java - SIP 服务器中的身份验证问题

我能够与内网 SIP 服务器通信，并且能够毫无问题地执行文本聊天/视频和音频聊天。但当我将相同的设置移至 centOS 专用服务器和 ubuntu 服务器上的公共(public)域时，它根本不起作用。

我在几乎四台服务器上尝试了相同的设置，SIP 服务器运行良好，但我无法对用户进行身份验证，下面怀疑是授权问题。如果还有什么请建议:

---------------------------------------------------------------------------------------------------------------------------
root@ip-10-130-137-143:/home/ubuntu# netstat -lnptu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 10.130.137.143:5060     0.0.0.0:*               LISTEN      1588/kamailio
tcp        0      0 127.0.0.1:5060          0.0.0.0:*               LISTEN      1588/kamailio
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      752/mysqld
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      628/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      628/sshd
udp        0      0 10.130.137.143:5060     0.0.0.0:*                           1566/kamailio
udp        0      0 127.0.0.1:5060          0.0.0.0:*                           1566/kamailio
udp        0      0 0.0.0.0:68              0.0.0.0:*                           421/dhclient3

-----------------------------------------------------------------------------------------------------------------------------
root@ip-10-130-137-143:/home/ubuntu# ngrep -p -q -W byline port 5060
interface: eth0 (10.130.137.0/255.255.255.0)
filter: (ip or ip6) and ( port 5060 )

U 182.65.181.3:5060 -> 10.130.137.143:5060
REGISTER sip:54.251.243.10 SIP/2.0.
Call-ID: 01a9d12a1c5a30e472fe6479e8c2fd51@0:0:0:0:0:0:0:0.
CSeq: 1 REGISTER.
From: "vijay" <sip:vijay@54.251.243.10>;tag=f5fcb710.
To: "vijay" <sip:vijay@54.251.243.10>.
Via: SIP/2.0/UDP 192.168.0.107:5060;branch=z9hG4bK-393933-ffcd7de8d4032279df0bf50bc606776c.
Max-Forwards: 70.
User-Agent: Jitsi2.2.4603.9615Windows 7.
Expires: 600.
Contact: "vijay" <sip:vijay@192.168.0.107:5060;transport=udp;registering_acc=54_251_243_10>;expires=600.
Content-Length: 0.
.


U 10.130.137.143:5060 -> 182.65.181.3:5060
SIP/2.0 401 Unauthorized.
Call-ID: 01a9d12a1c5a30e472fe6479e8c2fd51@0:0:0:0:0:0:0:0.
CSeq: 1 REGISTER.
From: "vijay" <sip:vijay@54.251.243.10>;tag=f5fcb710.
To: "vijay" <sip:vijay@54.251.243.10>;tag=b27e1a1d33761e85846fc98f5f3a7e58.6006.
Via: SIP/2.0/UDP 192.168.0.107:5060;branch=z9hG4bK-393933-ffcd7de8d4032279df0bf50bc606776c;received=182.65.181.3.
WWW-Authenticate: Digest realm="54.251.243.10", nonce="UfX6g1H1+Vf1PJF95KZYQuU+RvZsHV6u".
Server: kamailio (4.0.2 (x86_64/linux)).
Content-Length: 0.
.


U 182.65.181.3:5060 -> 10.130.137.143:5060
REGISTER sip:54.251.243.10 SIP/2.0.
Call-ID: 01a9d12a1c5a30e472fe6479e8c2fd51@0:0:0:0:0:0:0:0.
CSeq: 2 REGISTER.
From: "vijay" <sip:vijay@54.251.243.10>;tag=f5fcb710.
To: "vijay" <sip:vijay@54.251.243.10>.
Max-Forwards: 70.
User-Agent: Jitsi2.2.4603.9615Windows 7.
Expires: 600.
Contact: "vijay" <sip:vijay@192.168.0.107:5060;transport=udp;registering_acc=54_251_243_10>;expires=600.
Via: SIP/2.0/UDP 192.168.0.107:5060;branch=z9hG4bK-393933-dd9c63d103bebfec91b34722d0df1607.
Authorization: Digest username="vijay",realm="54.251.243.10",nonce="UfX6g1H1+Vf1PJF95KZYQuU+RvZsHV6u",uri="sip:54.251.243.10",response="25f103c48f491c3d9c274088b5efcfa0".
Content-Length: 0.
.


