I’m using PJSIP. It looks like the "Digest realm=“xxx.xxx.xxx.xxx” part of my outbound authentication challenge can be one of four servers. I cannot figure out a way to have my outbound_auth support multiple realms. (sorry no trace without breaking the system.)
Here’s the auth and endpoint:
[ZZZZZZ]
type=endpoint
transport=transport-udp-nat
context=from-external
disallow=all
allow=ulaw
outbound_auth=sipus_auth
aors=sipus_aor
direct_media=no
from_domain=sip.aserver.com
[sipus_auth]
type=auth
auth_type=userpass
password=xxxxxxxxx
username=xxxxxxxxx
realm=sip.aserver.com
BUT CAN BE ONE OF THESE TOO (I’ve already seen one other)
realm=VVV.CCC.ZZZ.XX0
realm=VVV.CCC.ZZZ.XX1
realm=VVV.CCC.ZZZ.XX2
These are IP addresses published in a “white list”.
So it looks like I need a way to have one auth support three realms.
So a single auth
section can only be the authentication for a single realm. You can, however, define multiple auth
sections and reference those from the endpoint
. The endpoint
will then set multiple credentials on the outbound request. Assuming the system you are talking to will look at each of the authentication credentials and match based on the realm it’s providing, it should then accept the request.
This could be configured as shown:
[ZZZZZZ]
type=endpoint
transport=transport-udp-nat
context=from-external
disallow=all
allow=ulaw
outbound_auth=sipus_auth1,sipus_auth2,sipus_auth3
aors=sipus_aor
direct_media=no
from_domain=sip.aserver.com
[sipus_auth](!)
type=auth
auth_type=userpass
password=xxxxxxxxx
username=xxxxxxxxx
[sipus_auth1](sipus_auth)
realm=xxx.xxx.xxx.xxx
[sipus_auth2](sipus_auth)
realm=yyy.yyy.yyy.yyy
[sipus_auth3](sipus_auth)
realm=zzz.zzz.zzz.zzz
2 Likes
Cool, I shall try and post back.