[asterisk-users] multi step auth?

Jeff LaCoursiere jeff at stratustalk.com
Tue May 8 14:36:22 CDT 2018


Hi,

We have been using Voxbone for some time for origination, and they now 
offer E911 services.  We are trying to set this up and having trouble 
meeting their authentication requirements.

I setup a peer as I normally would, with user/pass as they supplied 
("lacoursj", "pass"), but my calls are rejected.  Their support is 
asking that I follow this auth mechanism:

1st step - You send an INVITE message.
2nd step - We respond with a 407.
3rd step - You send a RE INVITE message including your credentials.

  The tricky bit seems to be that they want the original INVITE to look 
like:

From: <sip:*17864089672*@X.X.X.X:60060>;tag=as00771983.
To: <sip:777 at voxout.voxbone.com>.
Contact: <sip:*17864089672*@X.X.X.X:60060>.

The "1786..." above is meant to be the DID number that is placing the 
911 call. Our DID numbers don't have peer or user entries in sip.conf. 
My peer isn't sending that, though, it is sending:

From: <sip:*lacoursj*@X.X.X.X:60060>;tag=as00771983.
To: <sip:777 at voxout.voxbone.com>.
Contact: <sip:*lacoursj*@X.X.X.X:60060>.

They claim that 'lacoursj' shouldn't be sent until step 3.

I have never been asked to authenticate this way... can asterisk 
chan_sip do it?

Cheers,

j
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20180508/ca1aa118/attachment.html>


More information about the asterisk-users mailing list