[asterisk-bugs] [JIRA] (ASTERISK-29659) res_pjsip: Authentication fails with wildix

Joshua C. Colp (JIRA) noreply at issues.asterisk.org
Mon Sep 20 05:02:33 CDT 2021 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=256357#comment-256357 ] 

Joshua C. Colp commented on ASTERISK-29659:
-------------------------------------------

You can't have two identify sections with the same match information, it would have no way of knowing which is the correct one to use since it matches based on IP address/port alone. You either have to use different ports or use a different matching mechanism (such as based on username in the From header).

> res_pjsip: Authentication fails with wildix
> -------------------------------------------
>
>                 Key: ASTERISK-29659
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29659
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip, Resources/res_pjsip
>    Affects Versions: 16.20.0
>            Reporter: Stanislav Abramenkov
>            Assignee: Unassigned
>         Attachments: connection_schema_002.jpeg, connection_shema_001.jpeg
>
>
> Hello,
> I have problem with registration SIP trunk using chan_pjsip.
> Every time the device sends a registration, I get the following notice: 
> {noformat}
> NOTICE[811]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'REGISTER' from '<sip:wildix at XXX.XXX.XXX.YYY>' failed for 'AAA.AAA.AAA.AAA:5062' (callid: b1c25da9455a50d1) - Failed to authenticate
> {noformat}
> The same device (Wildix) properly registers to asterisk using chan_sip.
> REGISTER package in chan_sip looks like this
> {noformat}
> Authorization: Digest username="wildix",realm="asterisk",nonce="5f2836de",uri="sip:XXX.XXX.XXX.XXX:5060",response="2b291572a571f6a60d7946989be50151",algorithm=MD5
> Authentication Scheme: Digest
> Username: "wildix"
> Realm: "asterisk"
> Nonce Value: "5f2836de"
> Authentication URI: "sip:XXX.XXX.XXX.XXX:5060"
> Digest Authentication Response: "2b291572a571f6a60d7946989be50151"
> Algorithm: MD5
> {noformat}
> But in pjsip REGISTER package looks like
> {noformat}
> [truncated]Authorization: Digest username="wildix",realm="asterisk",nonce="1631876453/f814683d0e1942cfcbb09ca72f849097",uri="sip:XXX.XXX.XXX.YYY:5060",response="e56b4e054d99f21d57bfeb148ab94a1f",algorithm=md5,opaque="4672ff0a1cfb56b2",qop=
> Authentication Scheme: Digest
> Username: "wildix"
> Realm: "asterisk"
> Nonce Value: "1631876453/f814683d0e1942cfcbb09ca72f849097"
> Authentication URI: "sip:XXX.XXX.XXX.YYY:5060"
> Digest Authentication Response: "e56b4e054d99f21d57bfeb148ab94a1f"
> Algorithm: md5
> Opaque Value: "4672ff0a1cfb56b2"
> QOP: auth
> CNonce Value: "f7b3c5c7"
> Nonce Count: 00000001
> {noformat}
> Why is "Nonce Value" so long and also contains "/" symbol?  
> I have double checked configuration on wildix side, and it is identical for chan_sip and for chan_pjsip.
> SIP trunk settings in chan_sip:
> {noformat}
> [wildix]
> description=wildix
> defaultuser=wildix
> secret=e6NrLEcLG6T3
> disallow=all
> type=friend
> allow=alaw
> host=dynamic
> transport=udp,tcp
> port=5060
> qualifyfreq=60
> qualify=3000
> canreinvite=no
> dtmfmode=auto
> progressinband=never
> nat=force_rport,comedia
> directrtpsetup=no
> directmedia=no
> context=incoming
> insecure=port,invite
> ;trustrpid = yes
> sendrpid = yes
> sendrpid = pai
> rpid_update = yes
> accountcode=wildix
> {noformat}
> SIP trunk settings in chan_pjsip:
> {noformat}
> [wildix]
> type = aor
> max_contacts = 1
> qualify_frequency = 60
> [wildix]
> type = auth
> username = wildix
> password = e6NrLEcLG6T3
> [wildix]
> type=identify
> endpoint=wildix
> match=AAA.AAA.AAA.AAA:5062/32
> [wildix]
> type = endpoint
> context = incoming
> dtmf_mode = auto
> disallow = all
> allow = alaw
> rtp_symmetric = yes
> force_rport = yes
> rewrite_contact = yes
> timers = no
> direct_media = no
> send_rpid = yes
> inband_progress = no
> tos_audio = ef
> tos_video = af41
> auth = wildix
> aors = wildix
> accountcode = wildix
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list