JR Richardson
2006-Nov-08 13:18 UTC
[asterisk-users] Re: Asterisk and Max TNT PRI to SIP Authentication Issue, a little closer
After mocking up an unauthenticated call from a different device, a spa942 phone, I found something strange in the SIP debug between the phone and the TNT. Asterisk is accepting unauthenticated calls as long as there is not a "user" in the SIP header from the calling device. Invite from the MAX: does not get passed to the dial plan <-- SIP read from 10.10.14.131:5060: INVITE sip:2145551212@10.10.14.121:5060;user=phone SIP/2.0 To: <sip:2145551212@10.10.14.121:5060;user=phone> From: "NO CID NAME" <sip:1239@10.10.14.131:5060;user=phone>;tag=1e82fc7f-1fb33c15-830e0a0a Remote-Party-Id: "NO CID NAME" <sip:1239@10.10.14.131:5060;user=phone>;screen=no;id-type=subscriber;party=calling;privacy=off Call-ID: a09233dd-4a-1fb33c15@10.10.14.131 CSeq: 803597 INVITE Via: SIP/2.0/UDP 10.10.14.131:5060;branch=z9hG4bK007aa1ced4ace55a Max-Forwards: 70 Contact: <sip:1239@10.10.14.131:5060;user=phone> Supported: replaces Content-Type: application/sdp Accept: application/sdp Accept-Encoding: Accept-Language: en User-Agent: Lucent-Universal-Gateway Content-Length: 232 Invite from the phone: gets passed to the dial plan in the [general] context <-- SIP read from 10.10.11.51:5060: INVITE sip:2145551212@10.10.14.121 SIP/2.0 Via: SIP/2.0/UDP 10.10.11.51:5060;branch=z9hG4bK-9fd7c0a9 From: "2001" <sip:2001@10.10.11.50>;tag=59f6242028d88691o0 To: <sip:2145551212@10.10.14.121> Call-ID: ec4c728c-9f2aab15@10.10.11.51 CSeq: 101 INVITE Max-Forwards: 70 Contact: "2001" <sip:1001@10.10.11.51:5060> Expires: 240 User-Agent: Linksys/SPA942-4.1.12(a) Content-Length: 391 Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER Content-Type: application/sdp The invite string from the TNT: INVITE sip:2145551212@10.10.14.121:5060;user=phone SIP/2.0 The invite string from the phone: INVITE sip:2145551212@10.10.14.121 SIP/2.0 It appears that if a user= field is in the invite message, Asterisk looks for a user context and requires authentication. So the insecure=port,invite option should also include an insecure=user option to disregard any user info in the invite. Is there is another mechanism in Asterisk to disregard any user info from an invite? Thanks. JR -- JR Richardson Engineering for the Masses
Andres
2006-Nov-09 15:06 UTC
[asterisk-users] Re: Asterisk and Max TNT PRI to SIP Authentication Issue, a little closer
Can you try a sip.conf entry with the port= parameter as well. For example: [lucent] type=friend host=<ip of lucent box> port=5060 insecure=port,invite context=default Your INVITE header is including the port, and maybe Asterisk is having trouble matching the sip.conf entry.> > > So the insecure=port,invite option should also include an > insecure=user option to disregard any user info in the invite. Is > there is another mechanism in Asterisk to disregard any user info from > an invite? > > Thanks. > > JR-- Andres Technical Support http://www.telesip.net