[Freeswitch-users] Problems getting asterisk registered with FS sbc
Johannes Jakob
jjj at 3js.de
Wed Feb 23 12:33:27 MSK 2011
Hi Michael,
I'd love to use authentication for this asterisk, but I didn't get it working!
You'll find the testcase attached with secret set, register string updated and the corresponding directory entry, if you are willing to check it.
Thanks to you for the hint with the ACLs! There haven't been any acls added for none of the asterisk boxes, because I didn't specify
<node type="allow" domain="mysip.net"/>
in acl.conf.xml, now I did and there are now acls for every asterisk's IP address. Thanks Michael!
BUT: Why are the other asterisk boxes, running asterisk >1.8 working? Why have they been able to connect without password, just by adding the cidr parameter and this not even being evaluated because of my stupidity? Why is everything working smoothly for those boxes and not for the "new" asterisk 1.6 with equivalent settings?
Well... can somebody tell me, what settings I need to make an asterisk register cleanly with my freeswitch box and what might be the problem with my current settings?
DEBUG for asterisk 1.6 trying to auth with secret:
Asterisk TRUNK:
host=sbc1.mysip.net
username=748732
fromuser=748732
secret=Idsd67Hsa
fromdomain=mysip.net
type=peer
t38pt_udptl=yes,redundancy,maxdatagram=400
directmedia=no
Register String: 748732 at mysip.net:UB9aizimo9 at sbc1.mysip.net/748732
FreeSWITCH User entry in directory
<include>
<user id="748732" cidr="10.16.153.163/32">
<params>
<param name="password" value="Idsd67Hsa"/>
<!--
<param name="apply-inbound-acl" value="domains"/>
<param name="apply-register-acl" value="domains"/>
-->
<param name="t38-passthru" value="true"/>
</params>
<variables>
<variable name="client_asserted_identity" value="03023671836"/>
<variable name="accountcode" value="748732"/>
<variable name="contract" value="2253"/>
<variable name="nibble_rate" value="1"/>
<variable name="nibble_account" value="2253"/>
<variable name="proxy_media" value="true"/>
<variable name="bypass_media" value="false"/>
<variable name="user_context" value="mysip.net"/>
<variable name="default_language" value="de"/>
<variable name="language" value="de"/>
</variables>
</user>
</include>
2011-02-23 09:53:59.948696 [WARNING] sofia_reg.c:1246 SIP auth challenge (REGISTER) on sofia profile 'internal' for [748732 at mysip.net] from ip 10.16.153.163
2011-02-23 09:53:59.956363 [WARNING] sofia_reg.c:1204 SIP auth failure (REGISTER) on sofia profile 'internal' for [748732 at mysip.net] from ip 10.16.153.163
09:52:41.577316 IP 10.16.153.163.5060 > 10.16.133.66.5060: UDP, length: 419
E`...f..>...^...^..B......[@REGISTER sip:mysip.net SIP/2.0
Via: SIP/2.0/UDP 10.16.153.163:5060;branch=z9hG4bK281763ac;rport
Max-Forwards: 70
From: <sip:748732 at mysip.net>;tag=as3d3f47c7
To: <sip:748732 at mysip.net>
Call-ID: 312825e32715888c5626ef57287dcf4d at 10.16.153.163
CSeq: 102 REGISTER
User-Agent: Asterisk PBX 1.6.0.22-samy-r60
Expires: 1800
Contact: <sip:748732 at 10.16.153.163>
Event: registration
Content-Length: 0
09:52:41.587730 IP 10.16.133.66.5060 > 10.16.153.163.5060: UDP, length: 657
E....x..?..m^..B^...........SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.16.153.163:5060;branch=z9hG4bK281763ac;rport=5060
From: <sip:748732 at mysip.net>;tag=as3d3f47c7
