[asterisk-users] Unable to REGISTER to the Asterisk v1.8.3.3 server via SIP/TLS
GNUbie
gnubie at gmail.com
Sat May 7 19:59:15 CDT 2011
Hello all,
I have installed the .deb packages of the Asterisk v1.8.3.3 from the
upstream project on my Debian GNU/Linux Squeeze server and bought the
Comodo's PossitiveSSL SSL certificate to be used for my SIP/TLS
exercise. After setting up everything and trying to fix this problem,
I am still getting a 401 Unauthorized SIP message. So as of this
writing, I still cannot successfully REGISTER to my Asterisk box.
Below are the snippets of my Asterisk and SNOM 300 configurations
including the logs for your reference.
I hope anyone from this community can help me solve this problem. A
HOWTO of a similar scenario will help a lot.
Thank you in advance.
Regards,
GNUbie
- - - ASTERISK v1.8.3.3 - - -
[ /etc/asterisk/sip.conf ]
[general]
...
...
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/pbx.domain.com.pem
tlscipher=ALL
tlsclientmethod=tlsv1
tlsbindport=5061
externtlsport=5061
externtcpport=5061
tcpbindaddr=0.0.0.0
tcpbindport=5061
tcpenable=yes
srvlookup=yes
[361]
username=361
secret=*******
callerid="361-tls"<361>
mailbox=361 at family
context=family
transport=tls
port=5061
type=friend
host=dynamic
dtmfmode=rfc2833
canreinvite=no
nat=yes
qualify=yes
autoframing=yes
encryption=yes
*CLI> core show version
Asterisk 1.8.3.3-1digium1~squeeze built by pbuilder @ nighthawk on a
x86_64 running Linux on 2011-04-22 17:50:44 UTC
*CLI> sip show settings
Global Settings:
----------------
UDP Bindaddress: 0.0.0.0:5060
TCP SIP Bindaddress: 0.0.0.0:5060
TLS SIP Bindaddress: 0.0.0.0:5061
Videosupport: No
Textsupport: No
Ignore SDP sess. ver.: No
AutoCreate Peer: No
Match Auth Username: No
Allow unknown access: No
Allow subscriptions: Yes
Allow overlap dialing: Yes
Allow promsic. redir: No
Enable call counters: No
SIP domain support: Yes
Realm. auth: No
Our auth realm pbx.domain.com
Use domains as realms: No
Call to non-local dom.: Yes
URI user is phone no: No
Always auth rejects: Yes
Direct RTP setup: No
User Agent: "Asterisk rocks!"
SDP Session Name: Asterisk PBX 1.8.3.3-1digium1~squeeze
SDP Owner Name: root
Reg. context: (not set)
Regexten on Qualify: No
Caller ID: asterisk
From: Domain:
Record SIP history: Off
Call Events: Off
Auth. Failure Events: Off
T.38 support: No
T.38 EC mode: Unknown
T.38 MaxDtgrm: -1
SIP realtime: Disabled
Qualify Freq : 60000 ms
Q.850 Reason header: No
Network QoS Settings:
---------------------------
IP ToS SIP: CS0
IP ToS RTP audio: CS0
IP ToS RTP video: CS0
IP ToS RTP text: CS0
802.1p CoS SIP: 4
802.1p CoS RTP audio: 5
802.1p CoS RTP video: 6
802.1p CoS RTP text: 5
Jitterbuffer enabled: Yes
Jitterbuffer forced: No
Jitterbuffer max size: 200
Jitterbuffer resync: 1200
Jitterbuffer impl: fixed
Jitterbuffer log: No
Network Settings:
---------------------------
SIP address remapping: Enabled using externhost
Externhost: pbx.domain.com
externaddr: 11.22.33.44:0
Externrefresh: 10
Localnet: 192.168.101.0/255.255.255.0
Global Signalling Settings:
---------------------------
Codecs: 0x60e (gsm|ulaw|alaw|speex|ilbc)
Codec Order: ulaw:20,alaw:20,gsm:20,speex:20,ilbc:30
Relax DTMF: No
RFC2833 Compensation: No
Symmetric RTP: No
Compact SIP headers: No
RTP Keepalive: 0 (Disabled)
