[Freeswitch-users] Newbie question about Cisco phones

Fri Dec 28 13:13:59 MSK 2012

This is incomplete. The normal flow is
-> REGISTER
<- 401
-> REGISTER
<- 200 or 403

If you look at the CSeq in the 403 you'll see its a reply to the register after the initial REGISTER.

401 contains a challenge that's used to generate the auth data to put in the 2nd register - that allows digest authentication which avoids sending the password in plaintext and uses a nonce to prevent replay attacks (an attacker can't capture the register and resend it later to auth themselves).

The digest includes the domain, if the user and password match perhaps the problem lies there...

Sent from my iPad

On 28 Dec 2012, at 01:38, Steven Schoch <schoch+freeswitch.org at xwin32.com> wrote:

> Here are the important lines from the trace:  (I don't think I need to paste the whole thing.)
> 
> recv 1521 bytes from tcp/[192.168.4.254]:4025 at 01:28:45.696774:
>    ------------------------------------------------------------------------
>    REGISTER sip:192.168.4.1:5060;transport=tcp SIP/2.0
>    Via: SIP/2.0/TCP 192.168.4.254:4025;rport;branch=z9hG4bKPjZiQxS2mheTBbTXalnSTcX-9-vSvvYydR
>    Max-Forwards: 70
>    From: "110" <sip:1001 at 192.168.4.1>;tag=SoDYLlxdRfdsHMTYaCd6LprFvMe6ROpl
>    To: "110" <sip:1001 at 192.168.4.1>
>    Call-ID: 6Y7zlZiZJekTAYupYa4SU.v2.8vpto97
>    CSeq: 4019 REGISTER
>    User-Agent: Cisco-CP3905/9.2.1
> [other stuff...]
> 
>    ------------------------------------------------------------------------
> send 684 bytes to tcp/[192.168.4.254]:4025 at 01:28:45.856104:
>    ------------------------------------------------------------------------
>    SIP/2.0 401 Unauthorized
>    Via: SIP/2.0/TCP 192.168.4.254:4025;rport=4025;branch=z9hG4bKPjZiQxS2mheTBbTXalnSTcX-9-vSvvYydR
>    From: "110" <sip:1001 at 192.168.4.1>;tag=SoDYLlxdRfdsHMTYaCd6LprFvMe6ROpl
>    To: "110" <sip:1001 at 192.168.4.1>;tag=UrQB9NZ278Hpc
>    Call-ID: 6Y7zlZiZJekTAYupYa4SU.v2.8vpto97
> [I don't think the other stuff is pertinent.]
> 
> And later:
>    ------------------------------------------------------------------------
> send 562 bytes to tcp/[192.168.4.254]:4025 at 01:28:46.032084:
>    ------------------------------------------------------------------------
>    SIP/2.0 403 Forbidden
>    Via: SIP/2.0/TCP 192.168.4.254:4025;rport=4025;branch=z9hG4bKPjbdyYmV-sH2X-.Cs-LZUG9P36AHF5dn4E
>    From: "110" <sip:1001 at 192.168.4.1>;tag=SoDYLlxdRfdsHMTYaCd6LprFvMe6ROpl
>    To: "110" <sip:1001 at 192.168.4.1>;tag=v1g4aHg64H88Q
>    Call-ID: 6Y7zlZiZJekTAYupYa4SU.v2.8vpto97
>    CSeq: 4020 REGISTER
> 
> 
> I have put a name/password in the Cisco config file, and the same name/password in conf/directory/1001.xml.  Should this go in the conf/sip_profiles/internal section instead?
> 
> -- 
> Steve
> 
> On Thu, Dec 27, 2012 at 4:53 PM, Michael Collins <msc at freeswitch.org> wrote:
>> Can you capture the SIP traffic between the phone and the server and drop it on pastebin.freeswitch.org? It might be good to review the SIP dialog, just in case there are some clues there. You can use the fs_cli if you wish:
>> sofia profile internal siptrace on
>> (if you're using the example configs that come with FreeSWITCH. Use the correct profile name if you have one other than "internal" that you're using.)
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20121228/1efc7c97/attachment.html 