GNUbie
2011-May-08 00:59 UTC
[asterisk-users] Unable to REGISTER to the Asterisk v1.8.3.3 server via SIP/TLS
Hello all, I have installed the .deb packages of the Asterisk v1.8.3.3 from the upstream project on my Debian GNU/Linux Squeeze server and bought the Comodo's PossitiveSSL SSL certificate to be used for my SIP/TLS exercise. After setting up everything and trying to fix this problem, I am still getting a 401 Unauthorized SIP message. So as of this writing, I still cannot successfully REGISTER to my Asterisk box. Below are the snippets of my Asterisk and SNOM 300 configurations including the logs for your reference. I hope anyone from this community can help me solve this problem. A HOWTO of a similar scenario will help a lot. Thank you in advance. Regards, GNUbie - - - ASTERISK v1.8.3.3 - - - [ /etc/asterisk/sip.conf ] [general] ... ... tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/pbx.domain.com.pem tlscipher=ALL tlsclientmethod=tlsv1 tlsbindport=5061 externtlsport=5061 externtcpport=5061 tcpbindaddr=0.0.0.0 tcpbindport=5061 tcpenable=yes srvlookup=yes [361] username=361 secret=******* callerid="361-tls"<361> mailbox=361 at family context=family transport=tls port=5061 type=friend host=dynamic dtmfmode=rfc2833 canreinvite=no nat=yes qualify=yes autoframing=yes encryption=yes *CLI> core show version Asterisk 1.8.3.3-1digium1~squeeze built by pbuilder @ nighthawk on a x86_64 running Linux on 2011-04-22 17:50:44 UTC *CLI> sip show settings Global Settings: ---------------- UDP Bindaddress: 0.0.0.0:5060 TCP SIP Bindaddress: 0.0.0.0:5060 TLS SIP Bindaddress: 0.0.0.0:5061 Videosupport: No Textsupport: No Ignore SDP sess. ver.: No AutoCreate Peer: No Match Auth Username: No Allow unknown access: No Allow subscriptions: Yes Allow overlap dialing: Yes Allow promsic. redir: No Enable call counters: No SIP domain support: Yes Realm. auth: No Our auth realm pbx.domain.com Use domains as realms: No Call to non-local dom.: Yes URI user is phone no: No Always auth rejects: Yes Direct RTP setup: No User Agent: "Asterisk rocks!" SDP Session Name: Asterisk PBX 1.8.3.3-1digium1~squeeze SDP Owner Name: root Reg. context: (not set) Regexten on Qualify: No Caller ID: asterisk From: Domain: Record SIP history: Off Call Events: Off Auth. Failure Events: Off T.38 support: No T.38 EC mode: Unknown T.38 MaxDtgrm: -1 SIP realtime: Disabled Qualify Freq : 60000 ms Q.850 Reason header: No Network QoS Settings: --------------------------- IP ToS SIP: CS0 IP ToS RTP audio: CS0 IP ToS RTP video: CS0 IP ToS RTP text: CS0 802.1p CoS SIP: 4 802.1p CoS RTP audio: 5 802.1p CoS RTP video: 6 802.1p CoS RTP text: 5 Jitterbuffer enabled: Yes Jitterbuffer forced: No Jitterbuffer max size: 200 Jitterbuffer resync: 1200 Jitterbuffer impl: fixed Jitterbuffer log: No Network Settings: --------------------------- SIP address remapping: Enabled using externhost Externhost: pbx.domain.com externaddr: 11.22.33.44:0 Externrefresh: 10 Localnet: 192.168.101.0/255.255.255.0 Global Signalling Settings: --------------------------- Codecs: 0x60e (gsm|ulaw|alaw|speex|ilbc) Codec Order: ulaw:20,alaw:20,gsm:20,speex:20,ilbc:30 Relax DTMF: No RFC2833 Compensation: No Symmetric RTP: No Compact SIP headers: No RTP Keepalive: 0 (Disabled) RTP Timeout: 15 RTP Hold Timeout: 0 (Disabled) MWI NOTIFY mime type: application/simple-message-summary DNS SRV lookup: Yes Pedantic SIP support: Yes Reg. min duration 1800 secs Reg. max duration: 3600 secs Reg. default duration: 120 secs Outbound reg. timeout: 20 secs Outbound reg. attempts: 0 Notify ringing state: Yes Include CID: No Notify hold state: No SIP Transfer mode: open Max Call Bitrate: 384 kbps Auto-Framing: No Outb. proxy: <not set> Session Timers: Refuse Session Refresher: uas Session Expires: 1800 secs Session Min-SE: 90 secs Timer T1: 3000 Timer T1 minimum: 100 Timer B: 192000 No premature media: Yes Max forwards: 70 Default Settings: ----------------- Allowed transports: UDP Outbound transport: UDP Context: default Force rport: No DTMF: rfc2833 Qualify: 0 Use ClientCode: No Progress inband: Never Language: MOH Interpret: default MOH Suggest: Voice Mail Extension: asterisk *CLI> sip show peer 361 * Name : 361 Secret : <Set> MD5Secret : <Not set> Remote Secret: <Not set> Context : family Subscr.Cont. : <Not set> Language : AMA flags : Unknown Transfer mode: open CallingPres : Presentation Allowed, Not Screened Callgroup : Pickupgroup : MOH Suggest : Mailbox : 361 at family VM Extension : asterisk LastMsgsSent : 32767/65535 Call limit : 0 Max forwards : 0 Dynamic : Yes Callerid : "361-tls" <361> MaxCallBR : 384 kbps Expire : -1 Insecure : no Force rport : Yes ACL : No DirectMedACL : No T.38 support : No T.38 EC mode : Unknown T.38 MaxDtgrm: -1 DirectMedia : No PromiscRedir : No User=Phone : No Video Support: No Text Support : No Ign SDP ver : No Trust RPID : No Send RPID : No Subscriptions: Yes Overlap dial : Yes DTMFmode : rfc2833 Timer T1 : 3000 Timer B : 192000 ToHost : Addr->IP : (null) Defaddr->IP : (null) Prim.Transp. : TLS Allowed.Trsp : TLS Def. Username: 361 SIP Options : (none) Codecs : 0x60e (gsm|ulaw|alaw|speex|ilbc) Codec Order : (ulaw:20,alaw:20,gsm:20,speex:20,ilbc:30) Auto-Framing : Yes 100 on REG : No Status : UNKNOWN Useragent : Reg. Contact : Qualify Freq : 60000 ms Sess-Timers : Refuse Sess-Refresh : uas Sess-Expires : 1800 secs Min-Sess : 90 secs RTP Engine : asterisk Parkinglot : Use Reason : No Encryption : Yes <--- SIP read from TLS:192.168.101.102:2061 ---> REGISTER sip:pbx.domain.com SIP/2.0 Via: SIP/2.0/TLS 192.168.101.102:2061;branch=z9hG4bK-b6veg4r2tybi;rport From: "361" <sip:361 at pbx.domain.com>;tag=6ulxay5gxm To: "361" <sip:361 at pbx.domain.com> Call-ID: 3c26701f2ede-afeuhg58c60m CSeq: 7 REGISTER Max-Forwards: 70 Contact: <sip:361 at 192.168.101.102:2061;transport=tls>;reg-id=1;q=1.0;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods="INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO" User-Agent: snom300/8.4.31 Allow-Events: dialog X-Real-IP: 192.168.101.102 Supported: path, gruu Expires: 3600 Content-Length: 0 <-------------> --- (14 headers 0 lines) --- Sending to 192.168.101.102:2061 (no NAT) <--- Transmitting (NAT) to 192.168.101.102:2061 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 192.168.101.102:2061;branch=z9hG4bK-b6veg4r2tybi;received=192.168.101.102;rport=2061 From: "361" <sip:361 at pbx.domain.com>;tag=6ulxay5gxm To: "361" <sip:361 at pbx.domain.com>;tag=as16189b66 Call-ID: 3c26701f2ede-afeuhg58c60m CSeq: 7 REGISTER Server: "Asterisk rocks!" Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces WWW-Authenticate: Digest algorithm=MD5, realm="pbx.domain.com", nonce="6408e8c3" Content-Length: 0 <------------> Scheduling destruction of SIP dialog '3c26701f2ede-afeuhg58c60m' in 192000 ms (Method: REGISTER) <--- SIP read from TLS:192.168.101.102:2061 ---> REGISTER sip:pbx.domain.com SIP/2.0 Via: SIP/2.0/TLS 192.168.101.102:2061;branch=z9hG4bK-9cuvn4fglawu;rport From: "361" <sip:361 at pbx.domain.com>;tag=hr7nz4nopk To: "361" <sip:361 at pbx.domain.com> Call-ID: 3c26701f2ede-afeuhg58c60m CSeq: 8 REGISTER Max-Forwards: 70 Contact: <sip:361 at 192.168.101.102:2061;transport=tls>;reg-id=1;q=1.0;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods="INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO" User-Agent: snom300/8.4.31 Allow-Events: dialog X-Real-IP: 192.168.101.102 Supported: path, gruu Expires: 3600 Content-Length: 0 <-------------> --- (14 headers 0 lines) --- Sending to 192.168.101.102:2061 (no NAT) <--- Transmitting (NAT) to 192.168.101.102:2061 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 192.168.101.102:2061;branch=z9hG4bK-9cuvn4fglawu;received=192.168.101.102;rport=2061 From: "361" <sip:361 at pbx.domain.com>;tag=hr7nz4nopk To: "361" <sip:361 at pbx.domain.com>;tag=as6231d59a Call-ID: 3c26701f2ede-afeuhg58c60m CSeq: 8 REGISTER Server: "Asterisk rocks!" Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces WWW-Authenticate: Digest algorithm=MD5, realm="pbx.domain.com", nonce="6ea5895a" Content-Length: 0 <------------> Scheduling destruction of SIP dialog '3c26701f2ede-afeuhg58c60m' in 192000 ms (Method: REGISTER) - - - SNOM 300 - - - [ Setup > Identity 1 > Login ] Displayname: 361 Account: 361 Password: ******** Registrar: pbx.domain.com Outbound Proxy: sips:pbx.domain.com:5061 Authentication Username: 361 - - - [ Setup > Certificates > Server Certificates ] Country: ; State: ; Locality ; Organization: ; Common Name: pbx.domain.com; eMail: Version: 2 Serial Number: 00b6b63eb67ed2111345253c228264d093 Signature Algorithm: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) Signature: 28ce574c9715e1e59dfc90829287ab31fdbf0e0212dc488b106e71ffaaa339610492dc091d440772... Issuer: Country: GB; State: Greater Manchester; Locality Salford; Organization: Comodo CA Limited; Common Name: PositiveSSL CA; eMail: Validity: 27/04/11 - 26/04/12 SHA1-Fingerprint: 38d13c709ab1cc9b434c2f05e927239fe4ae6f19 MD5-Fingerprint: a9b62e186465055f34a04153ad7898de PK Algorithm: 1.2.840.113549.1.1.1 (rsaEncryption) RSA modulus: 00b90412744fd50459d807a04d007a9fd7d667189f1394f11ecd46e8556bd861526eb9be582a2631... RSA exponent: 010001 Filename on FS: f6700ff3f3059f4c629df2bff8678aeacb291ddb.DER - - - [ Status > System Information ] System Information: Phone Type: snom300-SIP MAC-Address: 0004132F08DC IP-Address: 192.168.101.102 Firmware-Version: snom300-SIP 8.4.31 Firmware-URL: http://provisioning.....4.31-SIP-f.bin Production Information: Mac:0004132F08DC;Version:Standard;Hardware:snom300 (H: R2A);Date:15/05/08;Copyright? snom technology AG Uptime: 0 days, 1 hours, 27 minutes LCS: 0 days, 0 hours, 53 minutes (0) Memfree: 772 K CPU: 0.04 0.02 0.03 1/10 96 Bootloader-Version: 1.1.3-u SIP Identity Status: Identity 1 Status: 361 at pbx.domain.com: Network Failure - - - [ Status > SIP Trace ] Sent to tls:11.22.33.44:5061 at 24/12/2001 08:00:32:192 (729 bytes): REGISTER sip:pbx.domain.com SIP/2.0 Via: SIP/2.0/TLS 192.168.101.102:2055;branch=z9hG4bK-9i3rt6llzqd1;rport From: "361" <sip:361 at pbx.domain.com>;tag=hpleutmwxu To: "361" <sip:361 at pbx.domain.com> Call-ID: 3c26701f3456-58is2wtgld05 CSeq: 1 REGISTER Max-Forwards: 70 Contact: <sip:361 at 192.168.101.102:2055;transport=tls>;q=1.0;reg-id=1;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods=" INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO" User-Agent: snom300/8.4.31 Allow-Events: dialog X-Real-IP: 192.168.101.102 Supported: path, gruu Expires: 3600 Content-Length: 0 Sent to tls:11.22.33.44:5061 at 8/5/2011 00:24:03:610 (729 bytes): REGISTER sip:pbx.domain.com SIP/2.0 Via: SIP/2.0/TLS 192.168.101.102:2056;branch=z9hG4bK-lriexp5iqoio;rport From: "361" <sip:361 at pbx.domain.com>;tag=b11o8j7lk4 To: "361" <sip:361 at pbx.domain.com> Call-ID: 3c26701f3456-58is2wtgld05 CSeq: 2 REGISTER Max-Forwards: 70 Contact: <sip:361 at 192.168.101.102:2056;transport=tls>;reg-id=1;q=1.0;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods=" INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO" User-Agent: snom300/8.4.31 Allow-Events: dialog X-Real-IP: 192.168.101.102 Supported: path, gruu Expires: 3600 Content-Length: 0 - - - [ Status > Log ] [0] 24/12/2001 00:00:27: Phone::uboot_version:1.1.3-u [1] 24/12/2001 00:00:29: Conf setup: code: 500, host: 127.0.0.1:80, file: /dummy.htm [0] 24/12/2001 08:00:31: TaskMon: LCS 21/0 recv LPCP took 1271 msecs [0] 24/12/2001 08:00:31: LoopMon: LCS 21 took 1271 (290/0) msecs, read 1, 3/1 tasks [1] 24/12/2001 08:00:32: TLS: Warning: Certificate with subject Country: ; State: ; Locality ; Organization: ; Common Name: pbx.domain.com; eMail: has expired according to the local time of the phone. [0] 24/12/2001 08:00:33: TaskMon: LCS 30/0 recv LPCP took 934 msecs [0] 24/12/2001 08:00:33: LoopMon: LCS 30 took 968 (42/32) msecs, read 1, 3/1 tasks [0] 8/5/2011 00:22:49: TaskMon: LCS 93/0 recv LPCP took 434 msecs [0] 8/5/2011 00:22:49: TaskMon: LCS 94/0 recv LPCP took 461 msecs [0] 8/5/2011 00:22:50: TaskMon: LCS 96/0 recv LPCP took 576 msecs [0] 8/5/2011 00:23:03: TaskMon: LCS 148/0 recv LPCP took 238 msecs [2] 8/5/2011 00:23:03: Transport Error: Pending packet 1000000: generating fake [2] 8/5/2011 00:23:03: Registrar 361 at pbx.domain.com timed out [0] 8/5/2011 00:23:05: TaskMon: LCS 157/0 recv LPCP took 372 msecs [0] 8/5/2011 00:23:05: LoopMon: LCS 157 took 850 (499/478) msecs, read 1, 4/1 tasks [0] 8/5/2011 00:24:04: TaskMon: LCS 359/0 recv LPCP took 872 msecs [0] 8/5/2011 00:24:04: LoopMon: LCS 359 took 872 (306/0) msecs, read 1, 3/1 tasks [2] 8/5/2011 00:24:34: Transport Error: Pending packet 1000002: generating fake [2] 8/5/2011 00:24:34: Registrar 361 at pbx.domain.com timed out [0] 8/5/2011 00:24:48: TaskMon: LCS 508/0 recv LPCP took 443 msecs [0] 8/5/2011 00:24:48: LoopMon: LCS 508 took 444 (16/0) msecs, read 1, 3/1 tasks [0] 8/5/2011 00:24:48: TaskMon: LCS 509/0 recv LPCP took 506 msecs [0] 8/5/2011 00:24:48: LoopMon: LCS 509 took 507 (72/0) msecs, read 1, 4/1 tasks [0] 8/5/2011 00:24:49: TaskMon: LCS 510/0 recv LPCP took 1293 msecs [0] 8/5/2011 00:24:49: LoopMon: LCS 510 took 1337 (500/0) msecs, read 1, 5/1 tasks [0] 8/5/2011 00:25:35: TaskMon: LCS 673/0 recv LPCP took 871 msecs [0] 8/5/2011 00:25:35: LoopMon: LCS 673 took 871 (118/0) msecs, read 1, 3/1 tasks [2] 8/5/2011 00:26:05: Transport Error: Pending packet 1000004: generating fake [2] 8/5/2011 00:26:05: Registrar 361 at pbx.domain.com timed out [0] 8/5/2011 00:27:06: TaskMon: LCS 986/0 recv LPCP took 871 msecs [0] 8/5/2011 00:27:06: LoopMon: LCS 986 took 871 (419/0) msecs, read 1, 3/1 tasks [2] 8/5/2011 00:27:36: Transport Error: Pending packet 1000006: generating fake [2] 8/5/2011 00:27:36: Registrar 361 at pbx.domain.com timed out [0] 8/5/2011 00:28:37: TaskMon: LCS 1296/0 recv LPCP took 869 msecs [0] 8/5/2011 00:28:37: LoopMon: LCS 1296 took 870 (387/0) msecs, read 1, 3/1 tasks [2] 8/5/2011 00:29:07: Transport Error: Pending packet 1000008: generating fake [2] 8/5/2011 00:29:07: Registrar 361 at pbx.domain.com timed out [0] 8/5/2011 00:30:08: TaskMon: LCS 1605/0 recv LPCP took 870 msecs [0] 8/5/2011 00:30:08: LoopMon: LCS 1605 took 871 (458/0) msecs, read 1, 3/1 tasks [2] 8/5/2011 00:30:38: Transport Error: Pending packet 1000010: generating fake [2] 8/5/2011 00:30:38: Registrar 361 at pbx.domain.com timed out [0] 8/5/2011 00:31:39: TaskMon: LCS 1918/0 recv LPCP took 874 msecs [0] 8/5/2011 00:31:39: LoopMon: LCS 1918 took 875 (346/0) msecs, read 1, 3/1 tasks [0] 8/5/2011 00:32:03: TaskMon: LCS 1996/0 recv LPCP took 424 msecs [0] 8/5/2011 00:32:03: LoopMon: LCS 1996 took 430 (24/4) msecs, read 1, 3/1 tasks
Paul Hayes
2011-May-09 18:14 UTC
[asterisk-users] Unable to REGISTER to the Asterisk v1.8.3.3 server via SIP/TLS
Hi, It looks to me that the 401 unauth packets aren't getting back to the phones. Which suggests a network/router/nat issue rather than anything wrong with the asterisk or phone configuration. Cheers, Paul. On 8 May 2011, at 01:59, GNUbie <gnubie at gmail.com> wrote:> Hello all, > > I have installed the .deb packages of the Asterisk v1.8.3.3 from the > upstream project on my Debian GNU/Linux Squeeze server and bought the > Comodo's PossitiveSSL SSL certificate to be used for my SIP/TLS > exercise. After setting up everything and trying to fix this problem, > I am still getting a 401 Unauthorized SIP message. So as of this > writing, I still cannot successfully REGISTER to my Asterisk box. > > Below are the snippets of my Asterisk and SNOM 300 configurations > including the logs for your reference. > > I hope anyone from this community can help me solve this problem. A > HOWTO of a similar scenario will help a lot. > > Thank you in advance. > > Regards, > > GNUbie > > - - - ASTERISK v1.8.3.3 - - - > > [ /etc/asterisk/sip.conf ] > > [general] > ... > ... > tlsenable=yes > tlsbindaddr=0.0.0.0 > tlscertfile=/etc/asterisk/keys/pbx.domain.com.pem > tlscipher=ALL > tlsclientmethod=tlsv1 > tlsbindport=5061 > externtlsport=5061 > externtcpport=5061 > tcpbindaddr=0.0.0.0 > tcpbindport=5061 > tcpenable=yes > srvlookup=yes > > [361] > username=361 > secret=******* > callerid="361-tls"<361> > mailbox=361 at family > context=family > transport=tls > port=5061 > type=friend > host=dynamic > dtmfmode=rfc2833 > canreinvite=no > nat=yes > qualify=yes > autoframing=yes > encryption=yes > > *CLI> core show version > Asterisk 1.8.3.3-1digium1~squeeze built by pbuilder @ nighthawk on a > x86_64 running Linux on 2011-04-22 17:50:44 UTC > > *CLI> sip show settings > > Global Settings: > ---------------- > UDP Bindaddress: 0.0.0.0:5060 > TCP SIP Bindaddress: 0.0.0.0:5060 > TLS SIP Bindaddress: 0.0.0.0:5061 > Videosupport: No > Textsupport: No > Ignore SDP sess. ver.: No > AutoCreate Peer: No > Match Auth Username: No > Allow unknown access: No > Allow subscriptions: Yes > Allow overlap dialing: Yes > Allow promsic. redir: No > Enable call counters: No > SIP domain support: Yes > Realm. auth: No > Our auth realm pbx.domain.com > Use domains as realms: No > Call to non-local dom.: Yes > URI user is phone no: No > Always auth rejects: Yes > Direct RTP setup: No > User Agent: "Asterisk rocks!" > SDP Session Name: Asterisk PBX 1.8.3.3-1digium1~squeeze > SDP Owner Name: root > Reg. context: (not set) > Regexten on Qualify: No > Caller ID: asterisk > From: Domain: > Record SIP history: Off > Call Events: Off > Auth. Failure Events: Off > T.38 support: No > T.38 EC mode: Unknown > T.38 MaxDtgrm: -1 > SIP realtime: Disabled > Qualify Freq : 60000 ms > Q.850 Reason header: No > > Network QoS Settings: > --------------------------- > IP ToS SIP: CS0 > IP ToS RTP audio: CS0 > IP ToS RTP video: CS0 > IP ToS RTP text: CS0 > 802.1p CoS SIP: 4 > 802.1p CoS RTP audio: 5 > 802.1p CoS RTP video: 6 > 802.1p CoS RTP text: 5 > Jitterbuffer enabled: Yes > Jitterbuffer forced: No > Jitterbuffer max size: 200 > Jitterbuffer resync: 1200 > Jitterbuffer impl: fixed > Jitterbuffer log: No > > Network