Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[Freeswitch-users] Freeswitch optimization as a registrar - a cute hack


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users
View previous topic :: View next topic  
Author Message
dyfet at gnutelephony.org
Guest
PostPosted: Tue Dec 30, 2008 4:51 pm    Post subject: [Freeswitch-users] Freeswitch optimization as a registrar - Reply with quote
I actually have found an alternate approach that we optionally use in
sipwitch. Basically, sipwitch can be set to recognize a "trusted"
subnet, and automatically accepts a refresh from any actively registered
ua on the trusted subnet(s) without requesting an authentication
challenge, so long as the ua refreshes from the same sip port and ip
address it originally registered and authenticated from. It will also
do the same for invites and other otherwise "authentication challenge"
sip requests that can originate from ua's on the trusted subnet(s).

Using this option of course kills any ability to proxy register multiple
ua's through another sip server, although this can be solved by
recognizing certain id's as explicitly not trustable. However, for most
common configurations and use cases, it works very well and does
effectively halve sip network traffic Smile.

Michael Giagnocavo wrote:
Quote:
Quote:
Quote:
This is
because the ua sends it's registration refresh unauthenticated. The
registrar will then push back an authentication challenge request so the
ua can prove its identity, at which point the ua then repeats the same
transaction, but with authentication credentials attached.
Why does it do that? Every time I do a debug, I see the first request
denied as unauthorized and then it always comes right back and gets

Welcome to HTTP Digest authentication. The request has to get challenged to get a new nonce from the server (so as to mitigate replay attacks).

You could TLS and auth off of the client cert, except few devices support that, and you'd have the "overhead" of TCP (which is like bad or something).

-Michael

_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services