[Freeswitch-users] Gateway Authentication

Chad Vogel cvogel at lyonl.com
Tue Sep 20 20:34:27 MSD 2011


Hello, I'm trying to make the move from Asterix, but I'm running into some difficulties. I'm try to bridge a call using our gateway however it doesn't work. In wireshark I can see I'm getting an SIP 401 Unauthorized error with a WWW-Authenticate header, after FS send the INVITE message to the gateway. However FS doesnt seem to respond to the request for Authentication.  Asterix responds correctly however I cant seem to make FS to do the same. Any help would be appreciated


INVITE sip:+15618911806 at 4.55.35.60:5070 SIP/2.0
Via: SIP/2.0/UDP 207.67.30.226;rport;branch=z9hG4bKB49SZQHrgaaKc
Max-Forwards: 8
From: "LyonL" <sip:+14142211800 at 207.67.30.226:5060>;tag=eZe8gcQgXXv5c
To: <sip:+15618911806 at 4.55.35.60:5070>
Call-ID: 4f8edae0-5e45-122f-6399-07d4dbeff43f
CSeq: 17931324 INVITE
Contact: <sip:1-F2la9 at 207.67.30.226:5060;transport=udp;gw=level3>
User-Agent: FreeSWITCH
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY
Supported: timer, precondition, path, replaces
Allow-Events: talk, hold, refer
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 227
X-FS-Support: update_display
Remote-Party-ID: "LyonL" <sip:+14142211800 at 207.67.30.226:5060>;party=calling;screen=yes;privacy=off

v=0
o=FreeSWITCH 1316516832 1316516833 IN IP4 10.126.200.6
s=FreeSWITCH
c=IN IP4 10.126.200.6
t=0 0
m=audio 17944 RTP/AVP 0 8 18 101 13
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20


SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 207.67.30.226;received=207.67.30.226;branch=z9hG4bKB49SZQHrgaaKc;rport=42534
From: "LyonL" <sip:+14142211800 at 207.67.30.226:5060>;tag=eZe8gcQgXXv5c
To: <sip:+15618911806 at 4.55.35.60:5070>;tag=SD6soqf99-1367649635-1316534779161
Call-ID: 4f8edae0-5e45-122f-6399-07d4dbeff43f
CSeq: 17931324 INVITE
WWW-Authenticate: DIGEST qop="auth",nonce="BroadWorksXgst2td09Tbihi2qBW",algorithm=MD5,realm="BroadWorks"
Content-Length: 0

  <include>
    <extension name="4142211800">
      <condition field="destination_number" expression="^(\+?1)?(4142211800)$">
        <action application="set" data="effective_caller_id_name=LyonL"/>
        <action application="set" data="effective_caller_id_number=+14142211800"/>
        <action application="bridge" data="sofia/gateway/level3/+15618911806"/>
      </condition>
    </extension>
  </include>

<include>
  <gateway name="level3">
    <param name="apply-inbound-acl" value="level3"/>
    <param name="username" value="1-F2la9"/>
    <param name="password" value="password"/>>
    <param name="realm" value="BroadWorks"/>
    <param name="proxy" value="4.55.35.60:5070"/>
    <param name="from-domain" value="207.67.30.226:5060"/>
    <param name="dtmf-type" value="rfc2833"/>
    <param name="extension-in-contact" value="true"/>
    <param name="caller-id-in-from" value="true"/>
    <param name="register" value="false"/>
  </gateway>
</include>

<profile name="external">
  <!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
  <!-- This profile is only for outbound registrations to providers -->
  <gateways>
    <X-PRE-PROCESS cmd="include" data="external/*.xml"/>
  </gateways>

  <aliases>
    <!--
    <alias name="outbound"/>
    <alias name="nat"/>
    -->
  </aliases>

  <domains>
    <domain name="all" alias="false" parse="true"/>
  </domains>

  <settings>
    <param name="debug" value="0"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
    <param name="sip-trace" value="no"/>
    <param name="sip-capture" value="no"/>
    <param name="rfc2833-pt" value="101"/>
    <param name="sip-port" value="$${external_sip_port}"/>
    <param name="dialplan" value="XML"/>
    <param name="context" value="public"/>
    <param name="dtmf-duration" value="2000"/>
    <param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
    <param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
    <param name="hold-music" value="$${hold_music}"/>
    <param name="rtp-timer-name" value="soft"/>
    <!--<param name="enable-100rel" value="true"/>-->
    <!--<param name="disable-srv503" value="true"/>-->
    <!-- This could be set to "passive" -->
    <param name="local-network-acl" value="localnet.auto"/>
    <param name="manage-presence" value="false"/>

    <!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
    -->
    <!-- Name of the db to use for this profile -->
    <!--<param name="dbname" value="share_presence"/>-->
    <!--<param name="presence-hosts" value="$${domain}"/>-->
    <!--<param name="force-register-domain" value="$${domain}"/>-->
    <!--all inbound reg will stored in the db using this domain -->
    <!--<param name="force-register-db-domain" value="$${domain}"/>-->
    <!-- ************************************************* -->

    <!--<param name="aggressive-nat-detection" value="true"/>-->
    <param name="inbound-codec-negotiation" value="generous"/>
    <param name="nonce-ttl" value="60"/>
    <param name="auth-calls" value="false"/>
    <!--<param name="challenge-realm" value="auto_from"/>-->
    <param name="user-agent-string" value="FreeSWITCH"/>
    <!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
    -->
    <param name="rtp-ip" value="$${local_ip_v4}"/>
    <param name="sip-ip" value="$${local_ip_v4}"/>
    <param name="ext-rtp-ip" value="auto-nat"/>
    <param name="ext-sip-ip" value="$${external_sip_ip}"/>
    <param name="rtp-timeout-sec" value="300"/>
    <param name="rtp-hold-timeout-sec" value="1800"/>
    <!--<param name="enable-3pcc" value="true"/>-->

    <!-- TLS: disabled by default, set to "true" to enable -->
    <param name="tls" value="$${external_ssl_enable}"/>
    <!-- additional bind parameters for TLS -->
    <param name="tls-bind-params" value="transport=tls"/>
    <!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
    <param name="tls-sip-port" value="$${external_tls_port}"/>
    <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
    <param name="tls-cert-dir" value="$${external_ssl_dir}"/>
    <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
    <param name="tls-version" value="$${sip_tls_version}"/>

  </settings>
</profile>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110920/2ade2f31/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list