Settings: > --------------------------- > SIP address remapping: Enabled using externhost > Externhost: pbx.domain.com > externaddr: 11.22.33.44:0 > Externrefresh: 10 > Localnet: 192.168.101.0/255.255.255.0 > > Global Signalling Settings: > --------------------------- > Codecs: 0x60e (gsm|ulaw|alaw|speex|ilbc) > Codec Order: ulaw:20,alaw:20,gsm:20,speex:20,ilbc:30 > Relax DTMF: No > RFC2833 Compensation: No > Symmetric RTP: No > Compact SIP headers: No > RTP Keepalive: 0 (Disabled) > RTP Timeout: 15 > RTP Hold Timeout: 0 (Disabled) > MWI NOTIFY mime type: application/simple-message-summary > DNS SRV lookup: Yes > Pedantic SIP support: Yes > Reg. min duration 1800 secs > Reg. max duration: 3600 secs > Reg. default duration: 120 secs > Outbound reg. timeout: 20 secs > Outbound reg. attempts: 0 > Notify ringing state: Yes > Include CID: No > Notify hold state: No > SIP Transfer mode: open > Max Call Bitrate: 384 kbps > Auto-Framing: No > Outb. proxy: <not set> > Session Timers: Refuse > Session Refresher: uas > Session Expires: 1800 secs > Session Min-SE: 90 secs > Timer T1: 3000 > Timer T1 minimum: 100 > Timer B: 192000 > No premature media: Yes > Max forwards: 70 > > Default Settings: > ----------------- > Allowed transports: UDP > Outbound transport: UDP > Context: default > Force rport: No > DTMF: rfc2833 > Qualify: 0 > Use ClientCode: No > Progress inband: Never > Language: > MOH Interpret: default > MOH Suggest: > Voice Mail Extension: asterisk > > *CLI> sip show peer 361 > > * Name : 361 > Secret : <Set> > MD5Secret : <Not set> > Remote Secret: <Not set> > Context : family > Subscr.Cont. : <Not set> > Language : > AMA flags : Unknown > Transfer mode: open > CallingPres : Presentation Allowed, Not Screened > Callgroup : > Pickupgroup : > MOH Suggest : > Mailbox : 361 at family > VM Extension : asterisk > LastMsgsSent : 32767/65535 > Call limit : 0 > Max forwards : 0 > Dynamic : Yes > Callerid : "361-tls" <361> > MaxCallBR : 384 kbps > Expire : -1 > Insecure : no > Force rport : Yes > ACL : No > DirectMedACL : No > T.38 support : No > T.38 EC mode : Unknown > T.38 MaxDtgrm: -1 > DirectMedia : No > PromiscRedir : No > User=Phone : No > Video Support: No > Text Support : No > Ign SDP ver : No > Trust RPID : No > Send RPID : No > Subscriptions: Yes > Overlap dial : Yes > DTMFmode : rfc2833 > Timer T1 : 3000 > Timer B : 192000 > ToHost : > Addr->IP : (null) > Defaddr->IP : (null) > Prim.Transp. : TLS > Allowed.Trsp : TLS > Def. Username: 361 > SIP Options : (none) > Codecs : 0x60e (gsm|ulaw|alaw|speex|ilbc) > Codec Order : (ulaw:20,alaw:20,gsm:20,speex:20,ilbc:30) > Auto-Framing : Yes > 100 on REG : No > Status : UNKNOWN > Useragent : > Reg. Contact : > Qualify Freq : 60000 ms > Sess-Timers : Refuse > Sess-Refresh : uas > Sess-Expires : 1800 secs > Min-Sess : 90 secs > RTP Engine : asterisk > Parkinglot : > Use Reason : No > Encryption : Yes > > > <--- SIP read from TLS:192.168.101.102:2061 ---> > REGISTER sip:pbx.domain.com SIP/2.0 > Via: SIP/2.0/TLS 192.168.101.102:2061;branch=z9hG4bK-b6veg4r2tybi;rport > From: "361" <sip:361 at pbx.domain.com>;tag=6ulxay5gxm > To: "361" <sip:361 at pbx.domain.com> > Call-ID: 3c26701f2ede-afeuhg58c60m > CSeq: 7 REGISTER > Max-Forwards: 70 > Contact: <sip:361 at 192.168.101.102:2061;transport=tls>;reg-id=1;q=1.0;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods="INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO" > User-Agent: snom300/8.4.31 > Allow-Events: dialog > X-Real-IP: 192.168.101.102 > Supported: path, gruu > Expires: 3600 > Content-Length: 0 > > <-------------> > --- (14 headers 0 lines) --- > Sending to 192.168.101.102:2061 (no NAT) > > <--- Transmitting (NAT) to 192.168.101.102:2061 ---> > SIP/2.0 401 Unauthorized > Via: SIP/2.0/TLS > 192.168.101.102:2061;branch=z9hG4bK-b6veg4r2tybi;received=192.168.101.102;rport=2061 > From: "361" <sip:361 at pbx.domain.com>;tag=6ulxay5gxm > To: "361" <sip:361 at pbx.domain.com>;tag=as16189b66 > Call-ID: 3c26701f2ede-afeuhg58c60m > CSeq: 7 REGISTER > Server: "Asterisk rocks!" > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, > INFO, PUBLISH > Supported: replaces > WWW-Authenticate: Digest algorithm=MD5, realm="pbx.domain.com", nonce="6408e8c3" > Content-Length: 0 > > > <------------> > Scheduling destruction of SIP dialog '3c26701f2ede-afeuhg58c60m' in > 192000 ms (Method: REGISTER) > > <--- SIP read from TLS:192.168.101.102:2061 ---> > REGISTER sip:pbx.domain.com SIP/2.0 > Via: SIP/2.0/TLS 192.168.101.102:2061;branch=z9hG4bK-9cuvn4fglawu;rport > From: "361" <sip:361 at pbx.domain.com>;tag=hr7nz4nopk > To: "361" <sip:361 at pbx.domain.com> > Call-ID: 3c26701f2ede-afeuhg58c60m > CSeq: 8 REGISTER > Max-Forwards: 70 > Contact: <sip:361 at 192.168.101.102:2061;transport=tls>;reg-id=1;q=1.0;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods="INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO" > User-Agent: snom300/8.4.31 > Allow-Events: dialog > X-Real-IP: 192.168.101.102 > Supported: path, gruu > Expires: 3600 > Content-Length: 0 > > <-------------> > --- (14 headers 0 lines) --- > Sending to 192.168.101.102:2061 (no NAT) > > <--- Transmitting (NAT) to 192.168.101.102:2061 ---> > SIP/2.0 401 Unauthorized > Via: SIP/2.0/TLS > 192.168.101.102:2061;branch=z9hG4bK-9cuvn4fglawu;received=192.168.101.102;rport=2061 > From: "361" <sip:361 at pbx.domain.com>;tag=hr7nz4nopk > To: "361" <sip:361 at pbx.domain.com>;tag=as6231d59a > Call-ID: 3c26701f2ede-afeuhg58c60m > CSeq: 8 REGISTER > Server: "Asterisk rocks!" > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, > INFO, PUBLISH > Supported: replaces > WWW-Authenticate: Digest algorithm=MD5, realm="pbx.domain.com", nonce="6ea5895a" > Content-Length: 0 > > > <------------> > Scheduling destruction of SIP dialog '3c26701f2ede-afeuhg58c60m' in > 192000 ms (Method: REGISTER) > > - - - SNOM 300 - - - > > [ Setup > Identity 1 > Login ] > > Displayname: 361 > Account: 361 > Password: ******** > Registrar: pbx.domain.com > Outbound Proxy: sips:pbx.domain.com:5061 > Authentication Username: 361 > > - - - > > [ Setup > Certificates > Server Certificates ] > > Country: ; State: ; Locality ; Organization: ; Common Name: > pbx.domain.com; eMail: > Version: 2 > Serial Number: 00b6b63eb67ed2111345253c228264d093 > Signature Algorithm: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) > Signature: 28ce574c9715e1e59dfc90829287ab31fdbf0e0212dc488b106e71ffaaa339610492dc091d440772... > Issuer: Country: GB; State: Greater Manchester; Locality Salford; > Organization: Comodo CA Limited; Common Name: PositiveSSL CA; eMail: > Validity: 27/04/11 - 26/04/12 > SHA1-Fingerprint: 38d13c709ab1cc9b434c2f05e927239fe4ae6f19 > MD5-Fingerprint: a9b62e186465055f34a04153ad7898de > PK Algorithm: 1.2.840.113549.1.1.1 (rsaEncryption) > RSA modulus: 00b90412744fd50459d807a04d007a9fd7d667189f1394f11ecd46e8556bd861526eb9be582a2631... > RSA exponent: 010001 > Filename on FS: f6700ff3f3059f4c629df2bff8678aeacb291ddb.DER > > - - - > > [ Status > System Information ] > > System Information: > Phone Type: snom300-SIP > MAC-Address: 0004132F08DC > IP-Address: 192.168.101.102 > Firmware-Version: snom300-SIP 8.4.31 > Firmware-URL: http://provisioning.....4.31-SIP-f.bin > Production Information: Mac:0004132F08DC;Version:Standard;Hardware:snom300 > (H: R2A);Date:15/05/08;Copyright? snom technology AG > Uptime: 0 days, 1 hours, 27 minutes > LCS: 0 days, 0 hours, 53 minutes (0) > Memfree: 772 K > CPU: 0.04 0.02 0.03 1/10 96 > Bootloader-Version: 1.1.3-u > > SIP Identity Status: > Identity 1 Status: 361 at pbx.domain.com: Network Failure > > - - - > > [ Status > SIP Trace ] > > Sent to tls:11.22.33.44:5061 at 24/12/2001 08:00:32:192 (729 bytes): > REGISTER sip:pbx.domain.com SIP/2.0 > Via: SIP/2.0/TLS 192.168.101.102:2055;branch=z9hG4bK-9i3rt6llzqd1;rport > From: "361" <sip:361 at pbx.domain.com>;tag=hpleutmwxu > To: "361" <sip:361 at pbx.domain.com> > Call-ID: 3c26701f3456-58is2wtgld05 > CSeq: 1 REGISTER > Max-Forwards: 70 > Contact: <sip:361 at 192.168.101.102:2055;transport=tls>;q=1.0;reg-id=1;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods=" > INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO" > User-Agent: snom300/8.4.31 > Allow-Events: dialog > X-Real-IP: 192.168.101.102 > Supported: path, gruu > Expires: 3600 > Content-Length: 0 > Sent to tls:11.22.33.44:5061 at 8/5/2011 00:24:03:610 (729 bytes): > > REGISTER sip:pbx.domain.com SIP/2.0 > Via: SIP/2.0/TLS 192.168.101.102:2056;branch=z9hG4bK-lriexp5iqoio;rport > From: "361" <sip:361 at pbx.domain.com>;tag=b11o8j7lk4 > To: "361" <sip:361 at pbx.domain.com> > Call-ID: 3c26701f3456-58is2wtgld05 > CSeq: 2 REGISTER > Max-Forwards: 70 > Contact: <sip:361 at 192.168.101.102:2056;transport=tls>;reg-id=1;q=1.0;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods=" > INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO" > User-Agent: snom300/8.4.31 > Allow-Events: dialog > X-Real-IP: 192.168.101.102 > Supported: path, gruu > Expires: 3600 > Content-Length: 0 > > - - - > > [ Status > Log ] > > [0] 24/12/2001 00:00:27: Phone::uboot_version:1.1.3-u > [1] 24/12/2001 00:00:29: Conf setup: code: 500, host: 127.0.0.1:80, > file: /dummy.htm > [0] 24/12/2001 08:00:31: TaskMon: LCS 21/0 recv LPCP took 1271 msecs > [0] 24/12/2001 08:00:31: LoopMon: LCS 21 took 1271 (290/0) msecs, read > 1, 3/1 tasks > [1] 24/12/2001 08:00:32: TLS: Warning: Certificate with subject > Country: ; State: ; Locality ; Organization: ; Common Name: > pbx.domain.com; eMail: has expired according to the local time of the > phone. > [0] 24/12/2001 08:00:33: TaskMon: LCS 30/0 recv LPCP took 934 msecs > [0] 24/12/2001 08:00:33: LoopMon: LCS 30 took 968 (42/32) msecs, read > 1, 3/1 tasks > [0] 8/5/2011 00:22:49: TaskMon: LCS 93/0 recv LPCP took 434 msecs > [0] 8/5/2011 00:22:49: TaskMon: LCS 94/0 recv LPCP took 461 msecs > [0] 8/5/2011 00:22:50: TaskMon: LCS 96/0 recv LPCP took 576 msecs > [0] 8/5/2011 00:23:03: TaskMon: LCS 148/0 recv LPCP took 238 msecs > [2] 8/5/2011 00:23:03: Transport Error: Pending packet 1000000: generating fake > [2] 8/5/2011 00:23:03: Registrar 361 at pbx.domain.com timed out > [0] 8/5/2011 00:23:05: TaskMon: LCS 157/0 recv LPCP took 372 msecs > [0] 8/5/2011 00:23:05: LoopMon: LCS 157 took 850 (499/478) msecs, read > 1, 4/1 tasks > [0] 8/5/2011 00:24:04: TaskMon: LCS 359/0 recv LPCP took 872 msecs > [0] 8/5/2011 00:24:04: LoopMon: LCS 359 took 872 (306/0) msecs, read > 1, 3/1 tasks > [2] 8/5/2011 00:24:34: Transport Error: Pending packet 1000002: generating fake > [2] 8/5/2011 00:24:34: Registrar 361 at pbx.domain.com timed out > [0] 8/5/2011 00:24:48: TaskMon: LCS 508/0 recv LPCP took 443 msecs > [0] 8/5/2011 00:24:48: LoopMon: LCS 508 took 444 (16/0) msecs, read 1, 3/1 tasks > [0] 8/5/2011 00:24:48: TaskMon: LCS 509/0 recv LPCP took 506 msecs > [0] 8/5/2011 00:24:48: LoopMon: LCS 509 took 507 (72/0) msecs, read 1, 4/1 tasks > [0] 8/5/2011 00:24:49: TaskMon: LCS 510/0 recv LPCP took 1293 msecs > [0] 8/5/2011 00:24:49: LoopMon: LCS 510 took 1337 (500/0) msecs, read > 1, 5/1 tasks > [0] 8/5/2011 00:25:35: TaskMon: LCS 673/0 recv LPCP took 871 msecs > [0] 8/5/2011 00:25:35: LoopMon: LCS 673 took 871 (118/0) msecs, read > 1, 3/1 tasks > [2] 8/5/2011 00:26:05: Transport Error: Pending packet 1000004: generating fake > [2] 8/5/2011 00:26:05: Registrar 361 at pbx.domain.com timed out > [0] 8/5/2011 00:27:06: TaskMon: LCS 986/0 recv LPCP took 871 msecs > [0] 8/5/2011 00:27:06: LoopMon: LCS 986 took 871 (419/0) msecs, read > 1, 3/1 tasks > [2] 8/5/2011 00:27:36: Transport Error: Pending packet 1000006: generating fake > [2] 8/5/2011 00:27:36: Registrar 361 at pbx.domain.com timed out > [0] 8/5/2011 00:28:37: TaskMon: LCS 1296/0 recv LPCP took 869 msecs > [0] 8/5/2011 00:28:37: LoopMon: LCS 1296 took 870 (387/0) msecs, read > 1, 3/1 tasks > [2] 8/5/2011 00:29:07: Transport Error: Pending packet 1000008: generating fake > [2] 8/5/2011 00:29:07: Registrar 361 at pbx.domain.com timed out > [0] 8/5/2011 00:30:08: TaskMon: LCS 1605/0 recv LPCP took 870 msecs > [0] 8/5/2011 00:30:08: LoopMon: LCS 1605 took 871 (458/0) msecs, read > 1, 3/1 tasks > [2] 8/5/2011 00:30:38: Transport Error: Pending packet 1000010: generating fake > [2] 8/5/2011 00:30:38: Registrar 361 at pbx.domain.com timed out > [0] 8/5/2011 00:31:39: TaskMon: LCS 1918/0 recv LPCP took 874 msecs > [0] 8/5/2011 00:31:39: LoopMon: LCS 1918 took 875 (346/0) msecs, read > 1, 3/1 tasks > [0] 8/5/2011 00:32:03: TaskMon: LCS 1996/0 recv LPCP took 424 msecs > [0] 8/5/2011 00:32:03: LoopMon: LCS 1996 took 430 (24/4) msecs, read > 1, 3/1 tasks > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
