[Freeswitch-users] Polycom IP 335 - 401 Unauthorized .... NAT ISSUE?

Brian Foster bdfoster at endigotech.com
Fri Dec 7 22:11:23 MSK 2012


This might help you:

http://pastebin.freeswitch.org/20301

Try comparing the SIP messages to yours. Notice that it tries to register
twice, the first one is Unauthorized.


On Fri, Dec 7, 2012 at 1:54 PM, Brian Foster <bdfoster at endigotech.com>wrote:

> Let's do this step by step. First of all, my server is off site. We are
> going through a NAT in order to get to FreeSWITCH. Looks like this is the
> same setup you have.
>
> I have the same phone as you do:
>  Phone InformationPhone Model SoundPoint IP 335Part Number2345-12375-001
> Rev:A MAC Address00:04:F2:37:3D:C0 IP Address10.0.0.39UC Software Version
> 4.0.2.11307BootROM Software Version5.0.2.12692
>
> Alright so now that we have that squared away, the next step is to set up
> the phone.
>
> Settings > SIP
>
> Local Settings:
>
> Local SIP Port: 0
> Calls Per Line Key: 4
> New SDP Type: Disable
> Live Communication Server Support: Disable
> Non-Standard Line Seize: Enable
> Digitmap: Not relevent
> Digitmap Timeout: 3|3|3|3|3|3
> Remove End-of-Dial Marker: Enable
> Digit Impossible Match: 0
>
> Outbound Proxy:
>
> Address: <Blank>
> Port: 0
> Transport: DNSnaptr
>
> Server 1:
>
> Address: pbx.endigovoip.com
> Port: 0
> Transport: DNSnaptr (You shouldn't have issues with UDPonly, might be
> worth trying though.
> Espires (s): 3600
> Register: Yes
> Retry Timeout (ms): 0
> Retry Maximum Count: 3
> Line Seize Timeout: 30
>
> I do not have a second server.
>
> Settings > Network > NAT
>
> NAT
> *** IP Address *** Signalling Port *** Media Port Start Keep-Alive
> Interval (s)
>
> Settings > Lines
>
>  *Identification*
> Display Name Address Authentication User ID Authentication Password Label
> Type  Private  Shared Third Party Name Number of Line Keys Calls Per Line Ring
> TypeLow TrillLow Double TrillMedium TrillMedium Double TrillHigh TrillHigh
> Double TrillHighest TrillHighest Double TrillBeebleTripletRingback-styleLow
> Trill PrecedenceRing Splash
>
>  *Outbound Proxy*
> Address Port Transport                    UDPOnly
> TCPpreferred                   DNSnaptr                   TCPonly
>           TLS
>
>  *Server 1*
> Address Port Transport                   UDPOnly
> TCPpreferred                   DNSnaptr                   TCPonly
>           TLS                  Expires (s) Register Yes  No Retry Timeout
> (ms) Retry Maximum Count Line Seize Timeout (s)
>
>  *Server 2*
> Address Port Transport                   UDPOnly
> TCPpreferred                   DNSnaptr                   TCPonly
>           TLS                  Expires (s) Register Yes  No Retry Timeout
> (ms) Retry Maximum Count Line Seize Timeout (s)
>
>  *Call Diversion*
> *** Always Forward  Enable  Disable *** Always Forward To Contact *** If
> Busy, Forward Enable  Disable *** If Busy, Forward To Contact *** On No
> Answer, Forward  Enable  Disable *** On No Answer, Forward To Contact *** No
> Answer Timeout (seconds) *** On Do Not Disturb, Forward  Enable  Disable *
> ** On Do Not Disturb, Forward To Contact *** Disable Forward For Shared
> Lines  Yes  No *** Forward Specific Caller  Enable  Disable
>
>  *Message Center*
> Subscription Address Callback Mode                    Registration
>              Contact                   Disabled                  Callback
> Contact
>
>
> Check those and let us know where you stand after that.
>
> -BDF
>
> On Fri, Dec 7, 2012 at 1:20 PM, Steven Ayre <steveayre at gmail.com> wrote:
>
>> Try this parameter:
>> http://wiki.freeswitch.org/wiki/NDLB#NDLB-force-rport
>>
>> or if that fails
>> http://wiki.freeswitch.org/wiki/NDLB#NDLB-connectile-dysfunction
>>
>>
>> On 7 December 2012 16:39, Sean Devoy <sdevoy at bizfocused.com> wrote:
>>
>>> HI All,****
>>>
>>> ** **
>>>
>>> I am still banging my head against the wall here try to get a Polycom
>>> 335 to register w/ FS.  I have checked all the SERVER and USER/AUTH fields
>>> like 1000 times and 900 variations.  I think my problem may be NAT
>>> related.  I know on my CISCO 504G I had to enable several NAT features to
>>> work behind our firewall.  I am totally new to Polycom, so some very basic
>>> help is needed.****
>>>
>>> ** **
>>>
>>> The server is remote but not behind a NAT there.  The phones are NAT’ed
>>> to the internet.  In the sofia sip trace I see this over and over:****
