[Freeswitch-users] Issue with changing phone SIP port

Tue Jun 4 07:57:10 MSD 2013

>
> 1. Why does FreeSWITCH initially send "Unauthorized" reply?

It's required. SIP authentication is similar to HTTP authentication, it's
based on challenge response. The first request fails and the response
contains a nonce. The 2nd request sends a digest of the password combined
with that nonce. That means you authenticate without sending your password
over the internet plaintext and since the nonce is time-limited without
that digest being able to be reused by an attacker.

If you see yourself calling into FS without that then you are either a)
authenticating via IP address not password or b) calling into a SIP profile
that doesn't require authentication (eg one for receiving calls).

2. Does anyone know why some phones change their port during registration
> from behind a NAT?

That could be your NAT router changing the port mapping between requests
(each REGISTER and INVITE is a separate SIP dialog).

SIP with NAT can work, but will be messy. Mostly because not everything
supports it, supports it well, or does it in the same way. You can also
encounter situations where the phone and router are both trying to
workaround the NAT issues which causes more problems than it solves.

Generally FS does a good job of working around many of the issues, and has
a few NDLB options for handling devices that don't handle NAT well. See
http://wiki.freeswitch.org/wiki/NAT_Traversal

For starters you should disable SIP ALG on your router and enable STUN in
the SIP client, if it's supported.

3. Should I file a Jira ticket to have FreeSWITCH change UA's registered
> contact info when the UA sends a message with a different Contact header?

But what would it change it to?

For handling broken devices there are some NDLB options, some do try
rewriting the Contact to where the packet came from. That's not correct in
all cases, but perhaps is in many. http://wiki.freeswitch.org/wiki/NDLB

-Steve

On 3 June 2013 21:32, Oleg Stolyar <ostolyar at netflix.com> wrote:

> Hi guys,
>
> I ran into the following problem recently:
>
> Using a softphone from a computer behind a NAT I register it with
> FreeSWITCH.
> It registers with a certain port in the Contact header.  FreeSWITCH stores
> this port in the user's registration info and uses it from then on to send
> messages to the phone.
>
> However, for some reason FreeSWITCH initially sends back an "Unauthorized"
> response.  After that some phones seem to send REGISTER again but with a*different port
> *.
> This only happen if the phone is behind a NAT.  If FreeSWITCH is on the
> same network as the phone, the phone keeps the same port.
>
> FreeSWITCH ignores that and keeps trying to contact the phone on the old
> port and of course fails.
>
> Only some phones seem to change their port after registration.  They
> include 3CXPhone, X-Lite.
> Phones that don't do this are MicroSIP and Mizu.
>
> I have a wireshark capture file of the session from the softphone machine
> if anyone would like, I'll be happy to email it or publish it.
>
> So, I have three questions:
> 1. Why does FreeSWITCH initially send "Unauthorized" reply?
> 2. Does anyone know why some phones change their port during registration
> from behind a NAT?
> 3. Should I file a Jira ticket to have FreeSWITCH change UA's registered
> contact info when the UA sends a message with a different Contact header?
>
>
> Thank you
> *Oleg*
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130604/ece4a850/attachment-0001.html 