U 10.130.137.143:5060 -> 182.65.181.3:5060
SIP/2.0 403 Not relaying.
Call-ID: 01a9d12a1c5a30e472fe6479e8c2fd51@0:0:0:0:0:0:0:0.
CSeq: 2 REGISTER.
From: "vijay" <sip:vijay@54.251.243.10>;tag=f5fcb710.
To: "vijay" <sip:vijay@54.251.243.10>;tag=b27e1a1d33761e85846fc98f5f3a7e58.ff09.
Via: SIP/2.0/UDP 192.168.0.107:5060;branch=z9hG4bK-393933-dd9c63d103bebfec91b34722d0df1607;received=182.65.181.3.
Server: kamailio (4.0.2 (x86_64/linux)).
Content-Length: 0.
.


U 182.65.181.3:5060 -> 10.130.137.143:5060
REGISTER sip:54.251.243.10 SIP/2.0.
Call-ID: 01a9d12a1c5a30e472fe6479e8c2fd51@0:0:0:0:0:0:0:0.
CSeq: 3 REGISTER.
From: "vijay" <sip:vijay@54.251.243.10>;tag=f5fcb710.
To: "vijay" <sip:vijay@54.251.243.10>.
Max-Forwards: 70.
User-Agent: Jitsi2.2.4603.9615Windows 7.
Expires: 600.
Contact: "vijay" <sip:vijay@192.168.0.107:5060;transport=udp;registering_acc=54_251_243_10>;expires=600.
Via: SIP/2.0/UDP 192.168.0.107:5060;branch=z9hG4bK-393933-630ada674eec24c25e106288f1de871f.
Content-Length: 0.
.


U 10.130.137.143:5060 -> 182.65.181.3:5060
SIP/2.0 401 Unauthorized.
Call-ID: 01a9d12a1c5a30e472fe6479e8c2fd51@0:0:0:0:0:0:0:0.
CSeq: 3 REGISTER.
From: "vijay" <sip:vijay@54.251.243.10>;tag=f5fcb710.
To: "vijay" <sip:vijay@54.251.243.10>;tag=b27e1a1d33761e85846fc98f5f3a7e58.90cb.
Via: SIP/2.0/UDP 192.168.0.107:5060;branch=z9hG4bK-393933-630ada674eec24c25e106288f1de871f;received=182.65.181.3.
WWW-Authenticate: Digest realm="54.251.243.10", nonce="UfX6i1H1+V++hTJe2yLYBqYaqRF7F5Xo".
Server: kamailio (4.0.2 (x86_64/linux)).
Content-Length: 0.
----------------------------------------------------------------------------------------------------------------------------
I enabled the dubug mode and error message is 

