asterisk users - Jan 2020 - Asterisk16 - PJSIP - Error 401 on outbound registration

Le 17/01/2020 à 11:54, Administrator a écrit :
>
> Le 15/01/2020 à 19:24, Administrator a écrit :
>> Hi all,
>>
>> we face a strange behavior while connecting an Asterisk16 instance 
>> with PJSIP to 2 providers: we receive error 401 Unauthorized, both of 
>> them having Kamailio as front-end. With other providers -we don't 
>> know if they run kamailio- registration is just fine.
>>
>> One of the provider took a pcap and told us that expiration was set 
>> to 0 that's why they don't accept the registration. We took a
pcap on
>> our side when SIP packet goes out of our server and we see that the 
>> expiration parameter is setted to 3600 !
>>
>> Asterisk version is Asterisk 16.2.1~dfsg-1+deb10u1 on Debian 10 up to 
>> date. We also installed 16.7 from scratch, same problem. I have to 
>> mention that our test asterisk is also a Debian 10 with Asterisk 
>> stock 16.7 and _does_ register normally against the same provider :(
>>
>> If someone had a clue on this, welcome.
>
> We went a step further: when Asterisk is receiving the 401 
> Unauthorized it doesn't send the Authorization back, insteed it send 
> the Register back with the *same* CSeq which it shoudn't. Pjsip is
>
> pabx16*CLI> pjsip show version
> PJPROJECT version currently running against: 2.8
We removed the debian asterisk deb package and compiled from 16.7.0 
source. Problem stays, still ni CSeq increment. Pjsip is

pabx16*CLI> pjsip show version
PJPROJECT version currently running against: 2.9

Anyone on this ?

-- 
Daniel

On Sat, Jan 18, 2020 at 1:14 PM Administrator <admin at tootai.net> wrote:
>
> Le 17/01/2020 à 11:54, Administrator a écrit :
> >
> > Le 15/01/2020 à 19:24, Administrator a écrit :
> >> Hi all,
> >>
> >> we face a strange behavior while connecting an Asterisk16 instance
> >> with PJSIP to 2 providers: we receive error 401 Unauthorized, both
of
> >> them having Kamailio as front-end. With other providers -we
don't
> >> know if they run kamailio- registration is just fine.
> >>
> >> One of the provider took a pcap and told us that expiration was
set
> >> to 0 that's why they don't accept the registration. We
took a pcap on
> >> our side when SIP packet goes out of our server and we see that
the
> >> expiration parameter is setted to 3600 !
> >>
> >> Asterisk version is Asterisk 16.2.1~dfsg-1+deb10u1 on Debian 10 up
to
> >> date. We also installed 16.7 from scratch, same problem. I have to
> >> mention that our test asterisk is also a Debian 10 with Asterisk
> >> stock 16.7 and _does_ register normally against the same provider
:(
> >>
> >> If someone had a clue on this, welcome.
> >
> > We went a step further: when Asterisk is receiving the 401
> > Unauthorized it doesn't send the Authorization back, insteed it
send
> > the Register back with the *same* CSeq which it shoudn't. Pjsip is
> >
> > pabx16*CLI> pjsip show version
> > PJPROJECT version currently running against: 2.8
>
> We removed the debian asterisk deb package and compiled from 16.7.0
> source. Problem stays, still ni CSeq increment. Pjsip is
>
> pabx16*CLI> pjsip show version
> PJPROJECT version currently running against: 2.9
>
> Anyone on this ?
>
Is the response actually getting to Asterisk? Does it show up in "pjsip set
logger on"? Is the REGISTER a retransmission and thus expected to be the
same?

