1. Brekeke Product Name and Version: 3.5.2.8
2. Java version: 8, build 65
3. OS type and the version: Win7 Pro
4. UA (phone), gateway or other hardware/software involved: Fritzbox Fon
5. Your problem: 2 UAs are well registered, but when calling themselves or a PSTN gateway I get a 407 Proxy authentication required error, followed by a 481 Call leg/transaction doesn't exist
Dial Plan:
MP
$request=^INVITE
From=sip:1135266733@
To=sip:([0-9]{8,9})@
DP
To=sip%1@PSTN_gateway_IP_address
INVITE sip:984521110@10.33.60.12 SIP/2.0
Via: SIP/2.0/UDP 10.33.31.2:5060;rport;branch=z9hG4bK0097DD20EF0922C7
Route: <sip:10.33.60.12;lr>
From: "35266733" <sip:1135266733@10.33.60.12>;tag=F6E10CB914D67205
To: <sip:984521110@10.33.60.12>
Call-ID: 8A8AF37DBC741134@10.33.31.2
CSeq: 13 INVITE
Contact: <sip:1135266733@10.33.31.2;uniq=4ECD8B1AC41BEB50326B42E983485>
Max-Forwards: 70
Expires: 120
User-Agent: AVM FRITZ!Box Fon WLAN 7390 84.06.30 (Aug 20 2015)
Supported: 100rel,replaces
Allow-Events: telephone-event,refer
Allow: INVITE,ACK,OPTIONS,CANCEL,BYE,UPDATE,PRACK,INFO,SUBSCRIBE,NOTIFY,REFER,MESSAGE,PUBLISH
Content-Type: application/sdp
Accept: application/sdp, multipart/mixed
Accept-Encoding: identity
Content-Length: 449
v=0
o=user 9571234 9571234 IN IP4 10.33.31.2
s=call
c=IN IP4 10.33.31.2
t=0 0
m=audio 7078 RTP/AVP 9 8 0 2 102 100 99 97 18 120 121 101
a=sendrecv
a=rtpmap:2 G726-32/8000
a=rtpmap:102 G726-32/8000
a=rtpmap:100 G726-40/8000
a=rtpmap:99 G726-24/8000
a=rtpmap:97 iLBC/8000
a=fmtp:97 mode=30
a=fmtp:18 annexb=no
a=rtpmap:120 PCMA/16000
a=rtpmap:121 PCMU/16000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=rtcp:7079
a=ptime:20
==============================================
============================================
PreCheck [BloqueioUserAgent]
Pattern: $str.lowercase(User-Agent) = friendly-scanner|sundayddr|sipcli/v1.8|linphone/3.7.0 (belle-sip/1.3.0)
Input: $str.lowercase(User-Agent) = avm fritz!box fon wlan 7390 84.06.30 (aug 20 2015)
Result: false
============================================
============================================
Rule [00]
Pattern: $request = ^INVITE
Input: $request = INVITE sip:984521110@10.33.60.12 SIP/2.0
Result: true
Pattern: To = sip:(00.+)@
Input: To = <sip:984521110@10.33.60.12>
Result: false
============================================
============================================
Rule [Outbound GVT 67xx]
Pattern: $request = ^INVITE
Input: $request = INVITE sip:984521110@10.33.60.12 SIP/2.0
Result: true
Pattern: From = sip:675(.)@
Input: From = "35266733" <sip:1135266733@10.33.60.12>;tag=F6E10CB914D67205
Result: false
============================================
============================================
Rule [Discagem0]
Pattern: $request = ^INVITE
Input: $request = INVITE sip:984521110@10.33.60.12 SIP/2.0
Result: true
Pattern: From = sip:11352667(..)@
Input: From = "35266733" <sip:1135266733@10.33.60.12>;tag=F6E10CB914D67205
%1 <= 33
Result: true
Pattern: To = sip:([0-9]{8,9})@
Input: To = <sip:984521110@10.33.60.12>
%2 <= 984521110
Result: true
============================================
Dispatcher: failed: send response=407: No Auth header
svlistener: send response=407: authorization failed
at 10/25/15 16:43:02.899
Please note:
In my Dial Plan I have a rule to remove the routing statement at registration:
MP
$request=^REGISTER
Route=.+
DP
Route=
$action=register
Proxy authentication required even if UA is registered
Moderator: Brekeke Support Team
Sorry for the late answer.
The weird thing is, that sometimes it works, but I don't know why.
If I turn authentication off in the dial plan, all works ok.
However, if authentication request is on, I keep getting these errors (from the error logs):
2015-12-20 21:05:37.306 10.33.31.33:3072 INVITE 407 Authorization failed sip:994395973@10.33.60.12 sip:603@10.33.60.12 sip:994395973@10.33.60.12 Gateway
2015-12-20 21:05:54.958 10.33.31.33:3072 CANCEL 481 Call Leg does not exist sip:994395973@10.33.60.12 sip:603@10.33.60.12 sip:994395973@10.33.60.12
10.33.31.33 is the User agent
10.33.60.12 is the BSS.
Both are in separate networks but the networks are interconnected with a VPN which may drop eventually ever 2 days, but recovers within seconds.
