[asterisk-bugs] [JIRA] (ASTERISK-29004) SIP/2.0 488 Not Acceptable Here when configured with PJSIP/TLS

Jack Brain (JIRA) noreply at issues.asterisk.org
Wed Jul 22 08:18:28 CDT 2020 

Jack Brain created ASTERISK-29004:
-------------------------------------

             Summary: SIP/2.0 488 Not Acceptable Here when configured with PJSIP/TLS 
                 Key: ASTERISK-29004
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29004
             Project: Asterisk
          Issue Type: Information Request
      Security Level: None
          Components: pjproject/pjsip
    Affects Versions: 17.6.0
         Environment: Operating System: Kali GNU/Linux Rolling
Kernel: Linux 4.4.0-186-generic
Architecture: x86-64
Asterisk: 17.6.0
            Reporter: Jack Brain


- We have build Asterisk 17.6.0 and PJSIP from the source on a VPS 
- We configured TLS, generated client and server certificate
- Registered the Blink client for testing, success
- While making a call from Blink_1 to Blink_2 or vice-versa, it fails with an error

{code} 
<--- Received SIP request (1021 bytes) from TLS:43.249.37.23:54700 --->
INVITE sip:2222 at 94.140.114.51 SIP/2.0
Via: SIP/2.0/TLS 192.168.75.143:49485;rport;branch=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c;alias
Max-Forwards: 70
From: "1111" <sip:1111 at 94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222 at 94.140.114.51>
Contact: <sip:80631759 at 192.168.75.143:49453;transport=tls>
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
CSeq: 16687 INVITE
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: replaces, norefersub, gruu
User-Agent: Blink 3.2.0 (Windows)
Content-Type: application/sdp
Content-Length:   429

v=0
o=- 3804383127 3804383127 IN IP4 192.168.75.143
s=Blink 3.2.0 (Windows)
t=0 0
m=audio 50048 RTP/AVP 113 9 0 8 101
c=IN IP4 192.168.75.143
a=rtcp:50049
a=rtpmap:113 opus/48000/2
a=fmtp:113 useinbandfec=1
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=zrtp-hash:1.10 6171448735d90ecf08cf6a7fefedf5369e0c4b0825c13d3b30741d5182bdff7f
a=sendrecv

<--- Transmitting SIP response (566 bytes) to TLS:43.249.37.23:54700 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 192.168.75.143:49485;rport=54700;received=43.249.37.23;branch=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c;alias
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
From: "1111" <sip:1111 at 94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222 at 94.140.114.51>;tag=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c
CSeq: 16687 INVITE
WWW-Authenticate: Digest realm="asterisk",nonce="1595419528/95038c7ada5d1c4091cb7649c149cd06",opaque="5a2d21b867e7b7d7",algorithm=md5,qop="auth"
Server: Asterisk PBX 17.6.0
Content-Length:  0


<--- Received SIP request (423 bytes) from TLS:43.249.37.23:54700 --->
ACK sip:2222 at 94.140.114.51 SIP/2.0
Via: SIP/2.0/TLS 192.168.75.143:49485;rport;branch=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c;alias
Max-Forwards: 70
From: "1111" <sip:1111 at 94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222 at 94.140.114.51>;tag=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
CSeq: 16687 ACK
User-Agent: Blink 3.2.0 (Windows)
Content-Length:  0


<--- Received SIP request (1314 bytes) from TLS:43.249.37.23:54700 --->
INVITE sip:2222 at 94.140.114.51 SIP/2.0
Via: SIP/2.0/TLS 192.168.75.143:49485;rport;branch=z9hG4bKPjbf7e99f726d74c4ebbbb508d7033dea9;alias
Max-Forwards: 70
From: "1111" <sip:1111 at 94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222 at 94.140.114.51>
Contact: <sip:80631759 at 192.168.75.143:49453;transport=tls>
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
CSeq: 16688 INVITE
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: replaces, norefersub, gruu
User-Agent: Blink 3.2.0 (Windows)
Authorization: Digest username="1111", realm="asterisk", nonce="1595419528/95038c7ada5d1c4091cb7649c149cd06", uri="sip:2222 at 94.140.114.51", response="7b6971ff7f3d73d8cb888640056d6e3e", algorithm=md5, cnonce="5bacef95a6f243e19c4cfc0b41ebb5c9", opaque="5a2d21b867e7b7d7", qop=auth, nc=00000001
Content-Type: application/sdp
Content-Length:   429