-- 
Joshua C. Colp
Asterisk Technical Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20200118/f2995648/attachment.html>

Le 19/01/2020 à 00:31, Joshua C. Colp a écrit :
> On Sat, Jan 18, 2020 at 1:14 PM Administrator <admin at tootai.net 
> <mailto:admin at tootai.net>> wrote:
>
>
>     Le 17/01/2020 à 11:54, Administrator a écrit :
>     >
>     > Le 15/01/2020 à 19:24, Administrator a écrit :
>     >> Hi all,
>     >>
>     >> we face a strange behavior while connecting an Asterisk16
instance
>     >> with PJSIP to 2 providers: we receive error 401 Unauthorized,
>     both of
>     >> them having Kamailio as front-end. With other providers -we
don't
>     >> know if they run kamailio- registration is just fine.
>     >>
>     >> One of the provider took a pcap and told us that expiration
was
>     set
>     >> to 0 that's why they don't accept the registration. We
took a
>     pcap on
>     >> our side when SIP packet goes out of our server and we see
that
>     the
>     >> expiration parameter is setted to 3600 !
>     >>
>     >> Asterisk version is Asterisk 16.2.1~dfsg-1+deb10u1 on Debian
10
>     up to
>     >> date. We also installed 16.7 from scratch, same problem. I
have to
>     >> mention that our test asterisk is also a Debian 10 with
Asterisk
>     >> stock 16.7 and _does_ register normally against the same
>     provider :(
>     >>
>     >> If someone had a clue on this, welcome.
>     >
>     > We went a step further: when Asterisk is receiving the 401
>     > Unauthorized it doesn't send the Authorization back, insteed
it
>     send
>     > the Register back with the *same* CSeq which it shoudn't.
Pjsip is
>     >
>     > pabx16*CLI> pjsip show version
>     > PJPROJECT version currently running against: 2.8
>
>     We removed the debian asterisk deb package and compiled from 16.7.0
>     source. Problem stays, still ni CSeq increment. Pjsip is
>
>     pabx16*CLI> pjsip show version
>     PJPROJECT version currently running against: 2.9
>
>     Anyone on this ?
>
>
> Is the response actually getting to Asterisk? Does it show up in 
> "pjsip set logger on"? Is the REGISTER a retransmission and thus 
> expected to be the same?
It become stranger and stranger: on one of the register peer we receive 
in asterisk:

*CLI> [2020-01-19 15:23:18] WARNING[17469]: 
res_pjsip_outbound_registration.c:1021 handle_registration_response: 
Fatal response '401' received from 'sip:<myprovider>' on
registration
attempt to 'sip:<myuser>@<myprovider>', stopping outbound
registration

On the other one:

[2020-01-19 15:23:46] WARNING[17469]: 
res_pjsip_outbound_registration.c:801 schedule_retry: No response 
received from 'sip:<other provider>' on registration attempt to 
'sip:<other user at other provider>', retrying in '60'

*BUT*

IP <other provider IP>.5060 10.1.58.14.64777: UDP, length 497
E...e...6....2N$
.:....  ..RQSIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP <our public 
IP>:5060;rport=64777;branch=z9hG4bKPjdfb1d5d6-efbd-4e43-a932-252cfa0e7a9b
From: <sip:<otheruser at other 
provider>;tag=743c09d7-bdf9-4579-b7be-b087b0f19a46
To: <sip:<other user@<other 
provider>;tag=a4993fce1db28f0d818901aca45fc7e1-39af
Call-ID: fadecc03-31e1-50ef-b686-d1a6b7ea0eda
CSeq: 49518 REGISTER
WWW-Authenticate: Digest realm="<other provider>", 
nonce="XiRnoo5Qbfr8xRP1yNPD+Piy/eKORSub", qop="auth"
Content-Length: 0

So the answer is coming back to the server but not to asterisk. With the 
debian package of asterisk-16 the 401 response was received by asterisk.

We now have 2 problems:

- why asterisk doesn't get the answer of one of the provider

- why when receiving the 401 from the other provider it doesn't then the 
Authorization back

If it matter, server is a VM using ipv4 and ipv6, we have mtu setted to 
1492 and use nft for FW rules.

-- 
Daniel

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20200119/5c0fc860/attachment.html>