[asterisk-bugs] [JIRA] (ASTERISK-29659) res_pjsip: Authentication fails with wildix

Stanislav Abramenkov (JIRA) noreply at issues.asterisk.org
Mon Sep 20 02:00:33 CDT 2021


    [ https://issues.asterisk.org/jira/browse/ASTERISK-29659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=256355#comment-256355 ] 

Stanislav Abramenkov commented on ASTERISK-29659:
-------------------------------------------------

I added additional scheme. (connection_schema_002.jpeg)
Problem seems to be in "identify" section, because I have two SIP connection behind one public IP.
And when I comment out section on second SIP trunk "openscape" 

;[openscape]
;type=identify
;endpoint=openscape
;match=AAA.AAA.AAA.AAA:5062/32

then first connection "wildix" registers on the server.
How can I solve this problem?

> res_pjsip: Authentication fails with wildix
> -------------------------------------------
>
>                 Key: ASTERISK-29659
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29659
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip, Resources/res_pjsip
>    Affects Versions: 16.20.0
>            Reporter: Stanislav Abramenkov
>            Assignee: Stanislav Abramenkov
>         Attachments: connection_schema_002.jpeg, connection_shema_001.jpeg
>
>
> Hello,
> I have problem with registration SIP trunk using chan_pjsip.
> Every time the device sends a registration, I get the following notice: 
> {noformat}
> NOTICE[811]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'REGISTER' from '<sip:wildix at XXX.XXX.XXX.YYY>' failed for 'AAA.AAA.AAA.AAA:5062' (callid: b1c25da9455a50d1) - Failed to authenticate
> {noformat}
> The same device (Wildix) properly registers to asterisk using chan_sip.
> REGISTER package in chan_sip looks like this
> {noformat}
> Authorization: Digest username="wildix",realm="asterisk",nonce="5f2836de",uri="sip:XXX.XXX.XXX.XXX:5060",response="2b291572a571f6a60d7946989be50151",algorithm=MD5
> Authentication Scheme: Digest
> Username: "wildix"
> Realm: "asterisk"
> Nonce Value: "5f2836de"
> Authentication URI: "sip:XXX.XXX.XXX.XXX:5060"
> Digest Authentication Response: "2b291572a571f6a60d7946989be50151"
> Algorithm: MD5
> {noformat}
> But in pjsip REGISTER package looks like
> {noformat}
> [truncated]Authorization: Digest username="wildix",realm="asterisk",nonce="1631876453/f814683d0e1942cfcbb09ca72f849097",uri="sip:XXX.XXX.XXX.YYY:5060",response="e56b4e054d99f21d57bfeb148ab94a1f",algorithm=md5,opaque="4672ff0a1cfb56b2",qop=
> Authentication Scheme: Digest
> Username: "wildix"
> Realm: "asterisk"
> Nonce Value: "1631876453/f814683d0e1942cfcbb09ca72f849097"
> Authentication URI: "sip:XXX.XXX.XXX.YYY:5060"
> Digest Authentication Response: "e56b4e054d99f21d57bfeb148ab94a1f"
> Algorithm: md5
> Opaque Value: "4672ff0a1cfb56b2"
> QOP: auth
> CNonce Value: "f7b3c5c7"
> Nonce Count: 00000001
> {noformat}
> Why is "Nonce Value" so long and also contains "/" symbol?  
> I have double checked configuration on wildix side, and it is identical for chan_sip and for chan_pjsip.
> SIP trunk settings in chan_sip:
> {noformat}
> [wildix]
> description=wildix
> defaultuser=wildix
> secret=e6NrLEcLG6T3
> disallow=all
> type=friend
> allow=alaw
> host=dynamic
> transport=udp,tcp
> port=5060
> qualifyfreq=60
> qualify=3000
> canreinvite=no
> dtmfmode=auto
> progressinband=never
> nat=force_rport,comedia
> directrtpsetup=no
> directmedia=no
> context=incoming
> insecure=port,invite
> ;trustrpid = yes
> sendrpid = yes
> sendrpid = pai
> rpid_update = yes
> accountcode=wildix
> {noformat}
> SIP trunk settings in chan_pjsip:
> {noformat}
> [wildix]
> type = aor
> max_contacts = 1
> qualify_frequency = 60
> [wildix]
> type = auth
> username = wildix
> password = e6NrLEcLG6T3
> [wildix]
> type=identify
> endpoint=wildix
> match=AAA.AAA.AAA.AAA:5062/32
> [wildix]
> type = endpoint
> context = incoming
> dtmf_mode = auto
> disallow = all
> allow = alaw
> rtp_symmetric = yes
> force_rport = yes
> rewrite_contact = yes
> timers = no
> direct_media = no
> send_rpid = yes
> inband_progress = no
> tos_audio = ef
> tos_video = af41
> auth = wildix
> aors = wildix
> accountcode = wildix
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list