[asterisk-users] Re: Asterisk and Max TNT PRI to SIP Authentication Issue, a little closer

JR Richardson jmr.richardson at gmail.com
Wed Nov 8 13:18:16 MST 2006 

After mocking up an unauthenticated call from a different device, a
spa942 phone, I found something strange in the SIP debug between the
phone and the TNT.

Asterisk is accepting unauthenticated calls as long as there is not a
"user" in the SIP header from the calling device.

Invite from the MAX: does not get passed to the dial plan

<-- SIP read from 10.10.14.131:5060:
INVITE sip:2145551212 at 10.10.14.121:5060;user=phone SIP/2.0
To:   <sip:2145551212 at 10.10.14.121:5060;user=phone>
From: "NO CID NAME"
<sip:1239 at 10.10.14.131:5060;user=phone>;tag=1e82fc7f-1fb33c15-830e0a0a
Remote-Party-Id: "NO CID NAME"
<sip:1239 at 10.10.14.131:5060;user=phone>;screen=no;id-type=subscriber;party=calling;privacy=off
Call-ID: a09233dd-4a-1fb33c15 at 10.10.14.131
CSeq: 803597 INVITE
Via: SIP/2.0/UDP 10.10.14.131:5060;branch=z9hG4bK007aa1ced4ace55a
Max-Forwards: 70
Contact: <sip:1239 at 10.10.14.131:5060;user=phone>
Supported: replaces
Content-Type: application/sdp
Accept: application/sdp
Accept-Encoding:
Accept-Language: en
User-Agent: Lucent-Universal-Gateway
Content-Length: 232

Invite from the phone: gets passed to the dial plan in the [general] context=

<-- SIP read from 10.10.11.51:5060:
INVITE sip:2145551212 at 10.10.14.121 SIP/2.0
Via: SIP/2.0/UDP 10.10.11.51:5060;branch=z9hG4bK-9fd7c0a9
From: "2001" <sip:2001 at 10.10.11.50>;tag=59f6242028d88691o0
To: <sip:2145551212 at 10.10.14.121>
Call-ID: ec4c728c-9f2aab15 at 10.10.11.51
CSeq: 101 INVITE
Max-Forwards: 70
Contact: "2001" <sip:1001 at 10.10.11.51:5060>
Expires: 240
User-Agent: Linksys/SPA942-4.1.12(a)
Content-Length: 391
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Content-Type: application/sdp

The invite string from the TNT:
INVITE sip:2145551212 at 10.10.14.121:5060;user=phone SIP/2.0

The invite string from the phone:
INVITE sip:2145551212 at 10.10.14.121 SIP/2.0

It appears that if a user= field is in the invite message, Asterisk
looks for a user context and requires authentication.

So the insecure=port,invite option should also include an
insecure=user option to disregard any user info in the invite.  Is
there is another mechanism in Asterisk to disregard any user info from
an invite?

Thanks.

JR
-- 
JR Richardson
Engineering for the Masses

More information about the asterisk-users mailing list