[asterisk-users] Incoming side of SIP trunk does not work unless I add "insecure=very"

Frank Bulk frnkblk at iname.com
Mon Jan 5 20:47:18 CST 2009


Well, it's not "acme.com", but another domain.  That information about the
encoding process of the nonce is helpful to know.

Do I need to specify the context to be "sip.acme.com"?  Where is that
"acme.com" specified in the trunk configuration?

Frank

-----Original Message-----
From: Alex Balashov [mailto:abalashov at evaristesys.com] 
Sent: Monday, January 05, 2009 7:04 PM
To: frnkblk at iname.com; Asterisk Users Mailing List - Non-Commercial
Discussion
Subject: Re: [asterisk-users] Incoming side of SIP trunk does not work
unless I add "insecure=very"

Is sip.acme.com actually the domain you want to use?

Keep in mind the domain is part of the digest authentication process and
is a factor in the encoding of the nonce.

Frank Bulk - iName.com wrote:

> The incoming (Class 5 switch to Asterisk PBX) side of a SIP trunk does not
> work unless I add "insecure=very" to my "Outgoing settings", but I don't
> want to do that.  I do want to authenticate.  Outgoing (Asterisk PBX to
> Class 5 switch) calls do authenticate and work.
>
> The Nortel CS 1500 I'm using as the PSTN-side of my SIP trunk has a
username
> and password that it's sending out.  But the INVITE is responded by the
> Asterisk with "SIP/2.0 403 Forbidden"
>
> I've changed the INVITE message to mask the real telephone numbers, SIP
> server, passwords, and IP addresses, but I did that using search and
replace
> so the structure is intact.
>
> What do I need to configure in the "Incoming Settings" panel for the CS
> 1500's INVITE to my Asterisk server to work?  I've tried all kinds of
> combinations of user,username,authname using +15552027020,host with IP
> and/or DNS name, but nothing appears to work.
>
> Frank
>
> INVITE message from Wireshark packet capture:
>
> INVITE sip:+15552027020 at sip.acme.com SIP/2.0
> From:
>
<sip:5552022441 at 172.16.10.40>;tag=f76c66d0-c7784528-13c4-2dbba4-767e6552-2db
> ba4
> To: <sip:+15552027020 at sip.acme.com>
> Call-ID: f379f62-29173-3895-b14271f5-40802-45378 at 172.16.10.40
> CSeq: 5102 INVITE
> Via: SIP/2.0/UDP 172.16.10.40:5060;branch=z9hG4bK-2dbba4-b2a4fa3a-7cd7598
> User-Agent: Nortel CS1500UA/v02.00.REL01
> Accept: application/sdp
> P-Asserted-Identity: <sip:5552022441 at 172.16.10.40;user=phone>
> Privacy: none
> Remote-Party-ID: <sip:5552022441 at 172.16.10.40;user=phone>; party=calling;
> privacy=off
> Max-Forwards: 70
> Supported: 100rel,replaces
> Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, REFER, PRACK
> Contact: <sip:5552022441 at 172.16.10.40>
> Authorization: Digest
>
username="username",realm="asterisk",nonce="118af2b0",uri="sip:+15552027020@
> sip.acme.com",response="111e63ec2a1f3ebabefe4f7dae4087a1",algorithm=MD5
> Content-Type: application/SDP
> Content-Length: 167
>
> v=0
> o=- 2973921782 2973921782 IN IP4 172.16.10.65
> s=SIP Call
> c=IN IP4 172.16.10.65
> t=0 0
> m=audio 36224 RTP/AVP 0
> a=rtpmap:0 PCMU/8000
> a=ptime:20
> a=sendrecv
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users


--
Alex Balashov
Evariste Systems
Web    : http://www.evaristesys.com/
Tel    : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (678) 237-1775




More information about the asterisk-users mailing list