To: <sip:748732 at mysip.net>;tag=KQS7yprQrS8Kr
Call-ID: 312825e32715888c5626ef57287dcf4d at 10.16.153.163
CSeq: 102 REGISTER
User-Agent: FreeSWITCH-mod_sofia/1.0.head-git-7847289 2011-02-19 23-38-04 +0100
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: timer, precondition, path, replaces
WWW-Authenticate: Digest realm="mysip.net", nonce="25994bae-8015-421c-99c3-94a796e31fd2", algorithm=MD5, qop="auth"
Content-Length: 0
09:52:41.588819 IP 10.16.153.163.5060 > 10.16.133.66.5060: UDP, length: 672
E`...g..>...^...^..B........REGISTER sip:mysip.net SIP/2.0
Via: SIP/2.0/UDP 10.16.153.163:5060;branch=z9hG4bK00c12e44;rport
Max-Forwards: 70
From: <sip:748732 at mysip.net>;tag=as705bdca9
To: <sip:748732 at mysip.net>
Call-ID: 312825e32715888c5626ef57287dcf4d at 10.16.153.163
CSeq: 103 REGISTER
User-Agent: Asterisk PBX 1.6.0.22-samy-r60
Authorization: Digest username="748732 at mysip.net", realm="mysip.net", algorithm=MD5, uri="sip:mysip.net", nonce="25994bae-8015-421c-99c3-94a796e31fd2", response="15d31712a3e0ff91e90b1ee5185ea166", qop=auth, cnonce="0fb9367b", nc=00000001
Expires: 1800
Contact: <sip:748732 at 10.16.153.163>
Event: registration
Content-Length: 0
09:52:41.595116 IP 10.16.133.66.5060 > 10.16.153.163.5060: UDP, length: 532
E..0.y..?...^..B^......... .SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 10.16.153.163:5060;branch=z9hG4bK00c12e44;rport=5060
From: <sip:748732 at mysip.net>;tag=as705bdca9
To: <sip:748732 at mysip.net>;tag=m0j00H9tN2y6K
Call-ID: 312825e32715888c5626ef57287dcf4d at 10.16.153.163
CSeq: 103 REGISTER
User-Agent: FreeSWITCH-mod_sofia/1.0.head-git-7847289 2011-02-19 23-38-04 +0100
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: timer, precondition, path, replaces
Content-Length: 0
Registration of an asterisk 1.8 that works:
10:26:35.024214 IP 10.16.139.29.5060 > 10.16.133.66.5060: SIP, length: 389
E`......?...^...^..B......
.REGISTER sip:mysip.net SIP/2.0
Via: SIP/2.0/UDP 10.16.139.29:5060;branch=z9hG4bK52d214d2
Max-Forwards: 70
From: <sip:742432-2 at mysip.net>;tag=as08f7bdb5
To: <sip:742432-2 at mysip.net>
Call-ID: 68e6f0e5360a42a56cce41700db4f1d6 at 10.16.139.29
CSeq: 102 REGISTER
User-Agent: FPBX-2.8.1(1.8.2.3)
Expires: 3600
Contact: <sip:742432-2 at 10.16.139.29:5060>
Content-Length: 0
10:26:35.040801 IP 10.16.133.66.5060 > 10.16.139.29.5060: SIP, length: 648
E...<... at .nm^..B^..........uSIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.16.139.29:5060;branch=z9hG4bK52d214d2
From: <sip:742432-2 at mysip.net>;tag=as08f7bdb5
To: <sip:742432-2 at mysip.net>;tag=ytFrj0HyrUX1Q
Call-ID: 68e6f0e5360a42a56cce41700db4f1d6 at 10.16.139.29
CSeq: 102 REGISTER
User-Agent: FreeSWITCH-mod_sofia/1.0.head-git-7847289 2011-02-19 23-38-04 +0100
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: timer, precondition, path, replaces
WWW-Authenticate: Digest realm="mysip.net", nonce="75c922c2-1bcf-4ae6-95e6-094f38aacc4a", algorithm=MD5, qop="auth"
Content-Length: 0
10:26:35.045018 IP 10.16.139.29.5060 > 10.16.133.66.5060: SIP, length: 629
E`......?...^...^..B.....}.oREGISTER sip:mysip.net SIP/2.0
Via: SIP/2.0/UDP 10.16.139.29:5060;branch=z9hG4bK03be27e5
Max-Forwards: 70
From: <sip:742432-2 at mysip.net>;tag=as48a1a645
To: <sip:742432-2 at mysip.net>
Call-ID: 68e6f0e5360a42a56cce41700db4f1d6 at 10.16.139.29
CSeq: 103 REGISTER