>>>
>>>
>>> ------------------------------------------------------------------------
>>> ****
>>>
>>> recv 552 bytes from udp/[71.127.152.57]:1026 at 16:26:07.358892:****
>>>
>>>
>>> ------------------------------------------------------------------------
>>> ****
>>>
>>>    REGISTER sip:fs_bfis.bizfocused.com SIP/2.0****
>>>
>>>    Via: SIP/2.0/UDP 10.10.40.47:5060;branch=z9hG4bKbf81dbdc8E687A5****
>>>
>>>    From: "228 Sean" <sip:228 at fs_bfis.bizfocused.com
>>> >;tag=3F42C046-B61A297****
>>>
>>>    To: <sip:228 at fs_bfis.bizfocused.com>****
>>>
>>>    CSeq: 1 REGISTER****
>>>
>>>    Call-ID: 2f482c2-2599cc43-1fb1a78 at 10.10.40.47****
>>>
>>>    Contact: <sip:228 at 10.10.40.47:5060>;methods="INVITE, ACK, BYE,
>>> CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER"
>>> ****
>>>
>>>    User-Agent: PolycomSoundPointIP-SPIP_335-UA/3.3.3.0069****
>>>
>>>    Accept-Language: en****
>>>
>>>    Max-Forwards: 70****
>>>
>>>    Expires: 600****
>>>
>>>    Content-Length: 0****
>>>
>>> ** **
>>>
>>>
>>> ------------------------------------------------------------------------
>>> ****
>>>
>>> send 710 bytes to udp/[71.127.152.57]:5060 at 16:26:07.359067:****
>>>
>>>
>>> ------------------------------------------------------------------------
>>> ****
>>>
>>>    SIP/2.0 401 Unauthorized****
>>>
>>>    Via: SIP/2.0/UDP 10.10.40.47:5060
>>> ;branch=z9hG4bKbf81dbdc8E687A5;received=71.127.152.57****
>>>
>>>   From: "228 Sean" <sip:228 at fs_bfis.bizfocused.com>;tag=3F42C046-B61A297
>>> ****
>>>
>>>    To: <sip:228 at fs_bfis.bizfocused.com>;tag=t232me1NSD02S****
>>>
>>>    Call-ID: 2f482c2-2599cc43-1fb1a78 at 10.10.40.47****
>>>
>>>    CSeq: 1 REGISTER****
>>>
>>>    User-Agent:
>>> FreeSWITCH-mod_sofia/1.2.0-rc2+git~20120712T080314Z~435f28cefb+unclean~20120712T101002Z
>>> ****
>>>
>>>    Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO,
>>> REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE****
>>>
>>>    Supported: precondition, path, replaces****
>>>
>>>    WWW-Authenticate: Digest realm="fs_bfis.bizfocused.com",
>>> nonce="b9583359-0163-4bf2-9818-788f64c34207", algorithm=MD5, qop="auth"*
>>> ***
>>>
>>>    Content-Length: 0****
>>>
>>> ****
>>>
>>> If I understand correctly, the server should be sending back this 401
>>> message with the nonce so the phone can re-attempt the registration with an
>>> encrypted password.  If NAT is failing, the phone is never seeing the 401
>>> w/ the nonce.****
>>>
>>> ** **
>>>
>>> So what do I do in the WEB config interface to enable NAT on this phone?
>>> ****
>>>
>>> ** **
>>>
>>> Thanks,****
>>>
>>> Sean ****
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
>
> --
> Brian D. Foster
> Endigo Computer LLC
> Email: bdfoster at endigotech.com
> Phone: 317-800-7876
> Indianapolis, Indiana, USA
>
> This message contains confidential information and is intended for those
> listed in the "To:", "CC:", and/or "BCC:" fields of the message header. If
> you are not the intended recipient you are notified that disclosing,
> copying, distributing or taking any action in reliance on the contents of
> this information is strictly prohibited. E-mail transmission cannot be
> guaranteed to be secure or error-free as information could be intercepted,
> corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
> The sender therefore does not accept liability for any errors or omissions
> in the contents of this message, which arise as a result of e-mail
> transmission. If verification is required please request a hard-copy
> version.
>
>


-- 
Brian D. Foster
Endigo Computer LLC
Email: bdfoster at endigotech.com
Phone: 317-800-7876
Indianapolis, Indiana, USA

This message contains confidential information and is intended for those
listed in the "To:", "CC:", and/or "BCC:" fields of the message header. If
you are not the intended recipient you are notified that disclosing,
copying, distributing or taking any action in reliance on the contents of
this information is strictly prohibited. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be intercepted,
corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message, which arise as a result of e-mail
transmission. If verification is required please request a hard-copy
version.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20121207/8f7ee6bb/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list