Re: [Asterisk-Users] SIP authentication bug with insecure= lines?

2004-07-14 Thread Andres 

wall with authentication requests and the actual characters inside the request string 
- numeric characters seem to cause problems, while alpha characters do not.  I'm 
running CVS-HEAD-07/13/04-21:34:00.
Here's the definition of my SER proxy in sip.conf:
[ser-to-tollfree]
type=peer
insecure=yes
host=128.151.224.35
context=from-proxy1
secret=cracksmokingpassword
 

Hi John,
We also had related problems a while ago.  What fixed it for us whas 
insecure=very.  Give it a try and see if it helps.

--
Andres
Network Admin
http://www.telesip.net
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] SIP authentication bug with insecure= lines?

2004-07-14 Thread John Todd 
At 5:27 PM -0500 on 7/14/04, Andres wrote:
wall with authentication requests and the actual characters inside 
the request string - numeric characters seem to cause problems, 
while alpha characters do not.  I'm running 
CVS-HEAD-07/13/04-21:34:00.

Here's the definition of my SER proxy in sip.conf:
[ser-to-tollfree]
type=peer
insecure=yes
host=128.151.224.35
context=from-proxy1
secret=cracksmokingpassword

Hi John,
We also had related problems a while ago.  What fixed it for us whas 
insecure=very.  Give it a try and see if it helps.

--
Andres
Network Admin
http://www.telesip.net
Andres -
  Thanks for the hint!  However, I'd tried insecure=very and also 
added/removed the password.  I neglected to put that in my notes; it 
was late.  :-(

  I've opened a bug on this: 
http://bugs.digium.com/bug_view_page.php?bug_id=0002048

JT
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

[Asterisk-Users] SIP authentication bug with insecure= lines?

2004-07-13 Thread John Todd 
[wrapping disabled to allow for easier review]

Yet another SIP authentication problem.

I have SER running, and passing calls to a PRI-enabled Asterisk server from a large 
range of Media Terminal Adapters, and a few other Asterisk systems set up as 
clients.  I have this PRI-enabled Asterisk server functioning as a very simple media 
gateway to hand off my toll-free calls to a PRI - this is a one-way configuration 
(calls go to the PRI-enabled Asterisk server but don't originate _from_ that machine.) 
 I have apparently hit a very strangely shaped brick wall with authentication requests 
and the actual characters inside the request string - numeric characters seem to cause 
problems, while alpha characters do not.  I'm running CVS-HEAD-07/13/04-21:34:00.

Here's the definition of my SER proxy in sip.conf:

[ser-to-tollfree]
type=peer
insecure=yes
host=128.151.224.35
context=from-proxy1
secret=cracksmokingpassword

In the first two examples I show below, things work great.  The first query is 
(AsteriskPBX - SER - AsteriskPRI) and seems to work fine; my calls go through, no 
problem.  The second query is (MTA - SER - AsteriskPRI) and also works fine - no 
problems.  Note the address of record - it's JohnTodd in the second working example. 
 The third example is from the exact same MTA, with the only change being that I have 
altered the address of record to be 1301222 instead of JohnTodd, which is the 
phone number of the device.  For some inexplicable reason, Asterisk wants to 
authenticate the call if I have a number inside the quotes, despite my insecure=very 
statement on the peer definition.  There are apparently _no_ other reasons for this 
authentication request.  My call fails, since I don't have authentication set up in 
this environment.  I have now tested this back and forth half a dozen times to make 
sure I'm not going crazy, and it does seem to be the contents inside the quotes that 
is causing the 407 Proxy Authentication Required messages to be produced.

I suspect this is a bug in Asterisk, but I know that the insecure= model is very 
touchy.  Can anyone shed some light on this before I open a ticket?


{this is a packet capture of the typical flow of examples #1 and #2, which work 
correctly}
[EMAIL PROTECTED] asterisk]# tethereal port 5060
Capturing on eth0
  0.00 128.151.224.35 - 128.151.224.11 SIP/SDP Request: INVITE sip:[EMAIL 
PROTECTED];user=phone, with session description
  0.000439 128.151.224.11 - 128.151.224.35 SIP Status: 100 Trying
  0.001085 128.151.224.11 - 128.151.224.35 SIP Status: 180 Ringing
  1.980925 128.151.224.11 - 128.151.224.35 SIP/SDP Status: 200 OK, with session 
description
  2.071965 128.151.224.35 - 128.151.224.11 SIP Request: ACK sip:[EMAIL PROTECTED]
[call completes normally through Asterisk, to PRI and to PSTN]
  9.042939 128.151.224.35 - 128.151.224.11 SIP Request: BYE sip:[EMAIL PROTECTED]
  9.043038 128.151.224.11 - 128.151.224.35 SIP Status: 200 OK
[EMAIL PROTECTED] asterisk]#


