[asterisk-bugs] [JIRA] (ASTERISK-26660) SIP trunk Registration error 403 forbidden

Rusty Newton (JIRA) noreply at issues.asterisk.org
Tue Dec 13 14:46:09 CST 2016 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-26660?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rusty Newton updated ASTERISK-26660:
------------------------------------

    Description: 
We are trying to create a sip trunk with a telecom provider and when doing registration with register string we get error 403, forbidden from the provider. 

We use following register string:
+911744345600 at ims.airtel.in:password at 10.xxx.xxx.xxx

We are getting a 403, Forbidden error, because in 
Authorization: Digest username="+911244524560"

provider SBC requires username as below:
Authorization: Digest username="+911244524560 at ims.airtel.in"

We have tried everything to include the domain name with the username via authuser, username, fromuser and what not but the full username with domain name is not going to SBC from asterisk.

How we can fix it?

Regards
Manoj
Actual SIP traces are below:
====================================
{noformat}
Responding to challenge, registration to domain/host name 10.232.130.170
REGISTER 11 headers, 0 lines
Reliably Transmitting (NAT) to 10.232.130.170:5060:
REGISTER sip:ims.airtel.in SIP/2.0
Via: SIP/2.0/UDP 10x.xx.xx.xxx:5060;branch=z9hG4bK3d380bbb;rport
Max-Forwards: 70
From: <sip:+911244524560 at ims.airtel.in>;tag=as33637bd2
To: <sip:+911244524560 at ims.airtel.in>
Call-ID: 27c712f26ad44ae46ff7022703834938 at 103.35.68.254
CSeq: 103 REGISTER
User-Agent: FPBX-2.11.0(11.20.0)
Authorization: Digest username="+911244524560", realm="ims.airtel.in", algorithm=MD5, uri="sip:ims.airtel.in", nonce="6b9vdtfqld9w==", response="aa568e1bac7c48f1fd24", qop=auth, cnonce="7aaf", nc=00000001
Expires: 120
Contact: <sip:s at 103.35.68.254:5060>
Content-Length: 0


---

<--- SIP read from UDP:10.232.130.170:5060 --->
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 103.35.68.254:5060;branch=z9hG4bK3d380bbb;received=10.102.3.18;rport=5060
Call-ID: 27c712f26ad44ae46ff7022703834938 at 103.35.68.254
From: <sip:+911244524560 at ims.airtel.in>;tag=as33637bd2
To: <sip:+911244524560 at ims.airtel.in>;tag=u1vbb4ah
CSeq: 103 REGISTER
Warning: 399 5151.6538.S.260.5.236.255.255.5142.92612395.0.ims.airtel.in "Authentication Failure"
Content-Length: 0

<------------->
--- (8 headers 0 lines) ---
[2016-12-12 23:16:27] WARNING[26451]: chan_sip.c:23650 handle_response_register: Forbidden - wrong password on authentication for REGISTER for '+911244524560' to '10.232.130.170'
{noformat}

  was:
We are trying to create a sip trunk with a telecom provider and when doing registration with register string we get error 403, forbidden from the provider. 

We use following register string:
+911744345600 at ims.airtel.in:password at 10.xxx.xxx.xxx

We are getting a 403, Forbidden error, because in 
Authorization: Digest username="+911244524560"

provider SBC requires username as below:
Authorization: Digest username="+911244524560 at ims.airtel.in"

We have tried everything to include the domain name with the username via authuser, username, fromuser and what not but the full username with domain name is not going to SBC from asterisk.

How we can fix it?

Regards
Manoj
Actual SIP traces are below:
====================================
Responding to challenge, registration to domain/host name 10.232.130.170
REGISTER 11 headers, 0 lines
Reliably Transmitting (NAT) to 10.232.130.170:5060:
REGISTER sip:ims.airtel.in SIP/2.0
Via: SIP/2.0/UDP 10x.xx.xx.xxx:5060;branch=z9hG4bK3d380bbb;rport
Max-Forwards: 70
From: <sip:+911244524560 at ims.airtel.in>;tag=as33637bd2
To: <sip:+911244524560 at ims.airtel.in>
Call-ID: 27c712f26ad44ae46ff7022703834938 at 103.35.68.254
CSeq: 103 REGISTER
User-Agent: FPBX-2.11.0(11.20.0)
Authorization: Digest username="+911244524560", realm="ims.airtel.in", algorithm=MD5, uri="sip:ims.airtel.in", nonce="6b9vdtfqld9w==", response="aa568e1bac7c48f1fd24", qop=auth, cnonce="7aaf", nc=00000001
Expires: 120
Contact: <sip:s at 103.35.68.254:5060>
Content-Length: 0