v=0
o=- 3804383127 3804383127 IN IP4 192.168.75.143
s=Blink 3.2.0 (Windows)
t=0 0
m=audio 50048 RTP/AVP 113 9 0 8 101
c=IN IP4 192.168.75.143
a=rtcp:50049
a=rtpmap:113 opus/48000/2
a=fmtp:113 useinbandfec=1
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=zrtp-hash:1.10 6171448735d90ecf08cf6a7fefedf5369e0c4b0825c13d3b30741d5182bdff7f
a=sendrecv

  == Setting global variable 'SIPDOMAIN' to '94.140.114.51'
<--- Transmitting SIP response (368 bytes) to TLS:43.249.37.23:54700 --->
SIP/2.0 100 Trying
Via: SIP/2.0/TLS 192.168.75.143:49485;rport=54700;received=43.249.37.23;branch=z9hG4bKPjbf7e99f726d74c4ebbbb508d7033dea9;alias
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
From: "1111" <sip:1111 at 94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222 at 94.140.114.51>
CSeq: 16688 INVITE
Server: Asterisk PBX 17.6.0
Content-Length:  0


<--- Transmitting SIP response (422 bytes) to TLS:43.249.37.23:54700 --->
SIP/2.0 488 Not Acceptable Here
Via: SIP/2.0/TLS 192.168.75.143:49485;rport=54700;received=43.249.37.23;branch=z9hG4bKPjbf7e99f726d74c4ebbbb508d7033dea9;alias
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
From: "1111" <sip:1111 at 94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222 at 94.140.114.51>;tag=a7cdfce3-d8be-42b1-b0db-47e437493be3
CSeq: 16688 INVITE
Server: Asterisk PBX 17.6.0
Content-Length:  0


<--- Received SIP request (418 bytes) from TLS:43.249.37.23:54700 --->
ACK sip:2222 at 94.140.114.51 SIP/2.0
Via: SIP/2.0/TLS 192.168.75.143:49485;rport;branch=z9hG4bKPjbf7e99f726d74c4ebbbb508d7033dea9;alias
Max-Forwards: 70
From: "1111" <sip:1111 at 94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222 at 94.140.114.51>;tag=a7cdfce3-d8be-42b1-b0db-47e437493be3
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
CSeq: 16688 ACK
User-Agent: Blink 3.2.0 (Windows)
Content-Length:  0
{code}

- pjsip.conf:

{code}
endpoint
aors=2222
auth=2222
context=default
disallow=all
allow=GSM
allow=ulaw
allow=g726
allow=g729
allow=speex
allow=g722
allow=iLBC
dtmf_mode=rfc4733
media_encryption=sdes

[3333]
type=aor
max_contacts=1
remove_existing=yes

[3333]
type=auth
auth_type=userpass
username=3333
password=3333

[3333]
type=endpoint
aors=3333
auth=3333
context=default
disallow=all
allow=gsm
allow=ulaw
allow=g726
allow=g729
dtmf_mode=rfc4733
media_encryption=sdes
{code}

- extensions.conf

{code}
[general]
static=yes
writeprotect=no
priorityjumping=no
autofallthrough=yes
clearglobalvars=no

;[local]
;exten=>1111,1,Dial(PJSIP/1111,20)
;exten=>2222,1,Dial(PJSIP/2222,20)
;exten=>3333,1,Dial(PJSIP/3333,20)

[default]
exten => 1111,1,Dial(PJSIP/1111,20)
exten => 2222,1,Dial(PJSIP/2222,20)
exten => 3333,1,Dial(PJSIP/3333,20)
{code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list