RTP Timeout: 15
RTP Hold Timeout: 0 (Disabled)
MWI NOTIFY mime type: application/simple-message-summary
DNS SRV lookup: Yes
Pedantic SIP support: Yes
Reg. min duration 1800 secs
Reg. max duration: 3600 secs
Reg. default duration: 120 secs
Outbound reg. timeout: 20 secs
Outbound reg. attempts: 0
Notify ringing state: Yes
Include CID: No
Notify hold state: No
SIP Transfer mode: open
Max Call Bitrate: 384 kbps
Auto-Framing: No
Outb. proxy: <not set>
Session Timers: Refuse
Session Refresher: uas
Session Expires: 1800 secs
Session Min-SE: 90 secs
Timer T1: 3000
Timer T1 minimum: 100
Timer B: 192000
No premature media: Yes
Max forwards: 70
Default Settings:
-----------------
Allowed transports: UDP
Outbound transport: UDP
Context: default
Force rport: No
DTMF: rfc2833
Qualify: 0
Use ClientCode: No
Progress inband: Never
Language:
MOH Interpret: default
MOH Suggest:
Voice Mail Extension: asterisk
*CLI> sip show peer 361
* Name : 361
Secret : <Set>
MD5Secret : <Not set>
Remote Secret: <Not set>
Context : family
Subscr.Cont. : <Not set>
Language :
AMA flags : Unknown
Transfer mode: open
CallingPres : Presentation Allowed, Not Screened
Callgroup :
Pickupgroup :
MOH Suggest :
Mailbox : 361 at family
VM Extension : asterisk
LastMsgsSent : 32767/65535
Call limit : 0
Max forwards : 0
Dynamic : Yes
Callerid : "361-tls" <361>
MaxCallBR : 384 kbps
Expire : -1
Insecure : no
Force rport : Yes
ACL : No
DirectMedACL : No
T.38 support : No
T.38 EC mode : Unknown
T.38 MaxDtgrm: -1
DirectMedia : No
PromiscRedir : No
User=Phone : No
Video Support: No
Text Support : No
Ign SDP ver : No
Trust RPID : No
Send RPID : No
Subscriptions: Yes
Overlap dial : Yes
DTMFmode : rfc2833
Timer T1 : 3000
Timer B : 192000
ToHost :
Addr->IP : (null)
Defaddr->IP : (null)
Prim.Transp. : TLS
Allowed.Trsp : TLS
Def. Username: 361
SIP Options : (none)
Codecs : 0x60e (gsm|ulaw|alaw|speex|ilbc)
Codec Order : (ulaw:20,alaw:20,gsm:20,speex:20,ilbc:30)
Auto-Framing : Yes
100 on REG : No
Status : UNKNOWN
Useragent :
Reg. Contact :
Qualify Freq : 60000 ms
Sess-Timers : Refuse
Sess-Refresh : uas
Sess-Expires : 1800 secs
Min-Sess : 90 secs
RTP Engine : asterisk
Parkinglot :
Use Reason : No
Encryption : Yes
<--- SIP read from TLS:192.168.101.102:2061 --->
REGISTER sip:pbx.domain.com SIP/2.0
Via: SIP/2.0/TLS 192.168.101.102:2061;branch=z9hG4bK-b6veg4r2tybi;rport
From: "361" <sip:361 at pbx.domain.com>;tag=6ulxay5gxm
To: "361" <sip:361 at pbx.domain.com>
Call-ID: 3c26701f2ede-afeuhg58c60m
CSeq: 7 REGISTER
Max-Forwards: 70
Contact: <sip:361 at 192.168.101.102:2061;transport=tls>;reg-id=1;q=1.0;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods="INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO"
User-Agent: snom300/8.4.31
Allow-Events: dialog
X-Real-IP: 192.168.101.102
Supported: path, gruu
Expires: 3600
Content-Length: 0
<------------->
--- (14 headers 0 lines) ---
Sending to 192.168.101.102:2061 (no NAT)
<--- Transmitting (NAT) to 192.168.101.102:2061 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS
192.168.101.102:2061;branch=z9hG4bK-b6veg4r2tybi;received=192.168.101.102;rport=2061
From: "361" <sip:361 at pbx.domain.com>;tag=6ulxay5gxm
To: "361" <sip:361 at pbx.domain.com>;tag=as16189b66
Call-ID: 3c26701f2ede-afeuhg58c60m
CSeq: 7 REGISTER
Server: "Asterisk rocks!"
