Author |
Message |
james Brekeke Master Guru
Joined: 10 Dec 2007 Posts: 501
|
Posted: Mon Apr 04, 2011 3:47 pm Post subject: |
|
|
Check the user name and password.
Or disable INVITE-Authentication at the SIP Server. |
|
Back to top |
|
abhoffmann Brekeke Member
Joined: 09 Feb 2011 Posts: 12
Location: Montreal
|
Posted: Mon Apr 11, 2011 10:48 am Post subject: |
|
|
User name and password should be correct since it registers without problems.
Disabling INVITE-Authentication is safe? |
|
Back to top |
|
hope Brekeke Master Guru
Joined: 15 Jan 2008 Posts: 862
|
Posted: Mon Apr 11, 2011 11:05 am Post subject: |
|
|
is "Auth-user=user in "From:" set as yes at sip server/configuration/sip/authentication?
if so, the sip id in invite from header should be the same as authentication id which is set at sip server/user authentication.
you can try set "Auth-user=user in "From:" to no and restart sip server.
or create dial plan from pap2T to accept call from pap2 ip without checking authentication.
the dial plan is the same as that in http://wiki.brekeke.com/wiki/Security |
|
Back to top |
|
abhoffmann Brekeke Member
Joined: 09 Feb 2011 Posts: 12
Location: Montreal
|
Posted: Fri Apr 15, 2011 6:06 am Post subject: |
|
|
I did set "Auth-user=user in "From:" to NO, restarted the server, but didn't work.
In reality, the From is = to Auth-user...
Below is a the header of the second INVITE that the PAP2 sent to Brekeke and is denied:
Via: SIP/2.0/UDP 192.168.0.105:5060;branch=z9hG4bK-a3f0e2e0
From: 514-908-9742 <sip:10179100@sip.cirrus-telecom.ca>;tag=abde3fde92772c08o0
To: <sip:5144449955@sip.cirrus-telecom.ca>
Call-ID: 8d23f516-39ee3830@192.168.0.105
CSeq: 102 INVITE
Max-Forwards: 70
Proxy-Authorization: Digest username="10179100",realm="pbx1-mtl",nonce="95612608d19f5f482d0424766b1bb4263e4ff765",uri="sip:5144449955@sip.cirrus-telecom.ca",algorithm=MD5,response="651c3137076c3321e3632fb87ba775cf"
Contact: 514-908-9742 <sip:10179100@192.168.0.105:5060>
Expires: 240
User-Agent: Linksys/PAP2T-3.1.15(LS)
Content-Length: 444
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Supported: x-sipura
Content-Type: application/sdp
And here is the header of the PAP2 REGISTER, that works fine:
Via: SIP/2.0/UDP 192.168.0.105:5060;branch=z9hG4bK-3d866f28
From: 514-908-9742 <sip:10179100@sip.cirrus-telecom.ca>;tag=6c7ad4bf582ecd4do0
To: 514-908-9742 <sip:10179100@sip.cirrus-telecom.ca>
Call-ID: 9d5d7a88-75eba10@192.168.0.105
CSeq: 18059 REGISTER
Max-Forwards: 70
Authorization: Digest username="10179100",realm="pbx1-mtl",nonce="004b9b0d239aa54d7b01a1b338abeb938a3e0fce",uri="sip:sip.cirrus-telecom.ca",algorithm=MD5,response="668e4c80a124365d710d1eaea398a787"
Contact: 514-908-9742 <sip:10179100@192.168.0.105:5060>;expires=60
User-Agent: Linksys/PAP2T-3.1.15(LS)
Content-Length: 0
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Supported: x-sipura
Any other ideas?
The same Brekeke account, if I use a soft-phone, works fine to make calls..
Thanks again. |
|
Back to top |
|
hope Brekeke Master Guru
Joined: 15 Jan 2008 Posts: 862
|
Posted: Fri Apr 15, 2011 12:15 pm Post subject: |
|
|
if disable authentication for invite on brekeke sip server, can the call ring destination user? |
|
Back to top |
|
james Brekeke Master Guru
Joined: 10 Dec 2007 Posts: 501
|
Posted: Fri Apr 15, 2011 5:00 pm Post subject: |
|
|
From Wireshark, can you find who sent "407 Proxy Authentication Required" response originally?
It is Brekeke SIP Server??
Is there any possibility that the destination server reject an INVITE with 407?
Also.. try to update the PAP2T's firmware. |
|
Back to top |
|
abhoffmann Brekeke Member
Joined: 09 Feb 2011 Posts: 12
Location: Montreal
|
Posted: Mon Apr 18, 2011 6:27 am Post subject: |
|
|
Thanks for the help.
It's working.
Actually changing "Auth-user=user in From:" to "NO" did work.
(In the first test it didn't work because the user account's balance went negative since the first post) |
|
Back to top |
|
james Brekeke Master Guru
Joined: 10 Dec 2007 Posts: 501
|
Posted: Mon Apr 18, 2011 10:39 am Post subject: |
|
|
oh ok.
It seems you specified different names for SIP and auth at the PAP2T's settings. |
|
Back to top |
|
|