User-Agent: FPBX-2.8.1(1.8.2.3)
Authorization: Digest username="742432-2", realm="mysip.net", algorithm=MD5, uri="sip:mysip.net", nonce="75c922c2-1bcf-4ae6-95e6-094f38aacc4a", response="bae2f45c0f2b47cd8e3a3cd13d9b60b6", qop=auth, cnonce="3cf8c9c5", nc=00000001
Expires: 3600
Contact: <sip:742432-2 at 10.16.139.29:5060>
Content-Length: 0
10:26:35.076972 IP 10.16.133.66.5060 > 10.16.139.29.5060: SIP, length: 609
E..}< .. at .n.^..B^........i.NSIP/2.0 200 OK
Via: SIP/2.0/UDP 10.16.139.29:5060;branch=z9hG4bK03be27e5
From: <sip:742432-2 at mysip.net>;tag=as48a1a645
To: <sip:742432-2 at mysip.net>;tag=Z38gmU21N4KmK
Call-ID: 68e6f0e5360a42a56cce41700db4f1d6 at 10.16.139.29
CSeq: 103 REGISTER
Contact: <sip:742432-2 at 10.16.139.29:5060>;expires=3600
Date: Wed, 23 Feb 2011 09:26:35 GMT
User-Agent: FreeSWITCH-mod_sofia/1.0.head-git-7847289 2011-02-19 23-38-04 +0100
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: timer, precondition, path, replaces
Content-Length: 0
2011-02-23 10:26:35.040164 [WARNING] sofia_reg.c:1246 SIP auth challenge (REGISTER) on sofia profile 'internal' for [742432-2 at mysip.net] from ip 10.16.139.29
does that mean, I'm just authenticating with an empty password? ;)
On 23.02.2011, at 03:13, Michael Collins wrote:
> I don't believe the ACL works for registrations, only for phone calls. You'll still need to auth for the registration part. For the ACL, though, you can do "reloadacl" and confirm that your CIDR is getting added. When you send calls from TB to FS they should be let in via the ACL without an auth challenge.
>
> -MC
>
> On Tue, Feb 22, 2011 at 11:30 AM, Johannes Jakob <jjj at 3js.de> wrote:
> Fellow FreeSWITCH Admins,
>
> I'm having a hard time, getting a Trixbox 2.8 box to register with our FreeSWITCH SBCs.
>
> The FreeSWITCHes are running FreeSWITCH-mod_sofia/1.0.head-git-7847289, the asterisk on the trixbox is Asterisk 1.6.0.22-samy-r60.
>
>
> The user's directory entry looks like this:
>
>
> <include>
> <user id="748732" cidr="10.16.153.163/32">
> <params>
> <!--
> <param name="password" value="Idsd67Hsa"/>
> -->
> <param name="t38-passthru" value="true"/>
> </params>
> <variables>
> <variable name="client_asserted_identity" value="03023671836"/>
> <variable name="accountcode" value="748732"/>
> <variable name="contract" value="2253"/>
> <variable name="nibble_rate" value="1"/>
> <variable name="nibble_account" value="2253"/>
>
> <variable name="proxy_media" value="true"/>
> <variable name="bypass_media" value="false"/>
> <variable name="user_context" value="mysip.net"/>
> <variable name="default_language" value="de"/>
> <variable name="language" value="de"/>
> </variables>
> </user>
> </include>
>
>
> Asterisk's register string: 748732 at mysip.net@sbc1.mysip.net/748732
>
>
> I'm getting the "normal" FS errors for wrong credentials:
>
> 2011-02-22 18:03:57.484939 [WARNING] sofia_reg.c:1246 SIP auth challenge (REGISTER) on sofia profile 'internal' for [748732 at mysip.net] from ip 10.16.153.163
> 2011-02-22 18:03:57.491471 [WARNING] sofia_reg.c:1204 SIP auth failure (REGISTER) on sofia profile 'internal' for [748732 at mysip.net] from ip 10.16.153.163
>
>
> but why am I getting these? I specified the right address in the cidr statement! Why is it even bothering with anything else but the right user at domain and IP-address?