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
INFO, PUBLISH
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm="pbx.domain.com", nonce="6408e8c3"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '3c26701f2ede-afeuhg58c60m' in
192000 ms (Method: REGISTER)
<--- SIP read from TLS:192.168.101.102:2061 --->
REGISTER sip:pbx.domain.com SIP/2.0
Via: SIP/2.0/TLS 192.168.101.102:2061;branch=z9hG4bK-9cuvn4fglawu;rport
From: "361" <sip:361 at pbx.domain.com>;tag=hr7nz4nopk
To: "361" <sip:361 at pbx.domain.com>
Call-ID: 3c26701f2ede-afeuhg58c60m
CSeq: 8 REGISTER
Max-Forwards: 70
Contact: <sip:361 at 192.168.101.102:2061;transport=tls>;reg-id=1;q=1.0;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods="INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO"
User-Agent: snom300/8.4.31
Allow-Events: dialog
X-Real-IP: 192.168.101.102
Supported: path, gruu
Expires: 3600
Content-Length: 0
<------------->
--- (14 headers 0 lines) ---
Sending to 192.168.101.102:2061 (no NAT)
<--- Transmitting (NAT) to 192.168.101.102:2061 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS
192.168.101.102:2061;branch=z9hG4bK-9cuvn4fglawu;received=192.168.101.102;rport=2061
From: "361" <sip:361 at pbx.domain.com>;tag=hr7nz4nopk
To: "361" <sip:361 at pbx.domain.com>;tag=as6231d59a
Call-ID: 3c26701f2ede-afeuhg58c60m
CSeq: 8 REGISTER
Server: "Asterisk rocks!"
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
INFO, PUBLISH
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm="pbx.domain.com", nonce="6ea5895a"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '3c26701f2ede-afeuhg58c60m' in
192000 ms (Method: REGISTER)
- - - SNOM 300 - - -
[ Setup > Identity 1 > Login ]
Displayname: 361
Account: 361
Password: ********
Registrar: pbx.domain.com
Outbound Proxy: sips:pbx.domain.com:5061
Authentication Username: 361
- - -
[ Setup > Certificates > Server Certificates ]
Country: ; State: ; Locality ; Organization: ; Common Name:
pbx.domain.com; eMail:
Version: 2
Serial Number: 00b6b63eb67ed2111345253c228264d093
Signature Algorithm: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
Signature: 28ce574c9715e1e59dfc90829287ab31fdbf0e0212dc488b106e71ffaaa339610492dc091d440772...
Issuer: Country: GB; State: Greater Manchester; Locality Salford;
Organization: Comodo CA Limited; Common Name: PositiveSSL CA; eMail:
Validity: 27/04/11 - 26/04/12
SHA1-Fingerprint: 38d13c709ab1cc9b434c2f05e927239fe4ae6f19
MD5-Fingerprint: a9b62e186465055f34a04153ad7898de
PK Algorithm: 1.2.840.113549.1.1.1 (rsaEncryption)
RSA modulus: 00b90412744fd50459d807a04d007a9fd7d667189f1394f11ecd46e8556bd861526eb9be582a2631...
