[Asterisk-Users] SIP "403 Forbidden" Errors...

Conall O'Brien conall+asterisk at conall.net
Mon Dec 26 23:20:04 MST 2005 

Hello,


I'm having a few problems getting X-Lite and a Cisco 7960G to
authenticate with SIP enabled Asterisk 1.0.8 server running on FreeBSD
6. I'm initially trying to get X-Lite to auth with Asterisk, since the
7960G appears to be failing in the exact same way.


My sip.conf is relatively simple (I don't use NAT):

[general]
recordhistory=yes    
realm=infocad.ie     
port=5060            
bindaddr=83.141.83.1 
srvlookup=yes        
nat=never
localnet=83.141.83.0/26
allow=all
context=default
language=en

[thog]
context=default
type=friend
username=thog
secret=password
auth=md5
;qualify=yes                    
host=dynamic                    
canreinvite=no                  
accountcode=thog
allow=all


My dialplan is even simpler:


[default]
exten => 101,1,Dial(SIP/thog,20)
exten => 101,2,Hangup()

exten => 500,1,Playback(demo-abouttotry)
exten => 500,2,Dial(IAX2/guest at misery.digium.com/s at default)
exten => 500,3,Playback(demo-nogo)
exten => 500,4,Goto(s,6)

exten => 611,1,Echo()
exten => 611,2,Hangup()


Yet, when I enable SIP debugging for my "thog" peer, I keep seeing 403
Forbidden errors. See below for a debug example.


Can anyone help me resolve this issue please? 


Sip read: 
INVITE sip:500 at infocad.ie SIP/2.0
Via: SIP/2.0/UDP
83.141.83.17:5060;rport;branch=z9hG4bK5CFB75A4769F11DAAB77000A95D5E68A
=46rom: Conall O'Brien <sip:thog at infocad.ie>;tag=418327731
To: <sip:500 at infocad.ie>
Contact: <sip:thog at 83.141.83.17:5060>
Call-ID: 59377D0A-769F-11DA-AB77-000A95D5E68A at 83.141.83.17
CSeq: 16744 INVITE
Max-Forwards: 70
Content-Type: application/sdp
User-Agent: X-Lite release 1103m
Content-Length: 266

v=0
o=thog 19605225 19605410 IN IP4 83.141.83.17
s=X-Lite
c=IN IP4 83.141.83.17
t=0 0
m=audio 8000 RTP/AVP 0 8 3 98 101
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:3 gsm/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

11 headers, 12 lines
Using latest request as basis request
Sending to 83.141.83.17 : 5060 (non-NAT)
Reliably Transmitting (no NAT):
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP
83.141.83.17:5060;branch=z9hG4bK5CFB75A4769F11DAAB77000A95D5E68A
=46rom: Conall O'Brien <sip:thog at infocad.ie>;tag=418327731
To: <sip:500 at infocad.ie>;tag=as1a3d3394
Call-ID: 59377D0A-769F-11DA-AB77-000A95D5E68A at 83.141.83.17
CSeq: 16744 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
Contact: <sip:500 at 83.141.83.1>
Proxy-Authenticate: Digest realm="infocad.ie", nonce=3D"28054701"
Content-Length: 0


 to 83.141.83.17:5060
Scheduling destruction of call
'59377D0A-769F-11DA-AB77-000A95D5E68A at 83.141.83.17' in 15000 ms
Found user 'thog'

Sip read: 
ACK sip:500 at infocad.ie SIP/2.0
Via: SIP/2.0/UDP
83.141.83.17:5060;rport;branch=z9hG4bK5CFB75A4769F11DAAB77000A95D5E68A
=46rom: Conall O'Brien <sip:thog at infocad.ie>;tag=418327731
To: <sip:500 at infocad.ie>;tag=as1a3d3394
Contact: <sip:thog at 83.141.83.17:5060>
Call-ID: 59377D0A-769F-11DA-AB77-000A95D5E68A at 83.141.83.17
CSeq: 16744 ACK
Max-Forwards: 70
Content-Length: 0


