[asterisk-bugs] [JIRA] (ASTERISK-29659) res_pjsip: Authentication fails with wildix

Sean Bright (JIRA) noreply at issues.asterisk.org
Fri Sep 17 10:20:34 CDT 2021 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-29659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sean Bright updated ASTERISK-29659:
-----------------------------------

    Description: 
Hello,

I have problem with registration SIP trunk using chan_pjsip.

Every time the device sends a registration, I get the following notice: 
{noformat}
NOTICE[811]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'REGISTER' from '<sip:wildix at XXX.XXX.XXX.YYY>' failed for 'AAA.AAA.AAA.AAA:5062' (callid: b1c25da9455a50d1) - Failed to authenticate
{noformat}

The same device (Wildix) properly registers to asterisk using chan_sip.

REGISTER package in chan_sip looks like this

{noformat}
Authorization: Digest username="wildix",realm="asterisk",nonce="5f2836de",uri="sip:XXX.XXX.XXX.XXX:5060",response="2b291572a571f6a60d7946989be50151",algorithm=MD5
Authentication Scheme: Digest
Username: "wildix"
Realm: "asterisk"
Nonce Value: "5f2836de"
Authentication URI: "sip:XXX.XXX.XXX.XXX:5060"
Digest Authentication Response: "2b291572a571f6a60d7946989be50151"
Algorithm: MD5
{noformat}

But in pjsip REGISTER package looks like

{noformat}
[truncated]Authorization: Digest username="wildix",realm="asterisk",nonce="1631876453/f814683d0e1942cfcbb09ca72f849097",uri="sip:XXX.XXX.XXX.YYY:5060",response="e56b4e054d99f21d57bfeb148ab94a1f",algorithm=md5,opaque="4672ff0a1cfb56b2",qop=
Authentication Scheme: Digest
Username: "wildix"
Realm: "asterisk"
Nonce Value: "1631876453/f814683d0e1942cfcbb09ca72f849097"
Authentication URI: "sip:XXX.XXX.XXX.YYY:5060"
Digest Authentication Response: "e56b4e054d99f21d57bfeb148ab94a1f"
Algorithm: md5
Opaque Value: "4672ff0a1cfb56b2"
QOP: auth
CNonce Value: "f7b3c5c7"
Nonce Count: 00000001
{noformat}

Why is "Nonce Value" so long and also contains "/" symbol?  
I have double checked configuration on wildix side, and it is identical for chan_sip and for chan_pjsip.

SIP trunk settings in chan_sip:

{noformat}
[wildix]
description=wildix
defaultuser=wildix
secret=e6NrLEcLG6T3
disallow=all
type=friend
allow=alaw
host=dynamic
transport=udp,tcp
port=5060
qualifyfreq=60
qualify=3000
canreinvite=no
dtmfmode=auto
progressinband=never
nat=force_rport,comedia
directrtpsetup=no
directmedia=no
context=incoming
insecure=port,invite
;trustrpid = yes
sendrpid = yes
sendrpid = pai
rpid_update = yes
accountcode=wildix
{noformat}

SIP trunk settings in chan_pjsip:

{noformat}
[wildix]
type = aor
max_contacts = 1
qualify_frequency = 60

[wildix]
type = auth
username = wildix
password = e6NrLEcLG6T3

[wildix]
type=identify
endpoint=wildix
match=AAA.AAA.AAA.AAA:5062/32

[wildix]
type = endpoint
context = incoming
dtmf_mode = auto
disallow = all
allow = alaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
timers = no
direct_media = no
send_rpid = yes
inband_progress = no
tos_audio = ef
tos_video = af41
auth = wildix
aors = wildix
accountcode = wildix
{noformat}

  was:
Hello,

I have problem with registration SIP trunk using chan_pjsip.

Every time the device sends a registration, I get the following notice: 
{noformat}
NOTICE[811]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'REGISTER' from '<sip:wildix at XXX.XXX.XXX.YYY>' failed for 'AAA.AAA.AAA.AAA:5062' (callid: b1c25da9455a50d1) - Failed to authenticate
{noformat}

The same device (Wildix) properly registers to asterisk using chan_sip.

REGISTER package in chan_sip looks like this

{noformat}
    Authorization: Digest username="wildix",realm="asterisk",nonce="5f2836de",uri="sip:XXX.XXX.XXX.XXX:5060",response="2b291572a571f6a60d7946989be50151",algorithm=MD5
    Authentication Scheme: Digest
    Username: "wildix"
    Realm: "asterisk"
    Nonce Value: "5f2836de"
    Authentication URI: "sip:XXX.XXX.XXX.XXX:5060"
    Digest Authentication Response: "2b291572a571f6a60d7946989be50151"
    Algorithm: MD5
{noformat}

But in pjsip REGISTER package looks like

[truncated]Authorization: Digest username="wildix",realm="asterisk",nonce="1631876453/f814683d0e1942cfcbb09ca72f849097",uri="sip:XXX.XXX.XXX.YYY:5060",response="e56b4e054d99f21d57bfeb148ab94a1f",algorithm=md5,opaque="4672ff0a1cfb56b2",qop=
    Authentication Scheme: Digest
    Username: "wildix"
    Realm: "asterisk"
    Nonce Value: "1631876453/f814683d0e1942cfcbb09ca72f849097"
    Authentication URI: "sip:XXX.XXX.XXX.YYY:5060"
    Digest Authentication Response: "e56b4e054d99f21d57bfeb148ab94a1f"
    Algorithm: md5
    Opaque Value: "4672ff0a1cfb56b2"
    QOP: auth
    CNonce Value: "f7b3c5c7"
    Nonce Count: 00000001

Why is "Nonce Value" so long and also contains "/" symbol?  
I have double checked configuration on wildix side, and it is identical for chan_sip and for chan_pjsip.

