<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Frank Bulk wrote:
<blockquote
cite="mid!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5%2F+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAADgGc70BjJdT43UBzs+0tJ3AQAAAAA=@iname.com"
type="cite">
<pre wrap="">This is what I have in my configuration now:
[ACME]
host=sip.acme.com
username=username
secret=password
type=friend
</pre>
</blockquote>
Your problem is you are trying to do authenticate by host and by
username at the same time. That does not work in asterisk. You should
be seeing a Warning message in the console saying something like:<br>
<br>
check_auth: username mismatch, have <ACME>, digest has
<username><br>
<br>
That means you already matched to sip.conf entry ACME, but the digest
has a different username, so it fails. You can fix it by setting the
paramters in the CS1500 to have the username = ACME. That way the
digest will come in as:<br>
<br>
Digest username="ACME" ...bla bla bla<br>
<br>
Andres<br>
<a class="moz-txt-link-freetext" href="http://www.telesip.net">http://www.telesip.net</a><br>
<blockquote
cite="mid!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5%2F+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAADgGc70BjJdT43UBzs+0tJ3AQAAAAA=@iname.com"
type="cite">
<pre wrap="">
I've done a SIP debug before, but I've done it again with the above
configuration:
No user '5551236049' in SIP users list
Found peer 'ACME' for '5551236049' from 172.16.10.40:5060
after which "SIP/2.0 401 Unauthorized" is issued after the un-authenticated
INVITE and "SIP/2.0 403 Forbidden" after the authenticated INVITE.
When I add "insecure=very", this is what the SIP debug shows:
No user '5551236049' in SIP users list
Found peer 'ACME' for '5551236049' from 172.16.10.40:5060
Found RTP audio format 0
Peer audio RTP is at port 172.16.10.65:36272
Found audio description format PCMU for ID 0
Capabilities: us - 0xc (ulaw|alaw), peer - audio=0x4
(ulaw)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0x4 (ulaw)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event), peer -
0x0 (nothing), combined - 0x0 (nothing)
Peer audio RTP is at port 172.16.10.65:36272
Looking for +15552127020 in from-sip-external (domain sip.acme.com)
list_route: hop: <a class="moz-txt-link-rfc2396E" href="sip:5551236049@172.16.10.40"><sip:5551236049@172.16.10.40></a>
It isn't very clear (to me) from the success how the "insecure=very" helps.
</pre>
</blockquote>
<br>
<blockquote
cite="mid!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5%2F+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAADgGc70BjJdT43UBzs+0tJ3AQAAAAA=@iname.com"
type="cite">
<pre wrap="">Frank
-----Original Message-----
From: Andres [<a class="moz-txt-link-freetext" href="mailto:andres@telesip.net">mailto:andres@telesip.net</a>]
Sent: Monday, January 05, 2009 7:43 PM
To: <a class="moz-txt-link-abbreviated" href="mailto:frnkblk@iname.com">frnkblk@iname.com</a>; Asterisk Users Mailing List - Non-Commercial
Discussion
Subject: Re: [asterisk-users] Incoming side of SIP trunk does not work
unless I add "insecure=very"
Frank Bulk - iName.com wrote:
</pre>
<blockquote type="cite">
<pre wrap="">The incoming (Class 5 switch to Asterisk PBX) side of a SIP trunk does not
work unless I add "insecure=very" to my "Outgoing settings", but I don't
want to do that. I do want to authenticate. Outgoing (Asterisk PBX to
Class 5 switch) calls do authenticate and work.
The Nortel CS 1500 I'm using as the PSTN-side of my SIP trunk has a
</pre>
</blockquote>
<pre wrap=""><!---->username
</pre>
<blockquote type="cite">
<pre wrap="">and password that it's sending out. But the INVITE is responded by the
Asterisk with "SIP/2.0 403 Forbidden"
I've changed the INVITE message to mask the real telephone numbers, SIP
server, passwords, and IP addresses, but I did that using search and
</pre>
</blockquote>
<pre wrap=""><!---->replace
</pre>
<blockquote type="cite">
<pre wrap="">so the structure is intact.
