[asterisk-users] Make outgoing calls through BroadWorks/BroadSoft SIP gateway from Asterisk

Sat Aug 18 06:23:09 CDT 2012

On 18 Aug 2012, at 09:45, James Stocks <stocksy at stocksy.co.uk> wrote:

> I've been given a SIP hard phone pre-configured to work with another party's BroadWorks system.  I want to use my Asterisk system to connect to this SIP service rather than the handset I've been given.  I have extracted the authentication details from the phone and have successfully registered Asterisk with the gateway (incoming calls work fine) using a line like this in sip.conf:
> 
> register => 441000123123 at auth.realm:password:authuser at nnn.nnn.nnn.nnn/441000123123
> 
> Outgoing calls are proving to be more challenging.  I have this so far:
> 
> [441000123123]
> callerid="My Name" <441000123123>
> type=peer
> host=nnn.nnn.nnn.nnn
> auth=authuser
> realm=auth.realm
> fromuser= 441000123123
> secret=password
> insecure=invite
> context=from-sip
> nat=yes
> qualify=no
> canreinvite=no
> allow=all
> 
> The main part I'm confused about is that in most examples I've seen, the username and authname are the same value, whereas in this case we seem to have:
> 
> A username (the phone number)
> An auth name (a different value)
> An auth realm
> A SIP realm (different value to auth realm)
> A password
> A gateway host
> 
> When I place a call with Dial(SIP/441000123123/somenumber), I get a 403 response from the gateway.  Looking at a packet dump, I can see that Asterisk is not attempting to authenticate.  On the other hand, REGISTER requests do authenticate successfully - I can see the digest authentication taking place in tcpdump.
> 
> I have observed successful outgoing calls from the hard phone using tcpdump and I can see the phone using digest like so:
> 
> Authorization: DIGEST username="authuser", realm="BroadWorks", nonce="BroadWorksASHORTHASH", qop=auth, cnonce="ASHORTHASH", nc=00000001, uri="sip:number at auth.realm:5060;user=phone", response="ALONGERHASH", algorithm=MD5 
> 
> What is the correct configuration to use - how do I get Asterisk to successfully authenticate outgoing calls?

I have answered my own question.

The remote host is reachable only by IP address.  Setting host=nnn.nnn.nnn.nnn causes Asterisk to send INVITEs to somenumber at nnn.nnn.nnn.nnn instead of some number at sip.domain.  This is what was causing the 403 response, it's not necessary to authenticate.

I haven't found a way to set the sip domain to be used for outgoing calls, so as a workaround I have inserted 'nnn.nnn.nnn.nnn sip.domain' into my /etc/hosts file.  Not elegant, but it works.

James.