[wrapping disabled to allow for easier review]
Yet another SIP authentication problem.
I have SER running, and passing calls to a PRI-enabled Asterisk server from a large
range of Media Terminal Adapters, and a few other Asterisk systems set up as
"clients". I have this PRI-enabled Asterisk server functioning as a very simple media
gateway to hand off my toll-free calls to a PRI - this is a one-way configuration
(calls go to the PRI-enabled Asterisk server but don't originate _from_ that machine.)
I have apparently hit a very strangely shaped brick wall with authentication requests
and the actual characters inside the request string - numeric characters seem to cause
problems, while alpha characters do not. I'm running CVS-HEAD-07/13/04-21:34:00.
Here's the definition of my SER proxy in sip.conf:
[ser-to-tollfree]
type=peer
insecure=yes
host=128.151.224.35
context=from-proxy1
secret=cracksmokingpassword
In the first two examples I show below, things work great. The first query is
(AsteriskPBX -> SER -> AsteriskPRI) and seems to work fine; my calls go through, no
problem. The second query is (MTA -> SER -> AsteriskPRI) and also works fine - no
problems. Note the address of record - it's "JohnTodd" in the second working example.
The third example is from the exact same MTA, with the only change being that I have
altered the address of record to be "13012221111" instead of "JohnTodd", which is the
phone number of the device. For some inexplicable reason, Asterisk wants to
authenticate the call if I have a number inside the quotes, despite my "insecure=very"
statement on the peer definition. There are apparently _no_ other reasons for this
authentication request. My call fails, since I don't have authentication set up in
this environment. I have now tested this back and forth half a dozen times to make
sure I'm not going crazy, and it does seem to be the contents inside the quotes that
is causing the "407 Proxy Authentication Required" messages to be produced.
I suspect this is a bug in Asterisk, but I know that the "insecure=" model is very
touchy. Can anyone shed some light on this before I open a ticket?
{this is a packet capture of the typical flow of examples #1 and #2, which work
correctly}
[EMAIL PROTECTED] asterisk]# tethereal port 5060
Capturing on eth0
0.000000 128.151.224.35 -> 128.151.224.11 SIP/SDP Request: INVITE sip:[EMAIL
PROTECTED];user=phone, with session description
0.000439 128.151.224.11 -> 128.151.224.35 SIP Status: 100 Trying
0.001085 128.151.224.11 -> 128.151.224.35 SIP Status: 180 Ringing
1.980925 128.151.224.11 -> 128.151.224.35 SIP/SDP Status: 200 OK, with session
description
2.071965 128.151.224.35 -> 128.151.224.11 SIP Request: ACK sip:[EMAIL PROTECTED]
[call completes normally through Asterisk, to PRI and to PSTN]
9.042939 128.151.224.35 -> 128.151.224.11 SIP Request: BYE sip:[EMAIL PROTECTED]
9.043038 128.151.224.11 -> 128.151.224.35 SIP Status: 200 OK
[EMAIL PROTECTED] asterisk]#
Example #1: works (AsteriskPBX -> SER -> AsteriskPRI)
Message Header
Via: SIP/2.0/UDP 128.151.224.35:5061
To: 18005551212<sip:[EMAIL PROTECTED]>
From: "19544342000" <sip:[EMAIL
PROTECTED]:5061>;tag=fa103954da5f640e9acb74f156cc0d02
SIP from address: "19544342000" <sip:[EMAIL PROTECTED]:5061>
SIP tag: fa103954da5f640e9acb74f156cc0d02
Date: Wed, 14 Jul 2004 03:10:35 GMT
Call-ID: [EMAIL PROTECTED]
cisco-GUID: 2771289936-1289311857-2561443184-602587443
CSeq: 1 INVITE
Max-Forwards: 10
Contact: <sip:[EMAIL PROTECTED]:5061>
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER
User-Agent: SER-0.8.12
Content-Type: application/sdp
Content-Length: 237
Example #2: works (MTA -> SER -> AsteriskPRI):
Message Header
Via: SIP/2.0/UDP 128.151.224.35:5061
To: 18005551212<sip:[EMAIL PROTECTED]>
From: "JohnTodd" <sip:[EMAIL
PROTECTED]:5061>;tag=711177a4e5109d504bfb492b0e7d9368
SIP from address: "JohnTodd" <sip:[EMAIL PROTECTED]:5061>
SIP tag: 711177a4e5109d504bfb492b0e7d9368
Call-ID: [EMAIL PROTECTED]
cisco-GUID: 903578249-3900514380-3966096528-3148672395
CSeq: 1 INVITE
Max-Forwards: 69
Contact: <sip:[EMAIL PROTECTED]:5061>
Accept: application/sdp
Allow: INVITE,ACK,OPTIONS,CANCEL,BYE,REFER
Supported: timer,replaces
User-Agent: SER-0.8.12
Content-Type: application/sdp
Content-Length: 335
Now, if I modify my contact information to be a phone number (as it "should" be, in my
model) then this is what I get:
[EMAIL PROTECTED] asterisk]# tethereal port 5060
Capturing on eth0
0.000000 128.151.224.35 -> 128.151.224.11 SIP/SDP Request: INVITE sip:[EMAIL
PROTECTED];user=phone, with session description
0.000547 128.151.224.11 -> 128.151.224.35 SIP Status: 407 Proxy Authentication
Required
0.004623 128.151.224.35 -> 128.151.224.11 SIP Request: ACK sip:[EMAIL
PROTECTED];user=phone
0.005122 128.151.224.35 -> 128.151.224.11 SIP/SDP Request: INVITE sip:[EMAIL
PROTECTED];user=phone, with session description
0.005481 128.151.224.11 -> 128.151.224.35 SIP Status: 403 Forbidden
0.014618 128.151.224.35 -> 128.151.224.11 SIP Request: ACK sip:[EMAIL
PROTECTED];user=phone
[EMAIL PROTECTED] asterisk]#
and I get this on the console:
Jul 13 23:21:20 NOTICE[1133742896]: chan_sip.c:6902 handle_request: Failed to
authenticate user "13012221111" <sip:[EMAIL
PROTECTED]:5061>;tag=89a3f4007f5078775e903f736a1410f9
Example #2: broken (MTA -> SER -> AsteriskPRI):
Message Header
Via: SIP/2.0/UDP 128.151.224.35:5061
To: 18005551212<sip:[EMAIL PROTECTED]>
From: "13012221111" <sip:[EMAIL
PROTECTED]:5061>;tag=46710ecadb4d1dd027f2cc4cf09546b4
SIP from address: "13012221111" <sip:[EMAIL PROTECTED]:5061>
SIP tag: 46710ecadb4d1dd027f2cc4cf09546b4
Call-ID: [EMAIL PROTECTED]
cisco-GUID: 2766138914-2181086183-3044107678-890207647
CSeq: 1 INVITE
Max-Forwards: 69
Contact: <sip:[EMAIL PROTECTED]:5061>
Accept: application/sdp
Allow: INVITE,ACK,OPTIONS,CANCEL,BYE,REFER
Supported: timer,replaces
User-Agent: SER-0.8.12
Content-Type: application/sdp
Content-Length: 340
Sleep? What sleep?!
JT
_______________________________________________
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
