[asterisk-bugs] [JIRA] (ASTERISK-29624) Contact identifier is not updated when FDQN resolves to a new address
Philip Young (JIRA)
noreply at issues.asterisk.org
Tue Sep 7 10:03:33 CDT 2021
[ https://issues.asterisk.org/jira/browse/ASTERISK-29624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=256169#comment-256169 ]
Philip Young commented on ASTERISK-29624:
-----------------------------------------
Unfortunately, I cannot provide a packet capture as the server side contains private information that cannot be shared. Although a packet capture of this will only confirm exactly what I described and not give any additional information. I confirmed the following example using Wireshark :
Server = 100.200.300.400
Client = example.wtv.com
example.wtv.com resolves to 1.2.3.4
Following a power outage or modem reboot or other the ISP gives the client a new IP address 5.7.8.9
The FQDN is updated correctly and the server now sends OPTION or INVITE to 5.7.8.9.
When the client (5.7.8.9) sends OPTION or INVITE from the new address, it is unauthorized.
That's all you'll be able to confirm with a packet capture. Unless I'm missing something here. If I am, what exactly are you looking for in this packet capture? I'll pull it out of the trace for you and hide private information.
Thank you!
> Contact identifier is not updated when FDQN resolves to a new address
> ---------------------------------------------------------------------
>
> Key: ASTERISK-29624
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-29624
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip_endpoint_identifier_ip
> Affects Versions: 16.19.0
> Environment: FreePBX : 15.0.17.48
> PBX Distro:12.7.8-2107-3.sng7
> Asterisk Version:16.19.0
> Reporter: Philip Young
> Assignee: Philip Young
>
> We have PJSIP Trunks on server side configured as follows :
> Authentication None
> Registration None
> SIP Server : FQDN
> Everything works fine unless the client's ISP changes the public IP address. The FQDN set in the trunk is updated correctly because I can see the server sending OPTIONS and inbound INVITE to the client's new IP address to which the FDQN now matches. However, outbound calls (from client to this server) are unauthorized. Why ? I noticed the identity in the contact is never updated! I've let it go for 48 hours and it still hasn't updated the identifier of this contact. It will keep the old IP address in the Identifier Match.
>
> Ex :
> Server = 100.200.300.400
> Client = example.wtv.com
> example.wtv.com resolves to 1.2.3.4
> Following a power outage or modem reboot or other the ISP gives the client a new IP address 5.7.8.9
> The FQDN is updated correctly and the server now sends OPTION or INVITE to 5.7.8.9.
> When the client (5.7.8.9) sends OPTION or INVITE, it is unauthorized:
> Server logs : SECURITY[2133] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="2021-08-18T11:53:21.136-0400",Severity="Informational",Service="PJSIP",EventVersion="1",AccountID="<unknown>",SessionID="350543f20dc11068458494337421216d",LocalAddress="IPV4/UDP/100.200.300.400/5060",RemoteAddress="IPV4/UDP/5.7.8.9/5060",Challenge=""
> The peer stays the same :
> Peer :
> Endpoint: democlient Unavailable 0 of inf
> Aor: demo client 0
> Contact: democlient/sip:example.wtv.com:5060 2c5be4772a Unavail nan
> Transport: 0.0.0.0-udp udp 3 96 0.0.0.0:5060
> Identify: democlient/democlient
> Match: 1.2.3.4/32
>
> I think this should be updated to 5.7.8.9!
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list