What do I need to configure in the "Incoming Settings" panel for the CS
1500's INVITE to my Asterisk server to work? I've tried all kinds of
combinations of user,username,authname using +15552027020,host with IP
and/or DNS name, but nothing appears to work.
</pre>
</blockquote>
<pre wrap=""><!---->Do a sip debug on the asterisk console and see if it is actually is
matching one of your sip.conf entries during an invite from the CS1500.
Look for a line that says something like 'Found Peer....bla bla bla'.
If you dont see that line, then you are not even adding the correct
sip.conf entry to match the invite from the CS1500.
Andres
<a class="moz-txt-link-freetext" href="http://www.telesip.net">http://www.telesip.net</a>
</pre>
<blockquote type="cite">
<pre wrap="">Frank
INVITE message from Wireshark packet capture:
INVITE <a class="moz-txt-link-freetext" href="sip:+15552027020@sip.acme.com">sip:+15552027020@sip.acme.com</a> SIP/2.0
From:
<a class="moz-txt-link-rfc2396E" href="sip:5552022441@172.16.10.40"><sip:5552022441@172.16.10.40></a>;tag=f76c66d0-c7784528-13c4-2dbba4-767e6552-2d
</pre>
</blockquote>
<pre wrap=""><!---->b
</pre>
<blockquote type="cite">
<pre wrap="">ba4
To: <a class="moz-txt-link-rfc2396E" href="sip:+15552027020@sip.acme.com"><sip:+15552027020@sip.acme.com></a>
Call-ID: <a class="moz-txt-link-abbreviated" href="mailto:f379f62-29173-3895-b14271f5-40802-45378@172.16.10.40">f379f62-29173-3895-b14271f5-40802-45378@172.16.10.40</a>
CSeq: 5102 INVITE
Via: SIP/2.0/UDP 172.16.10.40:5060;branch=z9hG4bK-2dbba4-b2a4fa3a-7cd7598
User-Agent: Nortel CS1500UA/v02.00.REL01
Accept: application/sdp
P-Asserted-Identity: <a class="moz-txt-link-rfc2396E" href="sip:5552022441@172.16.10.40;user=phone"><sip:5552022441@172.16.10.40;user=phone></a>
Privacy: none
Remote-Party-ID: <a class="moz-txt-link-rfc2396E" href="sip:5552022441@172.16.10.40;user=phone"><sip:5552022441@172.16.10.40;user=phone></a>; party=calling;
privacy=off
Max-Forwards: 70
Supported: 100rel,replaces
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, REFER, PRACK
Contact: <a class="moz-txt-link-rfc2396E" href="sip:5552022441@172.16.10.40"><sip:5552022441@172.16.10.40></a>
Authorization: Digest
username="username",realm="asterisk",nonce="118af2b0",uri="<a class="moz-txt-link-freetext" href="sip:+15552027020">sip:+15552027020</a>
</pre>
</blockquote>
<pre wrap=""><!---->@
</pre>
<blockquote type="cite">
<pre wrap="">sip.acme.com",response="111e63ec2a1f3ebabefe4f7dae4087a1",algorithm=MD5
Content-Type: application/SDP
Content-Length: 167
v=0
o=- 2973921782 2973921782 IN IP4 172.16.10.65
s=SIP Call
c=IN IP4 172.16.10.65
t=0 0
m=audio 36224 RTP/AVP 0
a=rtpmap:0 PCMU/8000
a=ptime:20
a=sendrecv
_______________________________________________
-- Bandwidth and Colocation Provided by <a class="moz-txt-link-freetext" href="http://www.api-digital.com">http://www.api-digital.com</a> --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
<a class="moz-txt-link-freetext" href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a>
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
</blockquote>
<br>
</body>
</html>