jorgearturo at gmail.com Guest
|
Posted: Mon Jul 06, 2015 1:24 pm Post subject: [asterisk-users] SIP/2.0 401 Unauthorized when calling from |
|
|
Hello everyone,
A few days ago I had a problem with a couple of extensions. I have about 12 Aastra 6731i phones, 6 are at our main office and 6 more on remote branches. We use VPN to communicate to our branches so there's no NAT involved any where.
The problem I had was that I couldn't call from two extensions located at two branch offices. But I could call to them just fine. On any call placed from those phones I got the following error:
SIP/2.0 401 Unauthorized
This is the console output of a call placed from one of those phones:
----------------------------------------------------------------------------------------------------
<--- SIP read from UDP:192.168.96.141:5060 --->
INVITE sip:85004@192.168.10.227:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.96.141:5060;branch=z9hG4bKd4511cd84a4f22669.bbb2635a0516602e8
Max-Forwards: 70
From: "" <sip:85014@192.168.10.227:5060>;tag=5dde10fb77
To: "85004" <sip:85004@192.168.10.227:5060>
Call-ID: 169216acc663493c
CSeq: 28267 INVITE
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, OPTIONS, UPDATE, PRACK, SUBSCRIBE, INFO
Allow-Events: talk, hold, conference, LocalModeStatus
Contact: "" <sip:85014@192.168.96.141:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-1000-8000-00085D2B85C3>"
Supported: gruu, path, timer, 100rel, replaces
User-Agent: Aastra 6731i/2.6.0.1007
Content-Type: application/sdp
Content-Length: 698
v=0
o=MxSIP 0 0 IN IP4 192.168.96.141
s=SIP Call
c=IN IP4 192.168.96.141
t=0 0
m=audio 3000 RTP/AVP 0 18 106 107 113 110 111 112 4 4 98 97 115 96 9 108 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=rtpmap:106 BV16/8000
a=rtpmap:107 BV32/16000
a=rtpmap:113 L16/16000
a=rtpmap:110 PCMU/16000
a=rtpmap:111 PCMA/16000
a=rtpmap:112 L16/8000
a=rtpmap:4 G723/8000
a=rtpmap:4 G723/8000
a=rtpmap:98 G726-16/8000
a=rtpmap:97 G726-24/8000
a=rtpmap:115 G726-32/8000
a=rtpmap:96 G726-40/8000
a=rtpmap:9 G722/8000
a=rtpmap:108 G7221/16000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=silenceSupp:on - - - -
a=fmtp:18 annexb=yes
a=fmtp:101 0-15
a=ptime:30
a=sendrecv
<------------->
--- (14 headers 29 lines) ---
Sending to 192.168.96.141:5060 (no NAT)
Sending to 192.168.96.141:5060 (no NAT)
Using INVITE request as basis request - 169216acc663493c
Found peer '85014' for '85014' from 192.168.96.141:5060
<--- Reliably Transmitting (NAT) to 192.168.96.141:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.96.141:5060;branch=z9hG4bKd4511cd84a4f22669.bbb2635a0516602e8;received=192.168.96.141;rport=5060
From: "" <sip:85014@192.168.10.227:5060>;tag=5dde10fb77
To: "85004" <sip:85004@192.168.10.227:5060>;tag=as52309181
Call-ID: 169216acc663493c
CSeq: 28267 INVITE
Server: Asterisk PBX 11.10.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="03eab1fd"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '169216acc663493c' in 32000 ms (Method: INVITE)
<--- SIP read from UDP:192.168.96.141:5060 --->
ACK sip:85004@192.168.10.227:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.96.141:5060;branch=z9hG4bKd4511cd84a4f22669.bbb2635a0516602e8
Max-Forwards: 70
From: "" <sip:85014@192.168.10.227:5060>;tag=5dde10fb77
To: "85004" <sip:85004@192.168.10.227:5060>;tag=as52309181
Call-ID: 169216acc663493c
CSeq: 28267 ACK
User-Agent: Aastra 6731i/2.6.0.1007
Content-Length: 0
----------------------------------------------------------------------------------------------------
And that just keep repeating and repeating but the call never actually takes place.
The contents of my sip.conf file:
----------------------------------------------------------------------------------------------------
[general]
context=unauthenticated
allowguest=no
srvlookup=no
udpbindaddr=0.0.0.0
tcpenable=no
shrinkcallerid=no
[office-phone](!)
type=peer
context=LocalSets
host=dynamic
nat=force_rport,comedia
dtmfmode=auto
disallow=all
allow=g729
[85004](office-phone)
defaultuser=85004
secret=securepass
callerid="Phone 4" <85004>
[85014](office-phone)
defaultuser=85014
secret=securepass
callerid="Phone 14" <85014>
host=192.168.96.141
transport=udp,tcp
----------------------------------------------------------------------------------------------------
Originally I had not have the defaultuser option on any of the extensions, nor the host and transport on the [85014] one, but the problem was the same with or without those options.
Note that I'm including only two extensions to simplify things up and that the extension with the problem is 85014.
Also, I said there's no NAT involved here but I'm using the option nat=force_rport,comedia as suggested by "Asterisk The Definitive Guide 4th edition". I've also switched that option to nat=no and the result was been the same.
My dialplan is also really simple. extensions.conf file:
----------------------------------------------------------------------------------------------------
[LocalSets]
exten => 85004,1,Dial(SIP/85004)
exten => 85014,1,NoOp()
same => n,System(echo ${CALLERID(all)})
same => n,Dial(SIP/85014)
----------------------------------------------------------------------------------------------------
In the beginning exten 85014 had only the Dial application just like exten 85004 but I added that echo for debugging purposes.
I now know that this issue was caused because those two phones couldn't authenticate correctly. To solve this issue what I did was removing the secret from sip.conf for those to extensions and configuring the phones to register without password. Now it's possible to call from those phones and all is working great. Still, I like having those to extensions without a password.
It doesn't worries me much because on the dialplan those extensions don't have access to the PSTN, but I don't think it's a good practice to have things the way I have. So I would like to know if any of you have an idea on how to solve this issue? As I said all my phones are Aastra 6731i and all where configured the same.
Any idea?
Thanks. |
|