[asterisk-dev] Fwd: Asterisk and Max TNT PRI to SIP Authentication Issue, a little closer

JR Richardson jmr.richardson at gmail.com
Wed Nov 8 15:21:42 MST 2006 

Sorry for the cross post.  I really think this needs to be brought to
developers attention, I could be wrong though.

I've also been working with some TNT folks to see if I can get the TNT
not to send user=phone in the sip invite.

Does anyone know of a solution to tell Asterisk sip not require
authentication if there is a user= within the invite?
insecure=port,invite is not doing anything for me.

Thanks.

JR


---------- Forwarded message ----------
From: JR Richardson <jmr.richardson at gmail.com>
Date: Nov 8, 2006 2:18 PM
Subject: Re: Asterisk and Max TNT PRI to SIP Authentication Issue, a
little closer
To: asterisk-users at lists.digium.com


After mocking up an unauthenticated call from a different device, a
spa942 phone, I found something strange in the SIP debug between the
phone and the TNT.

Asterisk is accepting unauthenticated calls as long as there is not a
"user" in the SIP header from the calling device.

Invite from the MAX: does not get passed to the dial plan

<-- SIP read from 10.10.14.131:5060:
INVITE sip:2145551212 at 10.10.14.121:5060;user=phone SIP/2.0
To:   <sip:2145551212 at 10.10.14.121:5060;user=phone>
From: "NO CID NAME"
<sip:1239 at 10.10.14.131:5060;user=phone>;tag=1e82fc7f-1fb33c15-830e0a0a
Remote-Party-Id: "NO CID NAME"
<sip:1239 at 10.10.14.131:5060;user=phone>;screen=no;id-type=subscriber;party=calling;privacy=off
Call-ID: a09233dd-4a-1fb33c15 at 10.10.14.131
CSeq: 803597 INVITE
Via: SIP/2.0/UDP 10.10.14.131:5060;branch=z9hG4bK007aa1ced4ace55a
Max-Forwards: 70
Contact: <sip:1239 at 10.10.14.131:5060;user=phone>
Supported: replaces
Content-Type: application/sdp
Accept: application/sdp
Accept-Encoding:
Accept-Language: en
User-Agent: Lucent-Universal-Gateway
Content-Length: 232

Invite from the phone: gets passed to the dial plan in the [general] context=

<-- SIP read from 10.10.11.51:5060:
INVITE sip:2145551212 at 10.10.14.121 SIP/2.0
Via: SIP/2.0/UDP 10.10.11.51:5060;branch=z9hG4bK-9fd7c0a9
From: "2001" <sip:2001 at 10.10.11.50>;tag=59f6242028d88691o0
To: <sip:2145551212 at 10.10.14.121>
Call-ID: ec4c728c-9f2aab15 at 10.10.11.51
CSeq: 101 INVITE
Max-Forwards: 70
Contact: "2001" <sip:1001 at 10.10.11.51:5060>
Expires: 240
User-Agent: Linksys/SPA942-4.1.12(a)
Content-Length: 391
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Content-Type: application/sdp

The invite string from the TNT:
INVITE sip:2145551212 at 10.10.14.121:5060;user=phone SIP/2.0

The invite string from the phone:
INVITE sip:2145551212 at 10.10.14.121 SIP/2.0

It appears that if a user= field is in the invite message, Asterisk
looks for a user context and requires authentication.

So the insecure=port,invite option should also include an
insecure=user option to disregard any user info in the invite.  Is
there is another mechanism in Asterisk to disregard any user info from
an invite?

Thanks.

JR
--
JR Richardson
Engineering for the Masses

More information about the asterisk-dev mailing list