GNUbie
2011-May-19 07:19 UTC
[asterisk-users] Unable to REGISTER to the Asterisk v1.8.3.3 server via SIP/TLS
Anyone? Please advice. Thank you. On Sun, May 8, 2011 at 8:59 AM, GNUbie <gnubie at gmail.com> wrote:> Hello all, > > I have installed the .deb packages of the Asterisk v1.8.3.3 from the > upstream project on my Debian GNU/Linux Squeeze server and bought the > Comodo's PossitiveSSL SSL certificate to be used for my SIP/TLS > exercise. After setting up everything and trying to fix this problem, > I am still getting a 401 Unauthorized SIP message. So as of this > writing, I still cannot successfully REGISTER to my Asterisk box. > > Below are the snippets of my Asterisk and SNOM 300 configurations > including the logs for your reference. > > I hope anyone from this community can help me solve this problem. A > HOWTO of a similar scenario will help a lot. > > Thank you in advance. > > Regards, > > GNUbie > > - - - ASTERISK v1.8.3.3 - - - > > [ /etc/asterisk/sip.conf ] > > [general] > ... > ... > tlsenable=yes > tlsbindaddr=0.0.0.0 > tlscertfile=/etc/asterisk/keys/pbx.domain.com.pem > tlscipher=ALL > tlsclientmethod=tlsv1 > tlsbindport=5061 > externtlsport=5061 > externtcpport=5061 > tcpbindaddr=0.0.0.0 > tcpbindport=5061 > tcpenable=yes > srvlookup=yes > > [361] > username=361 > secret=******* > callerid="361-tls"<361> > mailbox=361 at family > context=family > transport=tls > port=5061 > type=friend > host=dynamic > dtmfmode=rfc2833 > canreinvite=no > nat=yes > qualify=yes > autoframing=yes > encryption=yes > > *CLI> core show version > Asterisk 1.8.3.3-1digium1~squeeze built by pbuilder @ nighthawk on a > x86_64 running Linux on 2011-04-22 17:50:44 UTC > > *CLI> sip show settings > > Global Settings: > ---------------- > UDP Bindaddress: 0.0.0.0:5060 > TCP SIP Bindaddress: 0.0.0.0:5060 > TLS SIP Bindaddress: 0.0.0.0:5061 > Videosupport: No > Textsupport: No > Ignore SDP sess. ver.: No > AutoCreate Peer: No > Match Auth Username: No > Allow unknown access: No > Allow subscriptions: Yes > Allow overlap dialing: Yes > Allow promsic. redir: No > Enable call counters: No > SIP domain support: Yes > Realm. auth: No > Our auth realm pbx.domain.com > Use domains as realms: No > Call to non-local dom.: Yes > URI user is phone no: No > Always auth rejects: Yes > Direct RTP setup: No > User Agent: "Asterisk rocks!" > SDP Session Name: Asterisk PBX 1.8.3.3-1digium1~squeeze > SDP Owner Name: root > Reg. context: (not set) > Regexten on Qualify: No > Caller ID: asterisk > From: Domain: > Record SIP history: Off > Call Events: Off > Auth. Failure Events: Off > T.38 support: No > T.38 EC mode: Unknown > T.38 MaxDtgrm: -1 > SIP realtime: Disabled > Qualify Freq : 60000 ms > Q.850 Reason header: No > > Network QoS Settings: > --------------------------- > IP ToS SIP: CS0 > IP ToS RTP audio: CS0 > IP ToS RTP video: CS0 > IP ToS RTP text: CS0 > 802.1p CoS SIP: 4 > 802.1p CoS RTP audio: 5 > 802.1p CoS RTP video: 6 > 802.1p CoS RTP text: 5 > Jitterbuffer enabled: Yes > Jitterbuffer forced: No > Jitterbuffer max size: 200 > Jitterbuffer resync: 1200 > Jitterbuffer impl: fixed > Jitterbuffer log: No > > Network Settings: > --------------------------- > SIP address remapping: Enabled using externhost > Externhost: pbx.domain.com > externaddr: 11.22.33.44:0 > Externrefresh: 10 > Localnet: 192.168.101.0/255.255.255.0 > > Global Signalling Settings: > --------------------------- > Codecs: 0x60e (gsm|ulaw|alaw|speex|ilbc) > Codec Order: ulaw:20,alaw:20,gsm:20,speex:20,ilbc:30 > Relax DTMF: No > RFC2833 Compensation: No > Symmetric RTP: No > Compact SIP headers: No > RTP Keepalive: 0 (Disabled) > RTP Timeout: 15 > RTP Hold Timeout: 0 (Disabled) > MWI NOTIFY mime type: application/simple-message-summary > DNS SRV lookup: Yes > Pedantic SIP support: Yes > Reg. min duration 1800 secs > Reg. max duration: 3600 secs > Reg. default duration: 120 secs > Outbound reg. timeout: 20 secs > Outbound reg. attempts: 0 > Notify ringing state: Yes > Include CID: No > Notify hold state: No > SIP Transfer mode: open > Max Call Bitrate: 384 kbps > Auto-Framing: No > Outb. proxy: <not set> > Session Timers: Refuse > Session Refresher: uas > Session Expires: 1800 secs > Session Min-SE: 90 secs > Timer T1: 3000 > Timer T1 minimum: 100 > Timer B: 192000 > No premature media: Yes > Max forwards: 70 > > Default Settings: > ----------------- > Allowed transports: UDP > Outbound transport: ? ? ?UDP > Context: default > Force rport: No > DTMF: rfc2833 > Qualify: 0 > Use ClientCode: No > Progress inband: Never > Language: > MOH Interpret: default > MOH Suggest: > Voice Mail Extension: asterisk > > *CLI> sip show peer 361 > > * Name : 361 > Secret : <Set> > MD5Secret : <Not set> > Remote Secret: <Not set> > Context : family > Subscr.Cont. : <Not set> > Language : > AMA flags : Unknown > Transfer mode: open > CallingPres : Presentation Allowed, Not Screened > Callgroup : > Pickupgroup : > MOH Suggest : > Mailbox : 361 at family > VM Extension : asterisk > LastMsgsSent : 32767/65535 > Call limit : 0 > Max forwards : 0 > Dynamic : Yes > Callerid : "361-tls" <361> > MaxCallBR : 384 kbps > Expire : -1 > Insecure : no > Force rport : Yes > ACL : No > DirectMedACL : No > T.38 support : No > T.38 EC mode : Unknown > T.38 MaxDtgrm: -1 > DirectMedia : No > PromiscRedir : No > User=Phone : No > Video Support: No > Text Support : No > Ign SDP ver : No > Trust RPID : No > Send RPID : No > Subscriptions: Yes > Overlap dial : Yes > DTMFmode : rfc2833 > Timer T1 : 3000 > Timer B : 192000 > ToHost : > Addr->IP : (null) > Defaddr->IP : (null) > Prim.Transp. : TLS > Allowed.Trsp : TLS > Def. Username: 361 > SIP Options : (none) > Codecs : 0x60e (gsm|ulaw|alaw|speex|ilbc) > Codec Order : (ulaw:20,alaw:20,gsm:20,speex:20,ilbc:30) > Auto-Framing : Yes > 100 on REG : No > Status : UNKNOWN > Useragent : > Reg. Contact : > Qualify Freq : 60000 ms > Sess-Timers : Refuse > Sess-Refresh : uas > Sess-Expires : 1800 secs > Min-Sess : 90 secs > RTP Engine : asterisk > Parkinglot : > Use Reason : No > Encryption : Yes > > > <--- SIP read from TLS:192.168.101.102:2061 ---> > REGISTER sip:pbx.domain.com SIP/2.0 > Via: SIP/2.0/TLS 192.168.101.102:2061;branch=z9hG4bK-b6veg4r2tybi;rport > From: "361" <sip:361 at pbx.domain.com>;tag=6ulxay5gxm > To: "361" <sip:361 at pbx.domain.com> > Call-ID: 3c26701f2ede-afeuhg58c60m > CSeq: 7 REGISTER > Max-Forwards: 70 > Contact: <sip:361 at 192.168.101.102:2061;transport=tls>;reg-id=1;q=1.0;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods="INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO" > User-Agent: snom300/8.4.31 > Allow-Events: dialog > X-Real-IP: 192.168.101.102 > Supported: path, gruu > Expires: 3600 > Content-Length: 0 > > <-------------> > --- (14 headers 0 lines) --- > Sending to 192.168.101.102:2061 (no NAT) > > <--- Transmitting (NAT) to 192.168.101.102:2061 ---> > SIP/2.0 401 Unauthorized > Via: SIP/2.0/TLS > 192.168.101.102:2061;branch=z9hG4bK-b6veg4r2tybi;received=192.168.101.102;rport=2061 > From: "361" <sip:361 at pbx.domain.com>;tag=6ulxay5gxm > To: "361" <sip:361 at pbx.domain.com>;tag=as16189b66 > Call-ID: 3c26701f2ede-afeuhg58c60m > CSeq: 7 REGISTER > Server: "Asterisk rocks!" > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, > INFO, PUBLISH > Supported: replaces > WWW-Authenticate: Digest algorithm=MD5, realm="pbx.domain.com", nonce="6408e8c3" > Content-Length: 0 > > > <------------> > Scheduling destruction of SIP dialog '3c26701f2ede-afeuhg58c60m' in > 192000 ms (Method: REGISTER) > > <--- SIP read from TLS:192.168.101.102:2061 ---> > REGISTER sip:pbx.domain.com SIP/2.0 > Via: SIP/2.0/TLS 192.168.101.102:2061;branch=z9hG4bK-9cuvn4fglawu;rport > From: "361" <sip:361 at pbx.domain.com>;tag=hr7nz4nopk > To: "361" <sip:361 at pbx.domain.com> > Call-ID: 3c26701f2ede-afeuhg58c60m > CSeq: 8 REGISTER > Max-Forwards: 70 > Contact: <sip:361 at 192.168.101.102:2061;transport=tls>;reg-id=1;q=1.0;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods="INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO" > User-Agent: snom300/8.4.31 > Allow-Events: dialog > X-Real-IP: 192.168.101.102 > Supported: path, gruu > Expires: 3600 > Content-Length: 0 > > <-------------> > --- (14 headers 0 lines) --- > Sending to 192.168.101.102:2061 (no NAT) > > <--- Transmitting (NAT) to 192.168.101.102:2061 ---> > SIP/2.0 401 Unauthorized > Via: SIP/2.0/TLS > 192.168.101.102:2061;branch=z9hG4bK-9cuvn4fglawu;received=192.168.101.102;rport=2061 > From: "361" <sip:361 at pbx.domain.com>;tag=hr7nz4nopk > To: "361" <sip:361 at pbx.domain.com>;tag=as6231d59a > Call-ID: 3c26701f2ede-afeuhg58c60m > CSeq: 8 REGISTER > Server: "Asterisk rocks!" > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, > INFO, PUBLISH > Supported: replaces > WWW-Authenticate: Digest algorithm=MD5, realm="pbx.domain.com", nonce="6ea5895a" > Content-Length: 0 > > > <------------> > Scheduling destruction of SIP dialog '3c26701f2ede-afeuhg58c60m' in > 192000 ms (Method: REGISTER) > > - - - SNOM 300 - - - > > [ Setup > Identity 1 > Login ] > > Displayname: 361 > Account: 361 > Password: ******** > Registrar: pbx.domain.com > Outbound Proxy: sips:pbx.domain.com:5061 > Authentication Username: 361 > > - - - > > [ Setup > Certificates > Server Certificates ] > > Country: ; State: ; Locality ; Organization: ; Common Name: > pbx.domain.com; eMail: > Version: ? ? ? ?2 > Serial Number: ?00b6b63eb67ed2111345253c228264d093 > Signature Algorithm: ? ?1.2.840.113549.1.1.5 (sha1WithRSAEncryption) > Signature: ? ? ?28ce574c9715e1e59dfc90829287ab31fdbf0e0212dc488b106e71ffaaa339610492dc091d440772... > Issuer: Country: GB; State: Greater Manchester; Locality Salford; > Organization: Comodo CA Limited; Common Name: PositiveSSL CA; eMail: > Validity: ? ? ? 27/04/11 - 26/04/12 > SHA1-Fingerprint: ? ? ? 38d13c709ab1cc9b434c2f05e927239fe4ae6f19 > MD5-Fingerprint: ? ? ? ?a9b62e186465055f34a04153ad7898de > PK Algorithm: ? 1.2.840.113549.1.1.1 (rsaEncryption) > RSA modulus: ? ?00b90412744fd50459d807a04d007a9fd7d667189f1394f11ecd46e8556bd861526eb9be582a2631... > RSA exponent: ? 010001 > Filename on FS: f6700ff3f3059f4c629df2bff8678aeacb291ddb.DER > > - - - > > [ Status > System Information ] > > System Information: > Phone Type: ? ? snom300-SIP > MAC-Address: ? ?0004132F08DC > IP-Address: ? ? 192.168.101.102 > Firmware-Version: ? ? ? snom300-SIP 8.4.31 > Firmware-URL: ? http://provisioning.....4.31-SIP-f.bin > Production Information: Mac:0004132F08DC;Version:Standard;Hardware:snom300 > (H: R2A);Date:15/05/08;Copyright? snom technology AG > Uptime: 0 days, 1 hours, 27 minutes > LCS: ? ?0 days, 0 hours, 53 minutes (0) > Memfree: ? ? ? ?772 K > CPU: ? ?0.04 0.02 0.03 1/10 96 > Bootloader-Version: ? ? 