On Sat, Jul 24, 2010 at 12:30 PM, Ryan Wagoner <rswago...@gmail.com> wrote:
> On Sat, Jul 24, 2010 at 12:07 PM, Ryan Wagoner <rswago...@gmail.com> wrote:
>> I haven't been successful in getting this to work. The issue looks to
>> be that Asterisk is wanting peer authentication for the invite request
>> as it sends back 401 Unauthorized.  I am using FreePBX 2.7 and have
>> tested both Asterisk 1.6.1.18 and 1.6.2.9. My trunk settings are
>>
>> type=peer
>> transport=tcp
>> qualify=yes
>> insecure=port,invite
>> host=10.10.1.31
>> context=from-internal
>>
>> Here is snippets of the SIP debug output. I added in the debug "Peer
>> has insecure flags" to see what was happening.
>>
>> INVITE sip:2...@voip.mydomain.net;user=phone SIP/2.0
>> FROM: 
>> ""<sip:2...@exch.testdev.local;user=phone>;epid=079E8F8013;tag=849256682
>> TO: <sip:2...@voip.mydomain.net;user=phone>
>> ...
>> Sending to 10.10.1.31 : 19219 (no NAT)
>> Using INVITE request as basis request - 5c97e0f0-5456-4b82-a7f4-e7f2adeba338
>> Found peer '2001' for '2001' from 10.10.1.31:19219
>> Peer has insecure flags no
>>
>> SIP/2.0 401 Unauthorized
>>
>> Due to Exchange making the call from / to the same valid extension
>> Asterisk is wanting authentication for the 2001. I thought by using
>> host and insecure in the trunk settings if the from address matched
>> the host it would use that as the peer. Alternatively I couldn't find
>> the option to tell Exchange to make the call from a different
>> extension. In looking at an anonymous call Asterisk doesn't have a
>> peer for the from number so it looks in from-sip-external.
>>
>> INVITE sip:1112223...@voip.mydomain.net SIP/2.0
>> From: "1112223333" <sip:1112223...@voip.remotedomain.com>;tag=as1c8404f3
>> To: <sip:2223334...@voip.mydomain.net>
>> ...
>> Sending to xxx.xxx.xxx.xxx : 5060 (no NAT)
>> Using INVITE request as basis request -
>> 29989544375bf8a162da163d1d9df...@voip.remotedomain.com
>> No matching peer for '1112223333' from 'xxx.xxx.xxx.xxx:5060'
>> Looking for 2223334444 in from-sip-external (domain voip.mydomain.net)
>>
>> Thanks,
>> Ryan
>>
>
> Looks like I just answered my own question. You can't have a device
> that matches the user extension. With it configured like this the
> invite from won't match a SIP peer and it will default to IP lookup.
>
> Using INVITE request as basis request - 413feda8-186c-4fe1-a82d-eb074be527e1
> Found peer 'exchange-vm' for '2001' from 10.10.1.31:63436
> Peer has insecure flags port,invite
> Looking for 2001 in from-internal (domain voip.mydomain.net)
>
> Ryan
>

There has got to be a better solution to this involving the invite
from field peer domain. It looks like find_peer just matches on the
name and ignores the domain. If domain support is enabled shouldn't we
only find SIP peers if the from domain on the invite matches one in
the list? The sip invites I have looked at from Polycom and Linksys
devices put use...@registrationserver for the from. Or am I missing
something that this would break?

Ryan

-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to