>
>
> There are some other asterisk boxes (> 1.8.2) registering to this SBC with equal settings just fine, what's wrong with this little trixbox system? ;)
>
>
>
> Of course I did get you some SIP traces as well:
>
>
> 18:00:37.063410 IP 10.16.153.163.5060 > 10.16.133.66.5060: UDP, length: 419
> E`..f...>.7.^...^..B.......-REGISTER sip:mysip.net SIP/2.0
> Via: SIP/2.0/UDP 10.16.153.163:5060;branch=z9hG4bK3e70680b;rport
> Max-Forwards: 70
> From: <sip:748732 at mysip.net>;tag=as77c8852d
> To: <sip:748732 at mysip.net>
> Call-ID: 53d04cc277cfe60301bddb6d79033420 at 10.16.153.163
> CSeq: 102 REGISTER
> User-Agent: Asterisk PBX 1.6.0.22-samy-r60
> Expires: 1800
> Contact: <sip:748732 at 10.16.153.163>
> Event: registration
> Content-Length: 0
>
>
>
> 18:00:37.074085 IP 10.16.133.66.5060 > 10.16.153.163.5060: UDP, length: 657
> E...F...?.Vc^..B^...........SIP/2.0 401 Unauthorized
> Via: SIP/2.0/UDP 10.16.153.163:5060;branch=z9hG4bK3e70680b;rport=5060
> From: <sip:748732 at mysip.net>;tag=as77c8852d
> To: <sip:748732 at mysip.net>;tag=5jD9Qcg3N9S6p
> Call-ID: 53d04cc277cfe60301bddb6d79033420 at 10.16.153.163
> CSeq: 102 REGISTER
> User-Agent: FreeSWITCH-mod_sofia/1.0.head-git-7847289 2011-02-19 23-38-04 +0100
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
> Supported: timer, precondition, path, replaces
> WWW-Authenticate: Digest realm="mysip.net", nonce="ce2bccbf-a27b-43c8-b7b0-a89ab429d8a7", algorithm=MD5, qop="auth"
> Content-Length: 0
>
>
>
> 18:00:37.074969 IP 10.16.153.163.5060 > 10.16.133.66.5060: UDP, length: 672
> E`..f...>.6.^...^..B........REGISTER sip:mysip.net SIP/2.0
> Via: SIP/2.0/UDP 10.16.153.163:5060;branch=z9hG4bK30df5010;rport
> Max-Forwards: 70
> From: <sip:748732 at mysip.net>;tag=as03431ba4
> To: <sip:748732 at mysip.net>
> Call-ID: 53d04cc277cfe60301bddb6d79033420 at 10.16.153.163
> CSeq: 103 REGISTER
> User-Agent: Asterisk PBX 1.6.0.22-samy-r60
> Authorization: Digest username="748732 at mysip.net", realm="mysip.net", algorithm=MD5, uri="sip:mysip.net", nonce="ce2bccbf-a27b-43c8-b7b0-a89ab429d8a7", response="133a0ba843fe9f5afba67d1377fa8c11", qop=auth, cnonce="119cf18c", nc=00000001
> Expires: 1800
> Contact: <sip:748732 at 10.16.153.163>
> Event: registration
> Content-Length: 0
>
>
> 18:00:37.081517 IP 10.16.133.66.5060 > 10.16.153.163.5060: UDP, length: 532
> E..0F...?.V.^..B^.........1.SIP/2.0 403 Forbidden
> Via: SIP/2.0/UDP 10.16.153.163:5060;branch=z9hG4bK30df5010;rport=5060
> From: <sip:748732 at mysip.net>;tag=as03431ba4
> To: <sip:748732 at mysip.net>;tag=6U61S706jjgSj
> Call-ID: 53d04cc277cfe60301bddb6d79033420 at 10.16.153.163
> CSeq: 103 REGISTER
> User-Agent: FreeSWITCH-mod_sofia/1.0.head-git-7847289 2011-02-19 23-38-04 +0100
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
> Supported: timer, precondition, path, replaces
> Content-Length: 0
>
>
> Can somebody point me in the right direction?
>
>
> Thanks and best regards,
>
> John
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
More information about the FreeSWITCH-users
mailing list