[asterisk-bugs] [JIRA] (ASTERISK-25851) Bug in chan_sip - Forbidden 403

Asterisk Team (JIRA) noreply at issues.asterisk.org
Wed Mar 16 18:22:56 CDT 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=229917#comment-229917 ] 

Asterisk Team commented on ASTERISK-25851:
------------------------------------------

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

> Bug in chan_sip - Forbidden 403
> -------------------------------
>
>                 Key: ASTERISK-25851
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25851
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/General
>    Affects Versions: 13.7.2
>            Reporter: Alexey A. Astashov
>
> I found a problem with call processing using SIP protocol. 
> For example:
> I'm trying to make a call from a station at an Asterisk (PBX-1, assigned numbers: 11ХХ) directly to a station at another Asterisk (PBX-2, assigned numbers: 10ХХ-11ХХ). The original CID is passed during the call. It may happen so that PBX-2 determines the incoming CID as existing in its own configuration. in this case PBX-2 returns "Forbidden 403" as if an authentication error occured.  
> For example, I'm trying to make a call from number 1107 on PBX-1 (this number exists in the configuration of both PBXs), to number 1000 (PBX-2)
> {code}
>     Using INVITE request as basis request - 195851bb4abc4fdc17ba8da524330781 at 172.16.15.196:5060
>     Found peer '1107' for '1107' from 172.16.15.196:5060
>     [Mar 17 01:02:55] WARNING[901][C-00000049]: chan_sip.c:16702 check_auth: username mismatch, have <1107>, digest has <s>
>     [Mar 17 01:02:55] NOTICE[901][C-00000049]: chan_sip.c:25603 handle_request_invite: Failed to authenticate device "Astashov A." <sip:1107 at 172.16.15.196>;tag=as5ce36944
> {code}
> Both PBXs are configured according to the documentation.
> However, if I remove the station number (1107) from the PBX-2 configuration, the error does not occur, the call proceeds normally.
> The error is occurring with Asterisk version 13, it does not occur on Asterisk version 11 when using the same configuration.
> Also, the error does not occur when using the IAX2 protocol even on version 13.
> So, the problem is only with Asterisk 13 when using SIP.
> This issue is preventing me from using FMC (Fixed Mobile Convergence) provided by our mobile carrier.
> My configuration is as follows:
> {code}#cat sip.conf (PBX-1)
>     [general]
>     context=public
>     udpbindaddr=0.0.0.0
>     allowoverlap=no
>     bindaddr=0.0.0.0
>     bindport=5060
>     register => Astashov-EDU-15-196:MyEDU-8.117!@172.16.15.196/Astashov-EDU-15-196
>     [1100]
>     type=friend
>     context=phones
>     host=dynamic
>     secret=MyEDU!!
>     dial=SIP/1100
>     [1107]
>     type=friend
>     context=phones
>     host=dynamic
>     secret=MyEDU!!
>     dial=SIP/1107
>     [Astashov-EDU-8-117]
>     type=friend
>     secret=MyEDU-8.117!
>     contex=8-117-incoming
>     host=dynamic
>     disallow=all
>     allow=alaw
>     insecure=invite
> {code}
> {code}
> #cat extension.conf (PBX-1)
>     [globals]
>     [general]
>     autofallthrough=yes
>     [outgoing_calls]
>     exten => _10XX,1,NoOp()
>     exten => _10XX,n,Dial(SIP/172.16.8.117/${EXTEN})
>     [internal]
>     exten => 1107,1,Verbose(1|Extension 1107)
>     exten => 1107,n,Dial(SIP/1107,30)
>     exten => 1107,n, Hangup()
>     [public]
>     exten => _11XX,1,NoOp()
>     exten => _11XX,n,Dial(SIP/${EXTEN},30)
>     exten => _11XX,n,Hangup()
>     [phones]
>     include => internal
>     include => outgoing_calls
>     [8-117-incoming]
>     include => internal
> {code}
> {code}
> #cat sip.conf  (PBX-2)
>     [general]
>     context=public
>     udpbindaddr=0.0.0.0
>     allowoverlap=no
>     bindaddr=0.0.0.0
>     bindport=5060
>     register => Astashov-EDU-8-117:MyEDU-8.117!@172.16.15.196/Astashov-EDU-8-117
>     [1000]
>     type=friend
>     context=phones
>     host=dynamic
>     secret=MyEDU!!
>     dial=SIP/1000
>     [1107]
>     type=friend
>     context=phones
>     host=dynamic
>     secret=MyEDU!!
>     dial=SIP/1107
>     [Astashov-EDU-15-196]
>     type=friend
>     secret=MyEDU-8.117!
>     contex=15-196-incoming
>     host=dynamic
>     disallow=all
>     allow=alaw
>     insecure=invite
> {code}
> {code}
> #cat extension.conf (PBX-2)
>     [globals]
>     [general]
>     autofallthrough=yes
>     [outgoing_calls]
>     exten => _11XX,1,NoOp()
>     exten => _11XX,n,Dial(SIP/172.16.15.196/${EXTEN})
>     [internal]
>     exten => 1000,1,Verbose(1|Extension 1000)
>     exten => 1000,n,Dial(SIP/1000,30)
>     exten => 1000,n, Hangup()
>     [public]
>     exten => _10XX,1,NoOp()
>     exten => _10XX,n,Dial(SIP/${EXTEN},30)
>     exten => _10XX,n,Hangup()
>     [phones]
>     include => internal
>     include => outgoing_calls
>     [15-196-incoming]
>     include => internal
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list