[Freeswitch-users] Polycom IP 335 - 401 Unauthorized .... NAT ISSUE?

Sean Devoy sdevoy at bizfocused.com
Fri Dec 7 23:15:17 MSK 2012 

First Brian THANKS, it clearly took some time to put together such a
detailed response.

 

I reset to factory settings.

I have updated to a minor newer version than yours.

Yours 


UC Software Version

4.0.2.11307

Mine


UC Software Version

4.0.3.7562

 

I set everything EXACTLY as you specified in your post except my server,
extension, password, etc  where it applies.

It still fails.  There is an interesting difference in the SIP Messages
though.  From yours the phone sends CSeq: 1 Register, gets a response for
CSeq: 1 Register (with the nonce), then your phone sends CSeq: 2 Register .
>From mine the phone sends CSeq: 1 Register  again, and again, and again.  I
still think it is actually not receiving the 401 message with the nonce.

 

One other minor difference that may by important. On your FIRST 401
Unauthorized Message Via line says

Via: SIP/2.0/UDP
10.0.0.39;branch=z9hG4bK848ac3ba5589D827;received=76.238.166.184;rport=5060

Mine says:

Via: SIP/2.0/UDP
10.10.40.47;branch=z9hG4bKa9b37440268F7B2B;received=71.127.152.57

 

It does not have an rport.  I don't know if that matters.  It doesn't it
matter that other phones here are using port 5060, right?  Are their other
ports I can specify for rport?  How can I tell if the phone is actually
getting the 401?

 

The syslog from the phone says:

sip  |4|03|Registration failed User: 228, Error Code:480 Temporarily not
available 10.10.40.47   07/12 14:48:17.315  

 

Thanks again for your help.

 

From: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Brian
Foster
Sent: Friday, December 07, 2012 2:11 PM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] Polycom IP 335 - 401 Unauthorized .... NAT
ISSUE?

 

This might help you:

 

http://pastebin.freeswitch.org/20301

 

Try comparing the SIP messages to yours. Notice that it tries to register
twice, the first one is Unauthorized.

 

On Fri, Dec 7, 2012 at 1:54 PM, Brian Foster <bdfoster at endigotech.com>
wrote:

Let's do this step by step. First of all, my server is off site. We are
going through a NAT in order to get to FreeSWITCH. Looks like this is the
same setup you have.

 

I have the same phone as you do:


Phone Information


Phone Model

SoundPoint IP 335


Part Number

2345-12375-001 Rev:A


MAC Address

00:04:F2:37:3D:C0


IP Address

10.0.0.39


UC Software Version

4.0.2.11307


BootROM Software Version

5.0.2.12692


Alright so now that we have that squared away, the next step is to set up
the phone.

 

Settings > SIP

 

Local Settings:

 

Local SIP Port: 0

Calls Per Line Key: 4

New SDP Type: Disable

Live Communication Server Support: Disable

Non-Standard Line Seize: Enable

Digitmap: Not relevent

Digitmap Timeout: 3|3|3|3|3|3

Remove End-of-Dial Marker: Enable

Digit Impossible Match: 0

 

Outbound Proxy:

 

Address: <Blank>

Port: 0

Transport: DNSnaptr

 

Server 1:

 

Address: pbx.endigovoip.com

Port: 0

Transport: DNSnaptr (You shouldn't have issues with UDPonly, might be worth
trying though.

Espires (s): 3600

Register: Yes

Retry Timeout (ms): 0

Retry Maximum Count: 3

Line Seize Timeout: 30

 

I do not have a second server.

 

Settings > Network > NAT

 


NAT


* IP Address

	

* Signalling Port

0


* Media Port Start

0


Keep-Alive Interval (s)

0

 

Settings > Lines

 

  <http://10.0.0.39/images/icon_minus.gif>  Identification


Display Name

Brian Foster


Address

2546 at pbx.endigovoip.com


Authentication User ID

2546


Authentication Password

[          ]


Label

2546


Type

(X) Private ( ) Shared


Third Party Name

	

Number of Line Keys

2


Calls Per Line

4


Ring Type

[Low Trill \/]

  <http://10.0.0.39/images/icon_minus.gif>  Outbound Proxy


Address

	

Port

0


Transport

[DNSnaptr \/]

  <http://10.0.0.39/images/icon_minus.gif>  Server 1


Address

	

Port

0


Transport

[DNSnaptr \/]


Expires (s)

3600


Register

(X) Yes ( ) No


Retry Timeout (ms)

0


Retry Maximum Count

3


Line Seize Timeout (s)

30

  <http://10.0.0.39/images/icon_minus.gif>  Server 2


Address

	

Port

0


Transport

[DNSnaptr \/]


Expires (s)

3600


Register

(X) Yes ( ) No


Retry Timeout (ms)

0


Retry Maximum Count

3


Line Seize Timeout (s)

30

  <http://10.0.0.39/images/icon_minus.gif>  Call Diversion


* Always Forward

(X) Enable ( ) Disable


* Always Forward To Contact

	
		

* If Busy, Forward

(X) Enable ( ) Disable


* If Busy, Forward To Contact

	
		

* On No Answer, Forward

(X) Enable ( ) Disable


* On No Answer, Forward To Contact

	

* No Answer Timeout (seconds)

55

		

* On Do Not Disturb, Forward

( ) Enable (X) Disable


* On Do Not Disturb, Forward To Contact

	
		

* Disable Forward For Shared Lines

(X) Yes ( ) No

		

* Forward Specific Caller

(X) Enable ( ) Disable

  <http://10.0.0.39/images/icon_minus.gif>  Message Center


Subscription Address

	

Callback Mode

[Registration \/]


Callback Contact

	

 

 

Check those and let us know where you stand after that.

