[Freeswitch-users] Issue with changing phone SIP port

Oleg Stolyar ostolyar at netflix.com
Tue Jun 4 09:06:21 MSD 2013 

Hi Steven,

thank you for the detailed response!   I'll check out NDLB and look further
into how the ports are changing.  The strange thing is that it happens with
some but not all softphones and that the message going to the wrong port
nevertheless gets to my computer through the router and is only rejected
here - rather than in the router.  This is evidenced by wireshark running
on my computer.  I'll let you know if I find anything useful after
investigating further.

Thanks again!


Thank you
*Oleg*


On Mon, Jun 3, 2013 at 8:57 PM, Steven Ayre <steveayre at gmail.com> wrote:

> 1. Why does FreeSWITCH initially send "Unauthorized" reply?
>
>
> It's required. SIP authentication is similar to HTTP authentication, it's
> based on challenge response. The first request fails and the response
> contains a nonce. The 2nd request sends a digest of the password combined
> with that nonce. That means you authenticate without sending your password
> over the internet plaintext and since the nonce is time-limited without
> that digest being able to be reused by an attacker.
>
> If you see yourself calling into FS without that then you are either a)
> authenticating via IP address not password or b) calling into a SIP profile
> that doesn't require authentication (eg one for receiving calls).
>
>
> 2. Does anyone know why some phones change their port during registration
>> from behind a NAT?
>
>
> That could be your NAT router changing the port mapping between requests
> (each REGISTER and INVITE is a separate SIP dialog).
>
> SIP with NAT can work, but will be messy. Mostly because not everything
> supports it, supports it well, or does it in the same way. You can also
> encounter situations where the phone and router are both trying to
> workaround the NAT issues which causes more problems than it solves.
>
> Generally FS does a good job of working around many of the issues, and has
> a few NDLB options for handling devices that don't handle NAT well. See
> http://wiki.freeswitch.org/wiki/NAT_Traversal
>
> For starters you should disable SIP ALG on your router and enable STUN in
> the SIP client, if it's supported.
>
>
> 3. Should I file a Jira ticket to have FreeSWITCH change UA's registered
>> contact info when the UA sends a message with a different Contact header?
>
>
> But what would it change it to?
>
> For handling broken devices there are some NDLB options, some do try
> rewriting the Contact to where the packet came from. That's not correct in
> all cases, but perhaps is in many. http://wiki.freeswitch.org/wiki/NDLB
>
>
> -Steve
>
>
>
>
> On 3 June 2013 21:32, Oleg Stolyar <ostolyar at netflix.com> wrote:
>
>> Hi guys,
>>
>> I ran into the following problem recently:
>>
>> Using a softphone from a computer behind a NAT I register it with
>> FreeSWITCH.
>> It registers with a certain port in the Contact header.  FreeSWITCH
>> stores this port in the user's registration info and uses it from then on
>> to send messages to the phone.
>>
>> However, for some reason FreeSWITCH initially sends back an
>> "Unauthorized" response.  After that some phones seem to send REGISTER
>> again but with a* different port*.
>> This only happen if the phone is behind a NAT.  If FreeSWITCH is on the
>> same network as the phone, the phone keeps the same port.
>>
>> FreeSWITCH ignores that and keeps trying to contact the phone on the old
>> port and of course fails.
>>
>> Only some phones seem to change their port after registration.  They
>> include 3CXPhone, X-Lite.
>> Phones that don't do this are MicroSIP and Mizu.
>>
>> I have a wireshark capture file of the session from the softphone machine
>> if anyone would like, I'll be happy to email it or publish it.
>>
>> So, I have three questions:
>> 1. Why does FreeSWITCH initially send "Unauthorized" reply?
>> 2. Does anyone know why some phones change their port during registration
>> from behind a NAT?
>> 3. Should I file a Jira ticket to have FreeSWITCH change UA's registered
>> contact info when the UA sends a message with a different Contact header?
>>
>>
>> Thank you
>> *Oleg*
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130603/d2b7f0a6/attachment-0001.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list