Example #1: works (AsteriskPBX - SER - AsteriskPRI)
Message Header
Via: SIP/2.0/UDP 128.151.224.35:5061
To: 18005551212sip:[EMAIL PROTECTED]
From: 19544342000 sip:[EMAIL 
PROTECTED]:5061;tag=fa103954da5f640e9acb74f156cc0d02
SIP from address: 19544342000 sip:[EMAIL PROTECTED]:5061
SIP tag: fa103954da5f640e9acb74f156cc0d02
Date: Wed, 14 Jul 2004 03:10:35 GMT
Call-ID: [EMAIL PROTECTED]
cisco-GUID: 2771289936-1289311857-2561443184-602587443
CSeq: 1 INVITE
Max-Forwards: 10
Contact: sip:[EMAIL PROTECTED]:5061
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER
User-Agent: SER-0.8.12
Content-Type: application/sdp
Content-Length: 237

Example #2: works (MTA - SER - AsteriskPRI):
Message Header
Via: SIP/2.0/UDP 128.151.224.35:5061
To: 18005551212sip:[EMAIL PROTECTED]
From: JohnTodd sip:[EMAIL 
PROTECTED]:5061;tag=711177a4e5109d504bfb492b0e7d9368
SIP from address: JohnTodd sip:[EMAIL PROTECTED]:5061
SIP tag: 711177a4e5109d504bfb492b0e7d9368
Call-ID: [EMAIL PROTECTED]
cisco-GUID: 903578249-3900514380-3966096528-3148672395
CSeq: 1 INVITE
Max-Forwards: 69
Contact: sip:[EMAIL PROTECTED]:5061
Accept: application/sdp
Allow: INVITE,ACK,OPTIONS,CANCEL,BYE,REFER
Supported: timer,replaces
User-Agent: SER-0.8.12
Content-Type: application/sdp
Content-Length: 335


Now, if I modify my contact information to be a phone number (as it should be, in my 
model) then this is what I get:

[EMAIL PROTECTED] asterisk]# tethereal port 5060
Capturing on eth0
  0.00 128.151.224.35 - 128.151.224.11 SIP/SDP Request: INVITE sip:[EMAIL 
PROTECTED];user=phone, with session description
  0.000547 128.151.224.11 - 128.151.224.35 SIP Status: 407 Proxy Authentication 
Required
  0.004623 128.151.224.35 - 128.151.224.11 SIP Request: ACK sip:[EMAIL

[Asterisk-Users] SIP Authentication bug?

2003-07-21 Thread Tan Aks 



Hi,

I don't know whether only we are experiencing this 
problem but it seems that if authentication is 
used on a couple of phones, and then the authentication is removed (i.e. remove 
the secret parameter from each of the extensions), then this isn't reflected in 
asterisk after a reload. Instead we actually have to restart asterisk for the 
authentication to be removed.

Has anyone else seen this?

Tan

Re: [Asterisk-Users] SIP Authentication bug?

2003-07-21 Thread Mark Spencer 
Might enter it in the new Asterisk bug tracker

Mark

On Mon, 21 Jul 2003, Tan Aks wrote:

 Hi,

 I don't know whether only we are experiencing this problem but it seems that if 
 authentication is used on a couple of phones, and then the authentication is removed 
 (i.e. remove the secret parameter from each of the extensions), then this isn't 
 reflected in asterisk after a reload. Instead we actually have to restart asterisk 
 for the authentication to be removed.

 Has anyone else seen this?

 Tan


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] SIP Authentication bug?

2003-07-21 Thread John Todd 
Hi,

I don't know whether only we are experiencing this problem but it 
seems that if authentication is used on a couple of phones, and then 
the authentication is removed (i.e. remove the secret parameter from 
each of the extensions), then this isn't reflected in asterisk after 
a reload. Instead we actually have to restart asterisk for the 
authentication to be removed.

Has anyone else seen this?

Tan

Yes.  Any time I change authentication (on/off) or codec ordering, I 
generally restart Asterisk from scratch.  This may not be required, 
but prior experiences taught me that lesson, and I have not tested to 
see if the bugs have been fixed.

JT
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users