---

<--- SIP read from UDP:10.232.130.170:5060 --->
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 103.35.68.254:5060;branch=z9hG4bK3d380bbb;received=10.102.3.18;rport=5060
Call-ID: 27c712f26ad44ae46ff7022703834938 at 103.35.68.254
From: <sip:+911244524560 at ims.airtel.in>;tag=as33637bd2
To: <sip:+911244524560 at ims.airtel.in>;tag=u1vbb4ah
CSeq: 103 REGISTER
Warning: 399 5151.6538.S.260.5.236.255.255.5142.92612395.0.ims.airtel.in "Authentication Failure"
Content-Length: 0

<------------->
--- (8 headers 0 lines) ---
[2016-12-12 23:16:27] WARNING[26451]: chan_sip.c:23650 handle_response_register: Forbidden - wrong password on authentication for REGISTER for '+911244524560' to '10.232.130.170'



> SIP trunk Registration error 403 forbidden
> ------------------------------------------
>
>                 Key: ASTERISK-26660
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26660
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/Registration
>    Affects Versions: 11.21.0
>         Environment: Centos 7,
>            Reporter: Manoj GUpta
>
> We are trying to create a sip trunk with a telecom provider and when doing registration with register string we get error 403, forbidden from the provider. 
> We use following register string:
> +911744345600 at ims.airtel.in:password at 10.xxx.xxx.xxx
> We are getting a 403, Forbidden error, because in 
> Authorization: Digest username="+911244524560"
> provider SBC requires username as below:
> Authorization: Digest username="+911244524560 at ims.airtel.in"
> We have tried everything to include the domain name with the username via authuser, username, fromuser and what not but the full username with domain name is not going to SBC from asterisk.
> How we can fix it?
> Regards
> Manoj
> Actual SIP traces are below:
> ====================================
> {noformat}
> Responding to challenge, registration to domain/host name 10.232.130.170
> REGISTER 11 headers, 0 lines
> Reliably Transmitting (NAT) to 10.232.130.170:5060:
> REGISTER sip:ims.airtel.in SIP/2.0
> Via: SIP/2.0/UDP 10x.xx.xx.xxx:5060;branch=z9hG4bK3d380bbb;rport
> Max-Forwards: 70
> From: <sip:+911244524560 at ims.airtel.in>;tag=as33637bd2
> To: <sip:+911244524560 at ims.airtel.in>
> Call-ID: 27c712f26ad44ae46ff7022703834938 at 103.35.68.254
> CSeq: 103 REGISTER
> User-Agent: FPBX-2.11.0(11.20.0)
> Authorization: Digest username="+911244524560", realm="ims.airtel.in", algorithm=MD5, uri="sip:ims.airtel.in", nonce="6b9vdtfqld9w==", response="aa568e1bac7c48f1fd24", qop=auth, cnonce="7aaf", nc=00000001
> Expires: 120
> Contact: <sip:s at 103.35.68.254:5060>
> Content-Length: 0
> ---
> <--- SIP read from UDP:10.232.130.170:5060 --->
> SIP/2.0 403 Forbidden
> Via: SIP/2.0/UDP 103.35.68.254:5060;branch=z9hG4bK3d380bbb;received=10.102.3.18;rport=5060
> Call-ID: 27c712f26ad44ae46ff7022703834938 at 103.35.68.254
> From: <sip:+911244524560 at ims.airtel.in>;tag=as33637bd2
> To: <sip:+911244524560 at ims.airtel.in>;tag=u1vbb4ah
> CSeq: 103 REGISTER
> Warning: 399 5151.6538.S.260.5.236.255.255.5142.92612395.0.ims.airtel.in "Authentication Failure"
> Content-Length: 0
> <------------->
> --- (8 headers 0 lines) ---
> [2016-12-12 23:16:27] WARNING[26451]: chan_sip.c:23650 handle_response_register: Forbidden - wrong password on authentication for REGISTER for '+911244524560' to '10.232.130.170'
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list