[Freeswitch-users] Freeswitch not sending 401 on register
Michael Jerris
mike at jerris.com
Wed Feb 5 16:53:29 MSK 2014
The nonce is stale when the far end determines they don't know the nonce you sent them or they have expired it, hence the complications when using multiple remote hosts. We send an auth header when we already have a nonce from the remote side from a previous interaction, and we will re-use the nonce with the nc attribute as to not require a new nonce every time.
Mike
On Feb 5, 2014, at 4:45 AM, Stephen Thwaites <stephen.thwaites at callstera.com> wrote:
> Thanks Mike,
> Yes this makes perfect sense! At what point does the nonce or
> authorization become stale? Under which circumstances does a phone
> send an authorization header? Would this be a setting in the telephone
> configuration? Maybe I should read the SIP spec again :)
>
> Regards,
> Steve.
>
> On Mon, Feb 3, 2014 at 5:25 PM, Michael Jerris <mike at jerris.com> wrote:
>> We don't need to challenge in the case there is already an Authorization header with a valid nonce. This would generally be preferred to not re challenge every request.
>>
>> Mike
>>
>> On Feb 3, 2014, at 7:18 AM, Stephen Thwaites <stephen.thwaites at callstera.com> wrote:
>>
>>> Hello,
>>> Registrations on my FS follow this pattern.
>>>
>>> Register
>>> Unauthorised 401
>>> Register with Authorization
>>> 200 OK
>>>
>>> I have recently added another phone in another domain on the same
>>> profile and the first Register attempt follows the above pattern but
>>> thereafter (every 10 mins) the phone sends a register with the
>>> authorization already included, the 401 is not sent. I.e.
>>>
>>> Register with Authorization
>>> 200 OK
>>>
>>> I haven't modified any ACL, apply-register-acl is commented out in the
>>> internal.xml profile. I have studied the ACL page in the wiki, but
>>> cannot clarify this behavior.
>>>
>>> I also cannot find any settings in the sip phone either.
>>>
>>> Any insights would be appreciated?
>>>
>>> Small sip trace here, First Register is without 401 and the second with 401!
>>>
>>> Many thanks!
>>>
>>> Regards,
>>> Steve.
>>>
>>> ------------------------------------------------------------------------
>>> recv 827 bytes from udp/[80.101.42.120]:58860 at 10:37:08.546282:
>>> ------------------------------------------------------------------------
>>> REGISTER sip:voiptest.callstera.com SIP/2.0
>>> Via: SIP/2.0/UDP 192.168.1.13:25260;branch=z9hG4bK45463f76b31dc556;rport
>>> From: "1002" <sip:1002 at voiptest.callstera.com>;tag=e03fcb9ff95bdf71
>>> To: <sip:1002 at voiptest.callstera.com>
>>> Contact: <sip:1002 at 80.101.42.120:58860;transport=udp>
>>> Supported: path
>>> X-Grandstream-PBX: true
>>> Authorization: Digest username="1002",
>>> realm="voiptest.callstera.com", algorithm=MD5,
>>> uri="sip:voiptest.callstera.com", qop=auth, nc=00000010,
>>> cnonce="42dc84a07d688734",
>>> nonce="809cda5a-8cbe-11e3-8d0c-5dbb90e62c86",
>>> response="1c8d0736df9903992397426089525d48"
>>> Call-ID: fe877c770cc8d17d at 192.168.1.13
>>> CSeq: 10011 REGISTER
>>> Expires: 60
>>> User-Agent: Grandstream GXP1200 1.2.5.3
>>> Max-Forwards: 70
>>> Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE,UPDATE,PRACK,MESSAGE
>>> Content-Length: 0
>>>
>>> ------------------------------------------------------------------------
>>> send 627 bytes to udp/[80.101.42.120]:58860 at 10:37:08.548713:
>>> ------------------------------------------------------------------------
>>> SIP/2.0 200 OK
>>> Via: SIP/2.0/UDP
>>> 192.168.1.13:25260;branch=z9hG4bK45463f76b31dc556;rport=58860;received=80.101.42.120
>>> From: "1002" <sip:1002 at voiptest.callstera.com>;tag=e03fcb9ff95bdf71
>>> To: <sip:1002 at voiptest.callstera.com>;tag=gH8etK6gQ81HB
>>> Call-ID: fe877c770cc8d17d at 192.168.1.13
>>> CSeq: 10011 REGISTER
>>> Contact: <sip:1002 at 80.101.42.120:58860;transport=udp>;expires=60
>>> Date: Mon, 03 Feb 2014 10:37:08 GMT
>>> User-Agent: Callstera VOIP PBX v1.20
>>> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
>>> REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
