[Freeswitch-users] 401 Unauthorized / phone, router or my fs config?
Vitalie Colosov
vetali100 at gmail.com
Tue Nov 22 10:16:54 MSK 2011
Most probably some NAT issue happens on the client side.
Router is not doing port translation as required.
FS replies to a port which is indicated in REGISTER request (correct),
however client expects the reply on a different port.
Try to enable <param name="NDLB-force-rport" value="true"/> in the profile.
http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files#NDLB_.28A.K.A._No_device_left_behind.29
Please reply if this helped.
Vitalie
2011/11/21 Charlie Orford <charlie.orford at attackplan.net>
> Hello list
>
> I am an asterisk refugee and currently in the midst of moving our voip
> platform across to freeswitch. The goal is to have FS in the cloud (on a
> dedicated Linode virtual machine running Debian Squeeze), with all office
> phones (Aastra 57i units) connecting via the public internet.
>
> FS is compiled and running on the linode machine (using the latest git
> build from a week ago). It is setup to listen on the public IP only so
> there is no NAT happening at the server end. All relevant firewall ports
> are open (tcp/udp 5060, tcp/udp 5080 and udp 16384:32768).
>
> Because our office net connection has a dynamic IP, we are using (or
> trying to use) digest authentication rather than ACLs in order to control
> user/extension access to the internal sip profile.
>
> The problem:
>
> For some reason, none of our phones are able to successfully register with
> FS. Running fs_cli with logging at 7 and enabling "sofia global siptrace
> on" shows that the phones make contact and try to REGISTER but when FS
> replies with a 401 Unauthorized and requests the phone authenticate via
> digest, the phone seems to ignore this and just repeatedly keeps sending
> the same original REGISTER request with no accompanying Authorization
> header.
>
> My hunch is that the problem must lie with the phone or our router rather
> than FS but I'm a little out of my depth with this problem and so would
> appreciate any insight or advice.
>
>
> For a transcript of a failed registration between our FS server and a
> phone at the office, please see: http://pastebin.com/1qRudrvE (note:
> server and phone ip has been changed to protect the innocent).
>
> I also have a screen shot of the phone's SIP config here:
> http://imgur.com/2lwiN (we are running the latest publically available
> Aastra firmware on the phones - v3.2.2.56).
>
> Finally, in case it is relevant, the router at the office is a Draytek
> Vigor 2600 ADSL router (about 5 years old now but working happily as far as
> we know).
>
>
> Thanks + Regards,
> Charlie
>
>
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20111121/40120d2e/attachment.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list