RSA exponent: 010001
Filename on FS: f6700ff3f3059f4c629df2bff8678aeacb291ddb.DER
- - -
[ Status > System Information ]
System Information:
Phone Type: snom300-SIP
MAC-Address: 0004132F08DC
IP-Address: 192.168.101.102
Firmware-Version: snom300-SIP 8.4.31
Firmware-URL: http://provisioning.....4.31-SIP-f.bin
Production Information: Mac:0004132F08DC;Version:Standard;Hardware:snom300
(H: R2A);Date:15/05/08;Copyright© snom technology AG
Uptime: 0 days, 1 hours, 27 minutes
LCS: 0 days, 0 hours, 53 minutes (0)
Memfree: 772 K
CPU: 0.04 0.02 0.03 1/10 96
Bootloader-Version: 1.1.3-u
SIP Identity Status:
Identity 1 Status: 361 at pbx.domain.com: Network Failure
- - -
[ Status > SIP Trace ]
Sent to tls:11.22.33.44:5061 at 24/12/2001 08:00:32:192 (729 bytes):
REGISTER sip:pbx.domain.com SIP/2.0
Via: SIP/2.0/TLS 192.168.101.102:2055;branch=z9hG4bK-9i3rt6llzqd1;rport
From: "361" <sip:361 at pbx.domain.com>;tag=hpleutmwxu
To: "361" <sip:361 at pbx.domain.com>
Call-ID: 3c26701f3456-58is2wtgld05
CSeq: 1 REGISTER
Max-Forwards: 70
Contact: <sip:361 at 192.168.101.102:2055;transport=tls>;q=1.0;reg-id=1;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods="
INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO"
User-Agent: snom300/8.4.31
Allow-Events: dialog
X-Real-IP: 192.168.101.102
Supported: path, gruu
Expires: 3600
Content-Length: 0
Sent to tls:11.22.33.44:5061 at 8/5/2011 00:24:03:610 (729 bytes):
REGISTER sip:pbx.domain.com SIP/2.0
Via: SIP/2.0/TLS 192.168.101.102:2056;branch=z9hG4bK-lriexp5iqoio;rport
From: "361" <sip:361 at pbx.domain.com>;tag=b11o8j7lk4
To: "361" <sip:361 at pbx.domain.com>
Call-ID: 3c26701f3456-58is2wtgld05
CSeq: 2 REGISTER
Max-Forwards: 70
Contact: <sip:361 at 192.168.101.102:2056;transport=tls>;reg-id=1;q=1.0;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods="
INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO"
User-Agent: snom300/8.4.31
Allow-Events: dialog
X-Real-IP: 192.168.101.102
Supported: path, gruu
Expires: 3600
Content-Length: 0
- - -
[ Status > Log ]
[0] 24/12/2001 00:00:27: Phone::uboot_version:1.1.3-u
[1] 24/12/2001 00:00:29: Conf setup: code: 500, host: 127.0.0.1:80,
file: /dummy.htm
[0] 24/12/2001 08:00:31: TaskMon: LCS 21/0 recv LPCP took 1271 msecs
[0] 24/12/2001 08:00:31: LoopMon: LCS 21 took 1271 (290/0) msecs, read
1, 3/1 tasks
[1] 24/12/2001 08:00:32: TLS: Warning: Certificate with subject
Country: ; State: ; Locality ; Organization: ; Common Name:
pbx.domain.com; eMail: has expired according to the local time of the
phone.
