thr3ads.net - asterisk users - [asterisk-users] Bypassing a Auth on Invite or Forbiden? [Feb 2008]

If this information is useful, please help other people find it:
Share via:

Bryan Cramer

2008-Feb-01 19:47 UTC

[asterisk-users] Bypassing a Auth on Invite or Forbiden?

Hello,

I have 2 asterisk servers that are not working well together.  One is  
acting like a registrar (PBX01) for all my PAP2's and other SIP/IAX  
devices.  And the other is acting like my sip gateway (PBX02) to  
various providers.  They are both on a private network and should be  
trusting each others IP 100%.  But the PBX02 challenges PBX01's  
requests all the time even though insecure=invite is set.   Here are  
the stanzas for each server:

PBX01

[pbx01topbx02]
type=friend
context=incomingDefault
host=10.10.10.2
qualify=600
disallow=all
allow=ulaw
canreinvite=no
insecure=invite
accountcode=pbx02
;TESTS;
;auth=pbx01topbx02 at asterisk
;fromuser=pbx01topbx02
;username=pbx01topbx02
;secret=j48dj7rjd9023jd
sendrpid=yes
trustrpid=yes


PBX02

[pbx01topbx02]
type=friend
host=10.10.10.3
qualify=600
context=dialOutPatternsAll
disallow=all
allow=ulaw
canreinvite=no
insecure=invite
accountcode=pbx01
;TESTS;
;auth=pbx01topbx02 at asterisk
;username=pbx01topbx02
;fromuser=pbx01topbx02
;secret=j48dj7rjd9023jd
sendrpid=yes
trustrpid=yes

Layout

SIPDEV -REGISTERD-> PBX01 -> PBX02 -> PROVIDER

With the above settings above I should be allowed to send calls as I  
like through the 2 boxes, but I can't I get the following messages:

PBX01
     -- Executing [dialIt at macro-dialOut:7]
Dial("IAX2/4161231234-2",
"SIP/pbx01topbx02/16041231234") in new stack
     -- Called pbx01topbx02/16041231234
[Feb  1 11:35:18] NOTICE[13507]: chan_sip.c:11983  
handle_response_invite: Failed to authenticate on INVITE to  
'"4161231234" <sip:4161231234 at
10.10.10.3>;tag=as4a9e0ae9'
     -- SIP/pbx01topbx02-009c31d0 is circuit-busy
   == Everyone is busy/congested at this time (1:0/1/0)

Then on PBX02 I don't get any debug/verbose messages unless I do a  
sip debug then I get:

<--- SIP read from 10.10.10.3:5060 --->
INVITE sip:16041231234 at 10.10.10.2 SIP/2.0
Via: SIP/2.0/UDP 10.10.10.3:5060;branch=z9hG4bK349431bd;rport
From: "4161231234" <sip:4161231234 at 10.10.10.3>;tag=as5c5aac02
To: <sip:16041231234 at 10.10.10.2>
Contact: <sip:4161231234 at 10.10.10.3>
Call-ID: 640b3e0405d977e779db174d78f57d6f at 10.10.10.3
CSeq: 102 INVITE
User-Agent: Asterisk PBX
Max-Forwards: 70
Remote-Party-ID: "4161231234" <sip: 
4161231234 at 10.10.10.3>;privacy=off;screen=yes
Date: Fri, 01 Feb 2008 19:40:13 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Content-Type: application/sdp
Content-Length: 238

v=0
o=root 13479 13479 IN IP4 10.10.10.3
s=session
c=IN IP4 10.10.10.3
t=0 0
m=audio 11026 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
a=ptime:20
a=sendrecv

<------------->
--- (15 headers 12 lines) ---
Sending to 10.10.10.3 : 5060 (NAT)
Using INVITE request as basis request -  
640b3e0405d977e779db174d78f57d6f at 10.10.10.3

<--- Reliably Transmitting (no NAT) to 10.10.10.3:5060 --->
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP  
10.10.10.3:5060;branch=z9hG4bK349431bd;received=10.10.10.3;rport=5060
From: "4161231234" <sip:4161231234 at 10.10.10.3>;tag=as5c5aac02
To: <sip:16041231234 at 10.10.10.2>;tag=as19dfe789
Call-ID: 640b3e0405d977e779db174d78f57d6f at 10.10.10.3
CSeq: 102 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Proxy-Authenticate: Digest algorithm=MD5, realm="asterisk",  
nonce="6d7284c8"
Content-Length: 0

Any insights as to why insecure invite is not taking effect?

Bryan
_________________________________________________________________
Bryan Cramer

PO Box 616
Sechelt BC, V0N 3A0
Web: www.yellowions.com
Tel: 604-773-4580

The information in this email is privileged and confidential. If you  
are not the intended recipient, please notify the sender immediately,  
as any disclosure, copying, distribution or any action taken or  
omitted to be taken in reliance on it, or reference to it, is  
prohibited and potentially unlawful.



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20080201/b77b5916/attachment.htm

Seemingly Similar Threads

Search for more maybe matching threads

asterisk users - Feb 2008 - Bypassing a Auth on Invite or Forbiden?

[asterisk-users] Bypassing a Auth on Invite or Forbiden?

Seemingly Similar Threads

Wisdom of the Ancients