17(1588) DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89cca0, 27, 3, 0x7f46bd3c57b0), fd_no=19
17(1588) DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89cca0, 29, 3, 0x7f46bd3c57d0), fd_no=20
17(1588) DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89cca0, 31, 3, 0x7f46bd3c57f0), fd_no=21
8(1575) DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
8(1575) DEBUG: <core> [parser/msg_parser.c:625]: parse_msg():  method:  <REGISTER>
8(1575) DEBUG: <core> [parser/msg_parser.c:627]: parse_msg():  uri:     <sip:54.251.243.10>
8(1575) DEBUG: <core> [parser/msg_parser.c:629]: parse_msg():  version: <SIP/2.0>
8(1575) DEBUG: <core> [parser/msg_parser.c:170]: get_hdr_field(): get_hdr_field: cseq <CSeq>: <1> <REGISTER>
8(1575) DEBUG: <core> [parser/parse_to.c:799]: parse_to(): end of header reached, state=10
8(1575) DEBUG: <core> [parser/msg_parser.c:190]: get_hdr_field(): DEBUG: get_hdr_field: <To> [35]; uri=[sip:vijay@54.251.243.10]
8(1575) DEBUG: <core> [parser/msg_parser.c:192]: get_hdr_field(): DEBUG: to body ["vijay" <sip:vijay@54.251.243.10>
]
8(1575) DEBUG: <core> [parser/parse_via.c:1284]: parse_via_param(): Found param type 232, <branch> = <z9hG4bK-393933-ffcd7de8d4032279df0bf50bc606776c>; state=16
8(1575) DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header reached, state=5
8(1575) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers(): parse_headers: Via found, flags=2
8(1575) DEBUG: <core> [parser/msg_parser.c:515]: parse_headers(): parse_headers: this is the first via
8(1575) DEBUG: <core> [receive.c:149]: receive_msg(): After parse_msg...
8(1575) DEBUG: <core> [receive.c:190]: receive_msg(): preparing to run routing scripts...
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=464 a=5 n=route
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=574 a=16 n=if
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=569 a=25 n=mf_process_maxfwd_header
8(1575) DEBUG: maxfwd [mf_funcs.c:85]: is_maxfwd_present(): value = 70
8(1575) DEBUG: maxfwd [maxfwd.c:161]: process_maxfwd_header(): value 70 decreased to 16
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=579 a=16 n=if
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=574 a=26 n=sanity_check
8(1575) DEBUG: <core> [parser/msg_parser.c:204]: get_hdr_field(): DEBUG: get_hdr_body : content_length=0
8(1575) DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of header
8(1575) DEBUG: <core> [parser/parse_to.c:176]: parse_to_param(): DEBUG: add_param: tag=f5fcb710
8(1575) DEBUG: <core> [parser/parse_to.c:799]: parse_to(): end of header reached, state=29
8(1575) DEBUG: sanity [mod_sanity.c:255]: w_sanity_check(): sanity checks result: 1
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=467 a=5 n=route
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=767 a=2 n=return
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=479 a=16 n=if
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=470 a=25 n=is_method
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=479 a=5 n=route
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=623 a=16 n=if
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=583 a=24 n=has_totag
8(1575) DEBUG: siputils [checks.c:103]: has_totag(): no totag
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=483 a=24 n=t_check_trans
8(1575) DEBUG: tm [t_lookup.c:1095]: t_check_msg(): DEBUG: t_check_msg: msg id=1 global id=0 T start=0xffffffffffffffff
8(1575) DEBUG: tm [t_lookup.c:534]: t_lookup_request(): t_lookup_request: start searching: hash=38419, isACK=0
8(1575) DEBUG: tm [t_lookup.c:492]: matching_3261(): DEBUG: RFC3261 transaction matching failed
8(1575) DEBUG: tm [t_lookup.c:716]: t_lookup_request(): DEBUG: t_lookup_request: no transaction found
8(1575) DEBUG: tm [t_lookup.c:1164]: t_check_msg(): DEBUG: t_check_msg: msg id=1 global id=1 T end=(nil)
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=744 a=16 n=if
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=731 a=25 n=is_method
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=739 a=16 n=if
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=734 a=27 n=auth_check
8(1575) DEBUG: auth_db [authorize.c:476]: auth_check(): realm [54.251.243.10] table [subscriber] flags [1]
8(1575) DEBUG: auth [api.c:86]: pre_auth(): auth:pre_auth: Credentials with realm '54.251.243.10' not found
8(1575) DEBUG: auth_db [authorize.c:252]: digest_authenticate(): no credentials
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=735 a=26 n=auth_challenge
8(1575) DEBUG: auth [challenge.c:127]: get_challenge_hf(): build_challenge_hf: realm='54.251.243.10'
8(1575) DEBUG: auth [challenge.c:269]: get_challenge_hf(): auth: 'WWW-Authenticate: Digest realm="54.251.243.10", nonce="UfX6g1H1+Vf1PJF95KZYQuU+RvZsHV6u"
'
8(1575) DEBUG: sl [sl.c:289]: send_reply(): reply in stateless mode (sl)
8(1575) DEBUG: <core> [msg_translator.c:206]: check_via_address(): check_via_address(182.65.181.3, 192.168.0.107, 0)
8(1575) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=736 a=2 n=exit
8(1575) DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)
8(1575) DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)
8(1575) DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)
8(1575) DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)
8(1575) DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)
8(1575) DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)
8(1575) DEBUG: <core> [xavp.c:447]: xavp_destroy_list(): destroying xavp list (nil)
8(1575) DEBUG: <core> [receive.c:293]: receive_msg(): receive_msg: cleaning up

最佳答案

发送 SIP 响应“403 Not Relaying”，因为 From URI 和请求 URI 中的域都不是本地 IP(或主机名)。出于安全原因，发送方或目标必须是本地用户或服务(使用服务器的 IP 或主机名)，否则该实例可用作开放中继以定位其他主机。

您可以通过 kamailio.cfg 中的“alias”全局参数或使用域模块指定本地域列表。

从您的 SIP 跟踪和 netstat 输出来看，Kamailio 似乎正在监听 10.130.137.143，但 From/R-URI 域是 54.251.243.10。

如果 kamailio 在 natted 服务器上运行，并且流量通过防火墙从公共(public) IP 转发(类似于在 Amazon EC2 上运行 Kamailio)，那么您应该在配置中使用advertise 来监听参数，例如:

listen=udp:10.130.137.143:5060 advertise 54.251.243.10:5060

更多详情请参见:

http://www.kamailio.org/wiki/cookbooks/devel/core#listen

关于java - SIP 服务器中的身份验证问题，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/17938331/

java - SIP 服务器中的身份验证问题

上一篇：java - 从.net dll创建java的.dll文件

下一篇：java - 使用 DOM4J 解析 XML 文件