[0] 24/12/2001 08:00:33: TaskMon: LCS 30/0 recv LPCP took 934 msecs
[0] 24/12/2001 08:00:33: LoopMon: LCS 30 took 968 (42/32) msecs, read
1, 3/1 tasks
[0] 8/5/2011 00:22:49: TaskMon: LCS 93/0 recv LPCP took 434 msecs
[0] 8/5/2011 00:22:49: TaskMon: LCS 94/0 recv LPCP took 461 msecs
[0] 8/5/2011 00:22:50: TaskMon: LCS 96/0 recv LPCP took 576 msecs
[0] 8/5/2011 00:23:03: TaskMon: LCS 148/0 recv LPCP took 238 msecs
[2] 8/5/2011 00:23:03: Transport Error: Pending packet 1000000: generating fake
[2] 8/5/2011 00:23:03: Registrar 361 at pbx.domain.com timed out
[0] 8/5/2011 00:23:05: TaskMon: LCS 157/0 recv LPCP took 372 msecs
[0] 8/5/2011 00:23:05: LoopMon: LCS 157 took 850 (499/478) msecs, read
1, 4/1 tasks
[0] 8/5/2011 00:24:04: TaskMon: LCS 359/0 recv LPCP took 872 msecs
[0] 8/5/2011 00:24:04: LoopMon: LCS 359 took 872 (306/0) msecs, read
1, 3/1 tasks
[2] 8/5/2011 00:24:34: Transport Error: Pending packet 1000002: generating fake
[2] 8/5/2011 00:24:34: Registrar 361 at pbx.domain.com timed out
[0] 8/5/2011 00:24:48: TaskMon: LCS 508/0 recv LPCP took 443 msecs
[0] 8/5/2011 00:24:48: LoopMon: LCS 508 took 444 (16/0) msecs, read 1, 3/1 tasks
[0] 8/5/2011 00:24:48: TaskMon: LCS 509/0 recv LPCP took 506 msecs
[0] 8/5/2011 00:24:48: LoopMon: LCS 509 took 507 (72/0) msecs, read 1, 4/1 tasks
[0] 8/5/2011 00:24:49: TaskMon: LCS 510/0 recv LPCP took 1293 msecs
[0] 8/5/2011 00:24:49: LoopMon: LCS 510 took 1337 (500/0) msecs, read
1, 5/1 tasks
[0] 8/5/2011 00:25:35: TaskMon: LCS 673/0 recv LPCP took 871 msecs
[0] 8/5/2011 00:25:35: LoopMon: LCS 673 took 871 (118/0) msecs, read
1, 3/1 tasks
[2] 8/5/2011 00:26:05: Transport Error: Pending packet 1000004: generating fake
[2] 8/5/2011 00:26:05: Registrar 361 at pbx.domain.com timed out
[0] 8/5/2011 00:27:06: TaskMon: LCS 986/0 recv LPCP took 871 msecs
[0] 8/5/2011 00:27:06: LoopMon: LCS 986 took 871 (419/0) msecs, read
1, 3/1 tasks
[2] 8/5/2011 00:27:36: Transport Error: Pending packet 1000006: generating fake
[2] 8/5/2011 00:27:36: Registrar 361 at pbx.domain.com timed out
[0] 8/5/2011 00:28:37: TaskMon: LCS 1296/0 recv LPCP took 869 msecs
[0] 8/5/2011 00:28:37: LoopMon: LCS 1296 took 870 (387/0) msecs, read
1, 3/1 tasks
[2] 8/5/2011 00:29:07: Transport Error: Pending packet 1000008: generating fake
[2] 8/5/2011 00:29:07: Registrar 361 at pbx.domain.com timed out
[0] 8/5/2011 00:30:08: TaskMon: LCS 1605/0 recv LPCP took 870 msecs
[0] 8/5/2011 00:30:08: LoopMon: LCS 1605 took 871 (458/0) msecs, read
1, 3/1 tasks
[2] 8/5/2011 00:30:38: Transport Error: Pending packet 1000010: generating fake
[2] 8/5/2011 00:30:38: Registrar 361 at pbx.domain.com timed out
[0] 8/5/2011 00:31:39: TaskMon: LCS 1918/0 recv LPCP took 874 msecs
[0] 8/5/2011 00:31:39: LoopMon: LCS 1918 took 875 (346/0) msecs, read
1, 3/1 tasks
[0] 8/5/2011 00:32:03: TaskMon: LCS 1996/0 recv LPCP took 424 msecs
[0] 8/5/2011 00:32:03: LoopMon: LCS 1996 took 430 (24/4) msecs, read
1, 3/1 tasks
More information about the asterisk-users
mailing list