1.1.3-u > > SIP Identity Status: > Identity 1 Status: ? ? ?361 at pbx.domain.com: Network Failure > > - - - > > [ Status > SIP Trace ] > > Sent to tls:11.22.33.44:5061 at 24/12/2001 08:00:32:192 (729 bytes): > REGISTER sip:pbx.domain.com SIP/2.0 > Via: SIP/2.0/TLS 192.168.101.102:2055;branch=z9hG4bK-9i3rt6llzqd1;rport > From: "361" <sip:361 at pbx.domain.com>;tag=hpleutmwxu > To: "361" <sip:361 at pbx.domain.com> > Call-ID: 3c26701f3456-58is2wtgld05 > CSeq: 1 REGISTER > Max-Forwards: 70 > Contact: <sip:361 at 192.168.101.102:2055;transport=tls>;q=1.0;reg-id=1;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods=" > INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO" > User-Agent: snom300/8.4.31 > Allow-Events: dialog > X-Real-IP: 192.168.101.102 > Supported: path, gruu > Expires: 3600 > Content-Length: 0 > Sent to tls:11.22.33.44:5061 at 8/5/2011 00:24:03:610 (729 bytes): > > REGISTER sip:pbx.domain.com SIP/2.0 > Via: SIP/2.0/TLS 192.168.101.102:2056;branch=z9hG4bK-lriexp5iqoio;rport > From: "361" <sip:361 at pbx.domain.com>;tag=b11o8j7lk4 > To: "361" <sip:361 at pbx.domain.com> > Call-ID: 3c26701f3456-58is2wtgld05 > CSeq: 2 REGISTER > Max-Forwards: 70 > Contact: <sip:361 at 192.168.101.102:2056;transport=tls>;reg-id=1;q=1.0;+sip.instance="<urn:uuid:0a473ab2-1159-4286-9cdb-385c32d8003d>";audio;mobility="fixed";duplex="full";description="snom300";actor="principal";events="dialog";methods=" > INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO" > User-Agent: snom300/8.4.31 > Allow-Events: dialog > X-Real-IP: 192.168.101.102 > Supported: path, gruu > Expires: 3600 > Content-Length: 0 > > - - - > > [ Status > Log ] > > [0] 24/12/2001 00:00:27: Phone::uboot_version:1.1.3-u > [1] 24/12/2001 00:00:29: Conf setup: code: 500, host: 127.0.0.1:80, > file: /dummy.htm > [0] 24/12/2001 08:00:31: TaskMon: LCS 21/0 recv LPCP took 1271 msecs > [0] 24/12/2001 08:00:31: LoopMon: LCS 21 took 1271 (290/0) msecs, read > 1, 3/1 tasks > [1] 24/12/2001 08:00:32: TLS: Warning: Certificate with subject > Country: ; State: ; Locality ; Organization: ; Common Name: > pbx.domain.com; eMail: has expired according to the local time of the > phone. > [0] 24/12/2001 08:00:33: TaskMon: LCS 30/0 recv LPCP took 934 msecs > [0] 24/12/2001 08:00:33: LoopMon: LCS 30 took 968 (42/32) msecs, read > 1, 3/1 tasks > [0] 8/5/2011 00:22:49: TaskMon: LCS 93/0 recv LPCP took 434 msecs > [0] 8/5/2011 00:22:49: TaskMon: LCS 94/0 recv LPCP took 461 msecs > [0] 8/5/2011 00:22:50: TaskMon: LCS 96/0 recv LPCP took 576 msecs > [0] 8/5/2011 00:23:03: TaskMon: LCS 148/0 recv LPCP took 238 msecs > [2] 8/5/2011 00:23:03: Transport Error: Pending packet 1000000: generating fake > [2] 8/5/2011 00:23:03: Registrar 361 at pbx.domain.com timed out > [0] 8/5/2011 00:23:05: TaskMon: LCS 157/0 recv LPCP took 372 msecs > [0] 8/5/2011 00:23:05: LoopMon: LCS 157 took 850 (499/478) msecs, read > 1, 4/1 tasks > [0] 8/5/2011 00:24:04: TaskMon: LCS 359/0 recv LPCP took 872 msecs > [0] 8/5/2011 00:24:04: LoopMon: LCS 359 took 872 (306/0) msecs, read > 1, 3/1 tasks > [2] 8/5/2011 00:24:34: Transport Error: Pending packet 1000002: generating fake > [2] 8/5/2011 00:24:34: Registrar 361 at pbx.domain.com timed out > [0] 8/5/2011 00:24:48: TaskMon: LCS 508/0 recv LPCP took 443 msecs > [0] 8/5/2011 00:24:48: LoopMon: LCS 508 took 444 (16/0) msecs, read 1, 3/1 tasks > [0] 8/5/2011 00:24:48: TaskMon: LCS 509/0 recv LPCP took 506 msecs > [0] 8/5/2011 00:24:48: LoopMon: LCS 509 took 507 (72/0) msecs, read 1, 4/1 tasks > [0] 8/5/2011 00:24:49: TaskMon: LCS 510/0 recv LPCP took 1293 msecs > [0] 8/5/2011 00:24:49: LoopMon: LCS 510 took 1337 (500/0) msecs, read > 1, 5/1 tasks > [0] 8/5/2011 00:25:35: TaskMon: LCS 673/0 recv LPCP took 871 msecs > [0] 8/5/2011 00:25:35: LoopMon: LCS 673 took 871 (118/0) msecs, read > 1, 3/1 tasks > [2] 8/5/2011 00:26:05: Transport Error: Pending packet 1000004: generating fake > [2] 8/5/2011 00:26:05: Registrar 361 at pbx.domain.com timed out > [0] 8/5/2011 00:27:06: TaskMon: LCS 986/0 recv LPCP took 871 msecs > [0] 8/5/2011 00:27:06: LoopMon: LCS 986 took 871 (419/0) msecs, read > 1, 3/1 tasks > [2] 8/5/2011 00:27:36: Transport Error: Pending packet 1000006: generating fake > [2] 8/5/2011 00:27:36: Registrar 361 at pbx.domain.com timed out > [0] 8/5/2011 00:28:37: TaskMon: LCS 1296/0 recv LPCP took 869 msecs > [0] 8/5/2011 00:28:37: LoopMon: LCS 1296 took 870 (387/0) msecs, read > 1, 3/1 tasks > [2] 8/5/2011 00:29:07: Transport Error: Pending packet 1000008: generating fake > [2] 8/5/2011 00:29:07: Registrar 361 at pbx.domain.com timed out > [0] 8/5/2011 00:30:08: TaskMon: LCS 1605/0 recv LPCP took 870 msecs > [0] 8/5/2011 00:30:08: LoopMon: LCS 1605 took 871 (458/0) msecs, read > 1, 3/1 tasks > [2] 8/5/2011 00:30:38: Transport Error: Pending packet 1000010: generating fake > [2] 8/5/2011 00:30:38: Registrar 361 at pbx.domain.com timed out > [0] 8/5/2011 00:31:39: TaskMon: LCS 1918/0 recv LPCP took 874 msecs > [0] 8/5/2011 00:31:39: LoopMon: LCS 1918 took 875 (346/0) msecs, read > 1, 3/1 tasks > [0] 8/5/2011 00:32:03: TaskMon: LCS 1996/0 recv LPCP took 424 msecs > [0] 8/5/2011 00:32:03: LoopMon: LCS 1996 took 430 (24/4) msecs, read > 1, 3/1 tasks
Marcello Ceschia
2011-May-22 18:48 UTC
[asterisk-users] Unable to REGISTER to the Asterisk v1.8.3.3 server via SIP/TLS
see: https://issues.asterisk.org/view.php?id=19182 On May 22, 2011, at 7:00 PM, asterisk-users-request at lists.digium.com wrote:> Date: Sun, 22 May 2011 19:44:21 +0800 > From: GNUbie <gnubie at gmail.com> > Subject: Re: [asterisk-users] Unable to REGISTER to the Asterisk > v1.8.3.3 server via SIP/TLS > To: Asterisk Users Mailing List - Non-Commercial Discussion > <asterisk-users at lists.digium.com> > Message-ID: <BANLkTin9TROuRB4_-g7JHfGYa59YemsW=g at mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Hello, > > On Thu, May 19, 2011 at 3:40 PM, A E [Gmail] <all.eforums at gmail.com> wrote: >> >> That's WAYY too much info for me to go through right now, and I don't know >> anything about TLS registration but what I would ask for is if you have the >> following lines in your sip.conf >> domain=<IP/FQDN of your asterisk server>:<TLS port> >> so in your case add the lines >> domain=pbx.domain.com:5061 >> and then do a "sip reload" >> So far, all problems I've had, have been solved because of this. At the end >> of your sip.conf add those lines and it should fix your problem. > > Thanks, but it didn't worked. :-( > > Any other possible solution for this problem? > > Regards, > > GNUbie