[asterisk-users] Incoming side of SIP trunk does not work unless I add "insecure=very"

Frank Bulk frnkblk at iname.com
Mon Jan 5 21:50:51 CST 2009


I tried that before, but I just tried it again.  Unfortunately, the same
thing:

No user '5551236049' in SIP users list

Found peer 'ACME' for '5551236049' from 172.16.10.40:5060

 

[ACME]
host=172.16.10.40
username=username
secret=password
type=friend

 

Frank

 

From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Allan Dib
Sent: Monday, January 05, 2009 9:41 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Incoming side of SIP trunk does not work
unless I add "insecure=very"

 

Try it by IP address instead of hostname as reverse DNS may not be
resolving. e.g. host=123.123.123.123

On Tue, Jan 6, 2009 at 2:25 PM, Frank Bulk <frnkblk at iname.com> wrote:

This is what I have in my configuration now:

[ACME]
host=sip.acme.com
username=username
secret=password
type=friend

I've done a SIP debug before, but I've done it again with the above
configuration:
       No user '5551236049' in SIP users list
       Found peer 'ACME' for '5551236049' from 172.16.10.40:5060
after which "SIP/2.0 401 Unauthorized" is issued after the un-authenticated
INVITE and "SIP/2.0 403 Forbidden" after the authenticated INVITE.

When I add "insecure=very", this is what the SIP debug shows:
       No user '5551236049' in SIP users list
       Found peer 'ACME' for '5551236049' from 172.16.10.40:5060
       Found RTP audio format 0
       Peer audio RTP is at port 172.16.10.65:36272
       Found audio description format PCMU for ID 0
       Capabilities: us - 0xc (ulaw|alaw), peer - audio=0x4
(ulaw)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0x4 (ulaw)
       Non-codec capabilities (dtmf): us - 0x1 (telephone-event), peer -
0x0 (nothing), combined - 0x0 (nothing)
       Peer audio RTP is at port 172.16.10.65:36272
       Looking for +15552127020 in from-sip-external (domain sip.acme.com)
       list_route: hop: <sip:5551236049 at 172.16.10.40
<mailto:sip%3A5551236049 at 172.16.10.40> >

It isn't very clear (to me) from the success how the "insecure=very" helps.

Frank


-----Original Message-----
From: Andres [mailto:andres at telesip.net]
Sent: Monday, January 05, 2009 7:43 PM
To: frnkblk at iname.com; Asterisk Users Mailing List - Non-Commercial
Discussion

Subject: Re: [asterisk-users] Incoming side of SIP trunk does not work
unless I add "insecure=very"

Frank Bulk - iName.com wrote:

>The incoming (Class 5 switch to Asterisk PBX) side of a SIP trunk does not
>work unless I add "insecure=very" to my "Outgoing settings", but I don't
>want to do that.  I do want to authenticate.  Outgoing (Asterisk PBX to
>Class 5 switch) calls do authenticate and work.
>
>The Nortel CS 1500 I'm using as the PSTN-side of my SIP trunk has a
username
>and password that it's sending out.  But the INVITE is responded by the
>Asterisk with "SIP/2.0 403 Forbidden"
>
>I've changed the INVITE message to mask the real telephone numbers, SIP
>server, passwords, and IP addresses, but I did that using search and
replace
>so the structure is intact.
>
>What do I need to configure in the "Incoming Settings" panel for the CS
>1500's INVITE to my Asterisk server to work?  I've tried all kinds of
>combinations of user,username,authname using +15552027020,host with IP
>and/or DNS name, but nothing appears to work.
>
>
>
Do a sip debug on the asterisk console and see if it is actually is
matching one of your sip.conf entries during an invite from the CS1500.
Look for a line that says something like 'Found Peer....bla bla bla'.
If you dont see that line, then you are not even adding the correct
sip.conf entry to match the invite from the CS1500.

Andres
http://www.telesip.net

>Frank
>
>INVITE message from Wireshark packet capture:
>
>INVITE sip:+15552027020 at sip.acme.com
<mailto:sip%3A%2B15552027020 at sip.acme.com>  SIP/2.0
>From:
><sip:5552022441 at 172.16.10.40 <mailto:sip%3A5552022441 at 172.16.10.40>
>;tag=f76c66d0-c7784528-13c4-2dbba4-767e6552-2d
b
>ba4
>To: <sip:+15552027020 at sip.acme.com
<mailto:sip%3A%2B15552027020 at sip.acme.com> >
>Call-ID: f379f62-29173-3895-b14271f5-40802-45378 at 172.16.10.40
>CSeq: 5102 INVITE
>Via: SIP/2.0/UDP 172.16.10.40:5060;branch=z9hG4bK-2dbba4-b2a4fa3a-7cd7598
>User-Agent: Nortel CS1500UA/v02.00.REL01
>Accept: application/sdp
>P-Asserted-Identity: <sip:5552022441 at 172.16.10.40
<mailto:sip%3A5552022441 at 172.16.10.40> ;user=phone>
>Privacy: none
>Remote-Party-ID: <sip:5552022441 at 172.16.10.40
<mailto:sip%3A5552022441 at 172.16.10.40> ;user=phone>; party=calling;
>privacy=off
>Max-Forwards: 70
>Supported: 100rel,replaces
>Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, REFER, PRACK
>Contact: <sip:5552022441 at 172.16.10.40
<mailto:sip%3A5552022441 at 172.16.10.40> >
>Authorization: Digest
>username="username",realm="asterisk",nonce="118af2b0",uri="sip:+15552027020
@
>sip.acme.com",response="111e63ec2a1f3ebabefe4f7dae4087a1",algorithm=MD5
>Content-Type: application/SDP
>Content-Length: 167
>
>v=0
>o=- 2973921782 2973921782 IN IP4 172.16.10.65
>s=SIP Call
>c=IN IP4 172.16.10.65
>t=0 0
>m=audio 36224 RTP/AVP 0
>a=rtpmap:0 PCMU/8000
>a=ptime:20
>a=sendrecv
>
>
>_______________________________________________
>-- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
>asterisk-users mailing list
>To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>



_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users




-- 
Personal Development Without The Silly Stuff: http://AllanDib.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090105/3132a5f2/attachment.htm 


More information about the asterisk-users mailing list