[Freeswitch-users] Hangup problem/SIP BYE lacking authentication
Wellie Chao
wchao at yahoo.com
Thu Oct 30 18:21:19 PDT 2008
Just to correct an error, I asked below "Will Freeswitch respond with an
authenticated BYE message even if the session was initiated in an
authenticated fashion by Metaswitch?" and I meant "even if the session was
initiated in an UNauthenticated fashion".
Also, to expound on the problem, I don't see how changing the realm will
help because the problem is not that Freeswitch is sending the wrong
realm, but that Freeswitch is not responding with an authenticated BYE
message at all -- it's only sending an unauthenticated BYE message. The
realm, while possibly important later, assumes that Freeswitch is using
authentication in the BYE message it sends to Metaswitch. Right now it's
not. From an intuitive point of view, it makes sense: Freeswitch is
thinking, "well Metaswitch, you called me, why do I need to authenticate
myself to you". The Aastra softswitch (in the other packet trace in the
ZIP file I sent in a previous email to this list) deals with this by
sending an authenticated BYE when the unauthenticated BYE fails with 401
Unauthorized. Is there some way I can configure Freeswitch to do the same?
On Thu, 30 Oct 2008, Wellie Chao wrote:
> Date: Thu, 30 Oct 2008 20:55:37 -0400 (EDT)
> From: Wellie Chao <wchao at yahoo.com>
> Reply-To: freeswitch-users at lists.freeswitch.org
> To: freeswitch-users at lists.freeswitch.org
> Subject: Re: [Freeswitch-users] Hangup problem/SIP BYE lacking authentication
>
> If I change the realm, I will not be able to make outgoing calls because the
> realm must be 64.115.128.6 in order to register with Metaswitch for outbound
> calls.
>
> Are you suggesting I create two gateway entries, one for outbound and one for
> inbound? Will Freeswitch respond with an authenticated BYE message even if
> the session was initiated in an authenticated fashion by Metaswitch? It's a
> little frustrating because Metaswitch is initiating the call to Freeswitch
> without authentication, yet it expects Freeswitch to reply with an
> authenticated BYE message in order to end the call. It really should be smart
> enough to realize that since it initiated the call to a particular Freeswitch
> instance at A.B.C.D IP address, it should allow unauthenticated BYE messages
> from that IP address.
>
> On Thu, 30 Oct 2008, Anthony Minessale wrote:
>
>> Date: Thu, 30 Oct 2008 18:54:34 -0500
>> From: Anthony Minessale <anthony.minessale at gmail.com>
>> Reply-To: freeswitch-users at lists.freeswitch.org
>> To: freeswitch-users at lists.freeswitch.org
>> Subject: Re: [Freeswitch-users] Hangup problem/SIP BYE lacking
>> authentication
>>
>> make sure realm matches the realm in the challenge packet from the other
>> device.
>>
>> On Thu, Oct 30, 2008 at 5:11 PM, Brian West <brian at freeswitch.org> wrote:
>> Turn on the TPORT_LOG=1 ./freeswitch and let me see the challenge
>> packet.
>>
>> /b
>>
>> On Oct 30, 2008, at 4:45 PM, Wellie Chao wrote:
>>
>> > Here is what I have:
>> >
>> > <include>
>> > <gateway name="broadview">
>> > <param name="username" value="MY_USERNAME"/>
>> > <param name="password" value="MY_PASSWORD"/>
>> > <param name="realm" value="64.115.128.6"/>
>> > <param name="proxy" value="64.115.128.6"/>
>> > <param name="register" value="false"/>
>> > </gateway>
>> > </include>
>> >
>> > Whether register is true or false doesn't seem to make a difference
>> > (except that Freeswitch then comes up with broadview in NOREG
>> > state). On calls from Metaswitch to Freeswitch, it's the same
>> > problem, and I get the same message in the Freeswitch logs:
>> >
>> > 2008-10-30 17:39:04 [ERR] sofia_reg.c:1089
>> > sofia_reg_handle_sip_r_challenge() No Matching gateway found
>> >
>> > I presume this is the same thing with the 401 Unauthorized packet
>> > being sent by Metaswitch in response to Freeswitch's BYE message.
>> > Note that the call itself goes just fine. I pick up, both sides can
>> > hear each other. Just the hangup gets messed up and for some reason
>> > Metaswitch expects an authenticated BYE message even though the
>> > connection was not authenticated in the beginning when Metaswitch
>> > initiated it. The packet trace shows this and it's very odd.
>> >
>> > Is that what you meant when you said set up a gateway in Freeswitch
>> > that has reg=false and the proper credentials?
>>
>>
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>>
>> --
>> Anthony Minessale II
>>
>> FreeSWITCH http://www.freeswitch.org/
>> ClueCon http://www.cluecon.com/
>>
>> AIM: anthm
>> MSN:anthony_minessale at hotmail.com
>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>> IRC: irc.freenode.net #freeswitch
>>
>> FreeSWITCH Developer Conference
>> sip:888 at conference.freeswitch.org
>> iax:guest at conference.freeswitch.org/888
>> googletalk:conf+888 at conference.freeswitch.org
>> pstn:213-799-1400
>>
>>
>
More information about the FreeSWITCH-users
mailing list