<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>This is incomplete. The normal flow is</div><div>-> REGISTER</div><div><- 401</div><div>-> REGISTER</div><div><- 200 or 403</div><div><br></div><div>If you look at the CSeq in the 403 you'll see its a reply to the register after the initial REGISTER.</div><div><br></div><div>401 contains a challenge that's used to generate the auth data to put in the 2nd register - that allows digest authentication which avoids sending the password in plaintext and uses a nonce to prevent replay attacks (an attacker can't capture the register and resend it later to auth themselves).</div><div><br></div><div>The digest includes the domain, if the user and password match perhaps the problem lies there...</div><div><br>Sent from my iPad</div><div><br></div><div><br></div><div><br>On 28 Dec 2012, at 01:38, Steven Schoch <<a href="mailto:schoch+freeswitch.org@xwin32.com">schoch+freeswitch.org@xwin32.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Here are the important lines from the trace: (I don't think I need to paste the whole thing.)<div><br></div><div><div>recv 1521 bytes from tcp/[192.168.4.254]:4025 at 01:28:45.696774:</div><div> ------------------------------------------------------------------------</div>
<div> REGISTER sip:192.168.4.1:5060;transport=tcp SIP/2.0</div><div> Via: SIP/2.0/TCP 192.168.4.254:4025;rport;branch=z9hG4bKPjZiQxS2mheTBbTXalnSTcX-9-vSvvYydR</div><div> Max-Forwards: 70</div><div> From: "110" <<a href="mailto:sip%3A1001@192.168.4.1">sip:1001@192.168.4.1</a>>;tag=SoDYLlxdRfdsHMTYaCd6LprFvMe6ROpl</div>
<div> To: "110" <<a href="mailto:sip%3A1001@192.168.4.1">sip:1001@192.168.4.1</a>></div><div> Call-ID: 6Y7zlZiZJekTAYupYa4SU.v2.8vpto97</div><div> CSeq: 4019 REGISTER</div><div> User-Agent: Cisco-CP3905/9.2.1</div>
<div style="">[other stuff...]</div><div style=""><br></div><div style=""><div> ------------------------------------------------------------------------</div><div>send 684 bytes to tcp/[192.168.4.254]:4025 at 01:28:45.856104:</div>
<div> ------------------------------------------------------------------------</div><div> SIP/2.0 401 Unauthorized</div><div> Via: SIP/2.0/TCP 192.168.4.254:4025;rport=4025;branch=z9hG4bKPjZiQxS2mheTBbTXalnSTcX-9-vSvvYydR</div>
<div> From: "110" <<a href="mailto:sip%3A1001@192.168.4.1">sip:1001@192.168.4.1</a>>;tag=SoDYLlxdRfdsHMTYaCd6LprFvMe6ROpl</div><div> To: "110" <<a href="mailto:sip%3A1001@192.168.4.1">sip:1001@192.168.4.1</a>>;tag=UrQB9NZ278Hpc</div>
<div> Call-ID: 6Y7zlZiZJekTAYupYa4SU.v2.8vpto97</div><div style="">[I don't think the other stuff is pertinent.]</div><div style=""><br></div><div style="">And later:</div><div style=""><div> ------------------------------------------------------------------------</div>
<div>send 562 bytes to tcp/[192.168.4.254]:4025 at 01:28:46.032084:</div><div> ------------------------------------------------------------------------</div><div> SIP/2.0 403 Forbidden</div><div> Via: SIP/2.0/TCP 192.168.4.254:4025;rport=4025;branch=z9hG4bKPjbdyYmV-sH2X-.Cs-LZUG9P36AHF5dn4E</div>
<div> From: "110" <<a href="mailto:sip%3A1001@192.168.4.1">sip:1001@192.168.4.1</a>>;tag=SoDYLlxdRfdsHMTYaCd6LprFvMe6ROpl</div><div> To: "110" <<a href="mailto:sip%3A1001@192.168.4.1">sip:1001@192.168.4.1</a>>;tag=v1g4aHg64H88Q</div>
<div> Call-ID: 6Y7zlZiZJekTAYupYa4SU.v2.8vpto97</div><div> CSeq: 4020 REGISTER</div><div><br></div><div><br></div><div style="">I have put a name/password in the Cisco config file, and the same name/password in conf/directory/1001.xml. Should this go in the conf/sip_profiles/internal section instead?</div>
<div style=""><br></div><div style="">-- </div><div style="">Steve</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Dec 27, 2012 at 4:53 PM, Michael Collins <span dir="ltr"><<a href="mailto:msc@freeswitch.org" target="_blank">msc@freeswitch.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Can you capture the SIP traffic between the phone and the server and drop it on <a href="http://pastebin.freeswitch.org" target="_blank">pastebin.freeswitch.org</a>? It might be good to review the SIP dialog, just in case there are some clues there. You can use the fs_cli if you wish:<br>
sofia profile internal siptrace on<br>(if you're using the example configs that come with FreeSWITCH. Use the correct profile name if you have one other than "internal" that you're using.)<br><br></blockquote>
</div></div></div></div>
</div></blockquote><blockquote type="cite"><div><span>_________________________________________________________________________</span><br><span>Professional FreeSWITCH Consulting Services:</span><br><span><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a></span><br><span><a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a></span><br><span></span><br><span>FreeSWITCH-powered IP PBX: The CudaTel Communication Server</span><br><span><a href="http://www.cudatel.com">http://www.cudatel.com</a></span><br><span></span><br><span>Official FreeSWITCH Sites</span><br><span><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></span><br><span><a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a></span><br><span><a href="http://www.cluecon.com">http://www.cluecon.com</a></span><br><span></span><br><span>FreeSWITCH-users mailing list</span><br><span><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a></span><br><span><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br><span>UNSUBSCRIBE:http://<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br><span><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></span><br></div></blockquote></body></html>