The weird thing is, that sometimes it works, but I don't know why.
If I turn authentication off in the dial plan, all works ok.
However, if authentication request is on, I keep getting these errors (from the error logs):
2015-12-20 21:05:37.306 10.33.31.33:3072 INVITE 407 Authorization failed sip:994395973@10.33.60.12 sip:603@10.33.60.12 sip:994395973@10.33.60.12 Gateway
2015-12-20 21:05:54.958 10.33.31.33:3072 CANCEL 481 Call Leg does not exist sip:994395973@10.33.60.12 sip:603@10.33.60.12 sip:994395973@10.33.60.12
10.33.31.33 is the User agent
10.33.60.12 is the BSS.
Both are in separate networks but the networks are interconnected with a VPN which may drop eventually ever 2 days, but recovers within seconds.
I keep getting these 481 errors.
Typically happens in calls between extensions in the VPN network, when the extension is outside of the LAN of BSS. But the VPNs are integrated into the network gateways and when the extensions get registered only their real IP shows up, not the VPN gateway's IP address.
Now to call between extensions I have to make outbound/inbound calls...
Typically happens in calls between extensions in the VPN network, when the extension is outside of the LAN of BSS. But the VPNs are integrated into the network gateways and when the extensions get registered only their real IP shows up, not the VPN gateway's IP address.
Now to call between extensions I have to make outbound/inbound calls...
Looking at the Wireshark traces I see that when the INVITE comes from the extension with problems, BSS effectively DOESN'T send the INVITE to the target IP phone.
However, when the call happens the other way around, Wireshark shows the SIP packets flowing between both extensions without problems.
For some reason, when the call comes from this UA (a SNOM IP phone in this case now), the BSS doesn't relay the calls to the destination IP phone.
Very weird.
However, when the call happens the other way around, Wireshark shows the SIP packets flowing between both extensions without problems.
For some reason, when the call comes from this UA (a SNOM IP phone in this case now), the BSS doesn't relay the calls to the destination IP phone.
Very weird.
Are you still using Brekeke SIP Server version 3.5.2.8?
If so, let you upgrade it to the latest version because there are new logging function which may help your analysis.
http://www.brekeke.com/downloads/sip-server.php
If so, let you upgrade it to the latest version because there are new logging function which may help your analysis.
http://www.brekeke.com/downloads/sip-server.php
Ok, found it.
I had BSS challenging the UA with a 407 when making calls between extensions.
$auth=false solved the issue.
I have UAs (of different brands) that for some reason stop the SIP communication when receiving a 407 Proxy authorization required.
Other UAs answer the 407 with a new INVITE, now with user/password, and then BSS makes the call.
Does anybody know which setting controls this behavior in an UA?
My current BSS is 3.8.5.2
BR
Udo
I had BSS challenging the UA with a 407 when making calls between extensions.
$auth=false solved the issue.
I have UAs (of different brands) that for some reason stop the SIP communication when receiving a 407 Proxy authorization required.
Other UAs answer the 407 with a new INVITE, now with user/password, and then BSS makes the call.
Does anybody know which setting controls this behavior in an UA?
My current BSS is 3.8.5.2
BR
Udo
Sure!
UA is well registered on BSS, and needs correct user/password for this purpose.
Also, if this was to be the issue, the UA would have answered to the 407 with another INVITE, but with wrong user/password.
This is not the case, it simply accepts the 407 and stays quiet instead of answering the challenge with another INVITE.
BSS is acting correctly. The UA may (or may not!) just be acting according to configuration.
I just have no idea what is called this behavior in the settings of a UA. I went through pages of configuration, there is nothing obvious. The only option that had "challenge" has nothing to do with the current situation.
BR
udo
UA is well registered on BSS, and needs correct user/password for this purpose.
Also, if this was to be the issue, the UA would have answered to the 407 with another INVITE, but with wrong user/password.
This is not the case, it simply accepts the 407 and stays quiet instead of answering the challenge with another INVITE.
BSS is acting correctly. The UA may (or may not!) just be acting according to configuration.
I just have no idea what is called this behavior in the settings of a UA. I went through pages of configuration, there is nothing obvious. The only option that had "challenge" has nothing to do with the current situation.
BR
udo
DialPlan example Ex 38 in the tutorial may work..
http://www.brekeke.com/doc/sip/sip_tuto ... alplan.pdf
Here is my DialPlan rule which disables auth if a caller is already registered in Brekeke SIP Server (It means this user has valid password.)
[Matching Patterns]
$request = ^INVITE
$registered( From ) = true
[Deploy Patterns]
$auth = false
$continue = true
So.. UA will not receive 407 if it keeps sending REGISTER periodically.
http://www.brekeke.com/doc/sip/sip_tuto ... alplan.pdf
Here is my DialPlan rule which disables auth if a caller is already registered in Brekeke SIP Server (It means this user has valid password.)
[Matching Patterns]
$request = ^INVITE
$registered( From ) = true
[Deploy Patterns]
$auth = false
$continue = true
So.. UA will not receive 407 if it keeps sending REGISTER periodically.