SIP trunk settings in chan_sip:

[wildix]
description=wildix
defaultuser=wildix
secret=e6NrLEcLG6T3
disallow=all
type=friend
allow=alaw
host=dynamic
transport=udp,tcp
port=5060
qualifyfreq=60
qualify=3000
canreinvite=no
dtmfmode=auto
progressinband=never
nat=force_rport,comedia
directrtpsetup=no
directmedia=no
context=incoming
insecure=port,invite
;trustrpid = yes
sendrpid = yes
sendrpid = pai
rpid_update = yes
accountcode=wildix

SIP trunk settings in chan_pjsip:

[wildix]
type = aor
max_contacts = 1
qualify_frequency = 60

[wildix]
type = auth
username = wildix
password = e6NrLEcLG6T3

[wildix]
type=identify
endpoint=wildix
match=AAA.AAA.AAA.AAA:5062/32

[wildix]
type = endpoint
context = incoming
dtmf_mode = auto
disallow = all
allow = alaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
timers = no
direct_media = no
send_rpid = yes
inband_progress = no
tos_audio = ef
tos_video = af41
auth = wildix
aors = wildix
accountcode = wildix



> res_pjsip: Authentication fails with wildix
> -------------------------------------------
>
>                 Key: ASTERISK-29659
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29659
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip, Resources/res_pjsip
>    Affects Versions: 16.20.0
>            Reporter: Stanislav Abramenkov
>            Assignee: Unassigned
>         Attachments: connection_shema_001.jpeg
>
>
> Hello,
> I have problem with registration SIP trunk using chan_pjsip.
> Every time the device sends a registration, I get the following notice: 
> {noformat}
> NOTICE[811]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'REGISTER' from '<sip:wildix at XXX.XXX.XXX.YYY>' failed for 'AAA.AAA.AAA.AAA:5062' (callid: b1c25da9455a50d1) - Failed to authenticate
> {noformat}
> The same device (Wildix) properly registers to asterisk using chan_sip.
> REGISTER package in chan_sip looks like this
> {noformat}
> Authorization: Digest username="wildix",realm="asterisk",nonce="5f2836de",uri="sip:XXX.XXX.XXX.XXX:5060",response="2b291572a571f6a60d7946989be50151",algorithm=MD5
> Authentication Scheme: Digest
> Username: "wildix"
> Realm: "asterisk"
> Nonce Value: "5f2836de"
> Authentication URI: "sip:XXX.XXX.XXX.XXX:5060"
> Digest Authentication Response: "2b291572a571f6a60d7946989be50151"
> Algorithm: MD5
> {noformat}
> But in pjsip REGISTER package looks like
> {noformat}
> [truncated]Authorization: Digest username="wildix",realm="asterisk",nonce="1631876453/f814683d0e1942cfcbb09ca72f849097",uri="sip:XXX.XXX.XXX.YYY:5060",response="e56b4e054d99f21d57bfeb148ab94a1f",algorithm=md5,opaque="4672ff0a1cfb56b2",qop=
> Authentication Scheme: Digest
> Username: "wildix"
> Realm: "asterisk"
> Nonce Value: "1631876453/f814683d0e1942cfcbb09ca72f849097"
> Authentication URI: "sip:XXX.XXX.XXX.YYY:5060"
> Digest Authentication Response: "e56b4e054d99f21d57bfeb148ab94a1f"
> Algorithm: md5
> Opaque Value: "4672ff0a1cfb56b2"
> QOP: auth
> CNonce Value: "f7b3c5c7"
> Nonce Count: 00000001
> {noformat}
> Why is "Nonce Value" so long and also contains "/" symbol?  
> I have double checked configuration on wildix side, and it is identical for chan_sip and for chan_pjsip.
> SIP trunk settings in chan_sip:
> {noformat}
> [wildix]
> description=wildix
> defaultuser=wildix
> secret=e6NrLEcLG6T3
> disallow=all
> type=friend
> allow=alaw
> host=dynamic
> transport=udp,tcp
> port=5060
> qualifyfreq=60
> qualify=3000
> canreinvite=no
> dtmfmode=auto
> progressinband=never
> nat=force_rport,comedia
> directrtpsetup=no
> directmedia=no
> context=incoming
> insecure=port,invite
> ;trustrpid = yes
> sendrpid = yes
> sendrpid = pai
> rpid_update = yes
> accountcode=wildix
> {noformat}
> SIP trunk settings in chan_pjsip:
> {noformat}
> [wildix]
> type = aor
> max_contacts = 1
> qualify_frequency = 60
> [wildix]
> type = auth
> username = wildix
> password = e6NrLEcLG6T3
> [wildix]
> type=identify
> endpoint=wildix
> match=AAA.AAA.AAA.AAA:5062/32
> [wildix]
> type = endpoint
> context = incoming
> dtmf_mode = auto
> disallow = all
> allow = alaw
> rtp_symmetric = yes
> force_rport = yes
> rewrite_contact = yes
> timers = no
> direct_media = no
> send_rpid = yes
> inband_progress = no
> tos_audio = ef
> tos_video = af41
> auth = wildix
> aors = wildix
> accountcode = wildix
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list