 

-BDF

 

On Fri, Dec 7, 2012 at 1:20 PM, Steven Ayre <steveayre at gmail.com> wrote:

Try this parameter:

http://wiki.freeswitch.org/wiki/NDLB#NDLB-force-rport

 

or if that fails

http://wiki.freeswitch.org/wiki/NDLB#NDLB-connectile-dysfunction

 

On 7 December 2012 16:39, Sean Devoy <sdevoy at bizfocused.com> wrote:

HI All,

 

I am still banging my head against the wall here try to get a Polycom 335 to
register w/ FS.  I have checked all the SERVER and USER/AUTH fields like
1000 times and 900 variations.  I think my problem may be NAT related.  I
know on my CISCO 504G I had to enable several NAT features to work behind
our firewall.  I am totally new to Polycom, so some very basic help is
needed.

 

The server is remote but not behind a NAT there.  The phones are NAT'ed to
the internet.  In the sofia sip trace I see this over and over:

   ------------------------------------------------------------------------

recv 552 bytes from udp/[71.127.152.57]:1026 at 16:26:07.358892:

   ------------------------------------------------------------------------

   REGISTER sip:fs_bfis.bizfocused.com SIP/2.0

   Via: SIP/2.0/UDP 10.10.40.47:5060;branch=z9hG4bKbf81dbdc8E687A5

   From: "228 Sean" <sip:228 at fs_bfis.bizfocused.com
<mailto:sip%3A228 at fs_bfis.bizfocused.com> >;tag=3F42C046-B61A297

   To: <sip:228 at fs_bfis.bizfocused.com
<mailto:sip%3A228 at fs_bfis.bizfocused.com> >

   CSeq: 1 REGISTER

   Call-ID: 2f482c2-2599cc43-1fb1a78 at 10.10.40.47

   Contact: <sip:228 at 10.10.40.47:5060>;methods="INVITE, ACK, BYE, CANCEL,
OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER"

   User-Agent: PolycomSoundPointIP-SPIP_335-UA/3.3.3.0069

   Accept-Language: en

   Max-Forwards: 70

   Expires: 600

   Content-Length: 0

 

   ------------------------------------------------------------------------

send 710 bytes to udp/[71.127.152.57]:5060 at 16:26:07.359067:

   ------------------------------------------------------------------------

   SIP/2.0 401 Unauthorized

   Via: SIP/2.0/UDP
10.10.40.47:5060;branch=z9hG4bKbf81dbdc8E687A5;received=71.127.152.57

  From: "228 Sean" <sip:228 at fs_bfis.bizfocused.com
<mailto:sip%3A228 at fs_bfis.bizfocused.com> >;tag=3F42C046-B61A297

   To: <sip:228 at fs_bfis.bizfocused.com
<mailto:sip%3A228 at fs_bfis.bizfocused.com> >;tag=t232me1NSD02S

   Call-ID: 2f482c2-2599cc43-1fb1a78 at 10.10.40.47

   CSeq: 1 REGISTER

   User-Agent:
FreeSWITCH-mod_sofia/1.2.0-rc2+git~20120712T080314Z~435f28cefb+unclean~20120
712T101002Z

   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO,
REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE

   Supported: precondition, path, replaces

   WWW-Authenticate: Digest realm="fs_bfis.bizfocused.com",
nonce="b9583359-0163-4bf2-9818-788f64c34207", algorithm=MD5, qop="auth"

   Content-Length: 0

If I understand correctly, the server should be sending back this 401
message with the nonce so the phone can re-attempt the registration with an
encrypted password.  If NAT is failing, the phone is never seeing the 401 w/
the nonce.

 

So what do I do in the WEB config interface to enable NAT on this phone?

 

Thanks,

Sean 

 

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

 


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org





 

-- 
Brian D. Foster
Endigo Computer LLC
Email: bdfoster at endigotech.com
Phone: 317-800-7876
Indianapolis, Indiana, USA

This message contains confidential information and is intended for those
listed in the "To:", "CC:", and/or "BCC:" fields of the message header. If
you are not the intended recipient you are notified that disclosing,
copying, distributing or taking any action in reliance on the contents of
this information is strictly prohibited. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be intercepted,
corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message, which arise as a result of e-mail
transmission. If verification is required please request a hard-copy
version.





 

-- 
Brian D. Foster
Endigo Computer LLC
Email: bdfoster at endigotech.com
Phone: 317-800-7876
Indianapolis, Indiana, USA

This message contains confidential information and is intended for those
listed in the "To:", "CC:", and/or "BCC:" fields of the message header. If
you are not the intended recipient you are notified that disclosing,
copying, distributing or taking any action in reliance on the contents of
this information is strictly prohibited. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be intercepted,
corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message, which arise as a result of e-mail
transmission. If verification is required please request a hard-copy
version.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20121207/b34f84f0/attachment-0001.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list