>>> Supported: timer, precondition, path, replaces
>>> Content-Length: 0
>>>
>>> ------------------------------------------------------------------------
>>> recv 511 bytes from udp/[80.101.42.120]:41476 at 10:37:13.918646:
>>> ------------------------------------------------------------------------
>>> REGISTER sip:callstera.callstera.com SIP/2.0
>>> Via: SIP/2.0/UDP
>>> 192.168.1.57:5060;branch=z9hG4bK3aa0c704c1fb893893ca86fc64ba2658;rport
>>> From: "Marc" <sip:1000 at callstera.callstera.com>;tag=1895422338
>>> To: "Marc" <sip:1000 at callstera.callstera.com>
>>> Call-ID: 3438668376 at 192_168_1_57
>>> CSeq: 17927 REGISTER
>>> Contact: <sip:1000 at 192.168.1.57:5060>
>>> Max-Forwards: 70
>>> User-Agent: N510 IP PRO/42.075.00.000.000
>>> Expires: 300
>>> Allow: INVITE, ACK, CANCEL, BYE, OPTIONS, INFO, REFER, SUBSCRIBE, NOTIFY
>>> Content-Length: 0
>>>
>>> ------------------------------------------------------------------------
>>> 2014-02-03 11:37:13.959442 [WARNING] sofia_reg.c:1634 SIP auth
>>> challenge (REGISTER) on sofia profile 'internal' for
>>> [1000 at callstera.callstera.com] from ip 80.101.42.120
>>> send 677 bytes to udp/[80.101.42.120]:41476 at 10:37:13.969082:
>>> ------------------------------------------------------------------------
>>> SIP/2.0 401 Unauthorized
>>> Via: SIP/2.0/UDP
>>> 192.168.1.57:5060;branch=z9hG4bK3aa0c704c1fb893893ca86fc64ba2658;rport=41476;received=80.101.42.120
>>> From: "Marc" <sip:1000 at callstera.callstera.com>;tag=1895422338
>>> To: "Marc" <sip:1000 at callstera.callstera.com>;tag=Ht17UeQmmHr4p
>>> Call-ID: 3438668376 at 192_168_1_57
>>> CSeq: 17927 REGISTER
>>> User-Agent: Callstera VOIP PBX v1.20
>>> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
>>> REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
>>> Supported: timer, precondition, path, replaces
>>> WWW-Authenticate: Digest realm="callstera.callstera.com",
>>> nonce="25084f5c-8cbf-11e3-8d11-5dbb90e62c86", algorithm=MD5,
>>> qop="auth"
>>> Content-Length: 0
>>>
>>> ------------------------------------------------------------------------
>>> recv 790 bytes from udp/[80.101.42.120]:41476 at 10:37:14.017384:
>>> ------------------------------------------------------------------------
>>> REGISTER sip:callstera.callstera.com SIP/2.0
>>> Via: SIP/2.0/UDP
>>> 192.168.1.57:5060;branch=z9hG4bK4e0ee57b1a907eea7e0c800286896269;rport
>>> From: "Marc" <sip:1000 at callstera.callstera.com>;tag=1895422338
>>> To: "Marc" <sip:1000 at callstera.callstera.com>
>>> Call-ID: 3438668376 at 192_168_1_57
>>> CSeq: 17928 REGISTER
>>> Contact: <sip:1000 at 192.168.1.57:5060>
>>> Authorization: Digest username="1000",
>>> realm="callstera.callstera.com", qop=auth, algorithm=MD5,
>>> uri="sip:callstera.callstera.com",
>>> nonce="25084f5c-8cbf-11e3-8d11-5dbb90e62c86", nc=00000001,
>>> cnonce="9a8446414e2c5ca357b9b53bc645064e",
>>> response="c52337b2e6f18904d0e2a4ec14b44de9"
>>> Max-Forwards: 70
>>> User-Agent: N510 IP PRO/42.075.00.000.000
>>> Expires: 300
>>> Allow: INVITE, ACK, CANCEL, BYE, OPTIONS, INFO, REFER, SUBSCRIBE, NOTIFY
>>> Content-Length: 0
>>>
>>> ------------------------------------------------------------------------
>>> send 624 bytes to udp/[80.101.42.120]:41476 at 10:37:14.019683:
>>> ------------------------------------------------------------------------
>>> SIP/2.0 200 OK
>>> Via: SIP/2.0/UDP
>>> 192.168.1.57:5060;branch=z9hG4bK4e0ee57b1a907eea7e0c800286896269;rport=41476;received=80.101.42.120
>>> From: "Marc" <sip:1000 at callstera.callstera.com>;tag=1895422338
>>> To: "Marc" <sip:1000 at callstera.callstera.com>;tag=j3t0X97QHteQj
>>> Call-ID: 3438668376 at 192_168_1_57
>>> CSeq: 17928 REGISTER
>>> Contact: <sip:1000 at 192.168.1.57:5060>;expires=300
>>> Date: Mon, 03 Feb 2014 10:37:14 GMT
>>> User-Agent: Callstera VOIP PBX v1.20
>>> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
>>> REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
>>> Supported: timer, precondition, path, replaces
>>> Content-Length: 0
>>
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list