil) 
8(1575) DEBUG: <core> [receive.c:293]: receive_msg(): receive_msg: cleaning up

來源

2013-07-30 2vision2

的SIP響應「403不中繼」被髮送，因爲沒有域的URI中，請求URI是本地IP（或主機名）。出於安全原因，發件人或目的地必須是本地用戶或服務（使用服務器的IP或主機名），否則該實例可用作開放中繼來定位其他主機。

您可以通過kamailio.cfg中的'alias'全局參數或使用域模塊來指定本地域列表。

從您的SIP跟蹤和netstat輸出中，似乎Kamailio正在偵聽10.130.137.143，但From/R-URI域爲54.251.243.10。

如果kamailio在natted服務器上運行，並且通過防火牆從公共ip轉發流量（類似於在Amazon EC2上運行Kamailio類似的東西），那麼您應該在配置中使用advertise for listen參數，如：

listen=udp:10.130.137.143:5060 advertise 54.251.243.10:5060

有關詳細信息，請參閱：

http://www.kamailio.org/wiki/cookbooks/devel/core#listen

來源

2013-08-28 20:30:30 miconda

SIP服務器中的驗證問題

回答

相關問題