9 headers, 0 lines

Sip read: 
INVITE sip:500 at infocad.ie SIP/2.0
Via: SIP/2.0/UDP
83.141.83.17:5060;rport;branch=z9hG4bK5D0C6E86769F11DAAB77000A95D5E68A
=46rom: Conall O'Brien <sip:thog at infocad.ie>;tag=418327731
To: <sip:500 at infocad.ie>
Contact: <sip:thog at 83.141.83.17:5060>
Call-ID: 59377D0A-769F-11DA-AB77-000A95D5E68A at 83.141.83.17
CSeq: 16745 INVITE
Proxy-Authorization: Digest
username="thog",realm=3D"infocad.ie",nonce=3D"28054701",response=3D"1253d=
17b2d25d0bce181b3971f89e600",uri="sip:500 at infocad.ie"
Max-Forwards: 70
Content-Type: application/sdp
User-Agent: X-Lite release 1103m
Content-Length: 266

v=0
o=thog 19605225 19605410 IN IP4 83.141.83.17
s=X-Lite
c=IN IP4 83.141.83.17
t=0 0
m=audio 8000 RTP/AVP 0 8 3 98 101
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:3 gsm/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

12 headers, 12 lines
Using latest request as basis request
Sending to 83.141.83.17 : 5060 (non-NAT)
Found user 'thog'
Found RTP audio format 0
Found RTP audio format 8
Found RTP audio format 3
Found RTP audio format 98
Found RTP audio format 101
Peer audio RTP is at port 83.141.83.17:8000
Found description format pcmu
Found description format pcma
Found description format gsm
Found description format iLBC
Found description format telephone-event
Capabilities: us - 0xf07ff
(g723|gsm|ulaw|alaw|g726|adpcm|slin|lpc10|g729|speex|ilbc|jpeg|png|h261|h26=
3),
peer - audio=0x40e (gsm|ulaw|alaw|ilbc)/video=3D0x0 (nothing), combined -
0x40e (gsm|ulaw|alaw|ilbc)
Non-codec capabilities: us - 0x1 (g723), peer - 0x1 (g723), combined -
0x1 (g723)
Looking for 500 in default
list_route: hop: <sip:thog at 83.141.83.17:5060>
Transmitting (no NAT):
SIP/2.0 100 Trying
Via: SIP/2.0/UDP
83.141.83.17:5060;branch=z9hG4bK5D0C6E86769F11DAAB77000A95D5E68A
=46rom: Conall O'Brien <sip:thog at infocad.ie>;tag=418327731
To: <sip:500 at infocad.ie>
Call-ID: 59377D0A-769F-11DA-AB77-000A95D5E68A at 83.141.83.17
CSeq: 16745 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
Contact: <sip:500 at 83.141.83.1>
Content-Length: 0


 to 83.141.83.17:5060
  ==3D Spawn extension (default, 500, 1) exited non-zero on
'SIP/thog-b611'
Reliably Transmitting (no NAT):
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP
83.141.83.17:5060;branch=z9hG4bK5D0C6E86769F11DAAB77000A95D5E68A
=46rom: Conall O'Brien <sip:thog at infocad.ie>;tag=418327731
To: <sip:500 at infocad.ie>;tag=as7278a72d
Call-ID: 59377D0A-769F-11DA-AB77-000A95D5E68A at 83.141.83.17
CSeq: 16745 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
Contact: <sip:500 at 83.141.83.1>
Content-Length: 0

 to 83.141.83.17:5060

Sip read: 
ACK sip:500 at infocad.ie SIP/2.0
Via: SIP/2.0/UDP
83.141.83.17:5060;rport;branch=z9hG4bK5D0C6E86769F11DAAB77000A95D5E68A
=46rom: Conall O'Brien <sip:thog at infocad.ie>;tag=418327731
To: <sip:500 at infocad.ie>;tag=as7278a72d
Contact: <sip:thog at 83.141.83.17:5060>
Call-ID: 59377D0A-769F-11DA-AB77-000A95D5E68A at 83.141.83.17
CSeq: 16745 ACK
Max-Forwards: 70
Content-Length: 0


9 headers, 0 lines

-- 

Conall O'Brien

http://www.conall.net

GPG Key: http://www.conall.net/gpg/

I don't live in fantasy; I only work there.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20051226/e28e2331/attachment.pgp

More information about the asterisk-users mailing list