[Freeswitch-users] Problem with gateway registration

Brian West brian at freeswitch.org
Tue Oct 6 14:45:10 PDT 2009 

First off you have to fully understand how SIP authentication works  
the two authorization line are different because one is for a  
challenge and one is a response to a challenge.

http://en.wikipedia.org/wiki/Digest_access_authentication


On Oct 6, 2009, at 4:22 PM, Nicolas Brenner wrote:

> That happens with both gateways though, one works and the other  
> doesn't. Would the rport have anything to do with the registration  
> failing?
>
> The big difference to me is that the working gateway replies a 401  
> Unauthorized containing:
>
>  WWW-Authenticate: Digest realm="pxextmy.redvoiss.net",  
> nonce="4acac8fe248a9075a13773274684392a65a40240", qop="auth".
>
> Whereas the non-working gateway's 401 has:
>
> WWW-Authenticate: Digest realm="216.72.10.39",  
> nonce="4acac08249c439decb2bea539282faf755c80b0c".

What is this gateway? You might actually put the realm param INTO the  
gateway config for this gateway.


> What does the qop parameter stand for? Apparently because of that  
> parameter, FS sends a new REGISTER including this:

Quality of Protection, qop is assumed auth if excluded.

>
> Authorization: Digest username="xxxxxxxxx", realm="pxextmy.redvoiss.net 
> ", nonce="4acac8fe248a9075a13773274684392a65a40240",  
> cnonce="h1DCSizTEi2eMQAdCe9KJA", algorithm=MD5, uri="sip:pxextmy.redvoiss.net 
> ", response="05adb2a7f9d7772e57dc846257484f5d", qop=auth, nc=00000001.

This is a response to a challenge.

> Instead, on the non-working gateway case, FS sends a REGISTER with  
> this:
>
> Authorization: Digest username="yyyyyyyyy", realm="216.72.10.39",  
> nonce="4acac08249c439decb2bea539282faf755c80b0c", algorithm=MD5,  
> uri="sip:216.72.10.39", response="8311db7666779df89d5223e16a611826".

This is a challenge.

> Notice the absence of the qop and nc parameters. I'm guessing the  
> lack of those parameters causes the gateway (SIP server) to use  
> another nonce and hence reject the mismatching REGISTER.

Again challenge vs response.

>
> BTW, registration from an X-Lite softphone works.
>
>
> Thanks!
>
> Nicolas

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20091006/6fbc1ffd/attachment-0002.html

More information about the FreeSWITCH-users mailing list