James Stocks
2012-Aug-18 08:45 UTC
[asterisk-users] Make outgoing calls through BroadWorks/BroadSoft SIP gateway from Asterisk
I've been given a SIP hard phone pre-configured to work with another party's BroadWorks system. I want to use my Asterisk system to connect to this SIP service rather than the handset I've been given. I have extracted the authentication details from the phone and have successfully registered Asterisk with the gateway (incoming calls work fine) using a line like this in sip.conf: register => 441000123123 at auth.realm:password:authuser at nnn.nnn.nnn.nnn/441000123123 Outgoing calls are proving to be more challenging. I have this so far: [441000123123] callerid="My Name" <441000123123> type=peer host=nnn.nnn.nnn.nnn auth=authuser realm=auth.realm fromuser= 441000123123 secret=password insecure=invite context=from-sip nat=yes qualify=no canreinvite=no allow=all The main part I'm confused about is that in most examples I've seen, the username and authname are the same value, whereas in this case we seem to have: A username (the phone number) An auth name (a different value) An auth realm A SIP realm (different value to auth realm) A password A gateway host When I place a call with Dial(SIP/441000123123/somenumber), I get a 403 response from the gateway. Looking at a packet dump, I can see that Asterisk is not attempting to authenticate. On the other hand, REGISTER requests do authenticate successfully - I can see the digest authentication taking place in tcpdump. I have observed successful outgoing calls from the hard phone using tcpdump and I can see the phone using digest like so: Authorization: DIGEST username="authuser", realm="BroadWorks", nonce="BroadWorksASHORTHASH", qop=auth, cnonce="ASHORTHASH", nc=00000001, uri="sip:number at auth.realm:5060;user=phone", response="ALONGERHASH", algorithm=MD5 What is the correct configuration to use - how do I get Asterisk to successfully authenticate outgoing calls? Many thanks, James.
James Stocks
2012-Aug-18 11:23 UTC
[asterisk-users] Make outgoing calls through BroadWorks/BroadSoft SIP gateway from Asterisk
On 18 Aug 2012, at 09:45, James Stocks <stocksy at stocksy.co.uk> wrote:> I've been given a SIP hard phone pre-configured to work with another party's BroadWorks system. I want to use my Asterisk system to connect to this SIP service rather than the handset I've been given. I have extracted the authentication details from the phone and have successfully registered Asterisk with the gateway (incoming calls work fine) using a line like this in sip.conf: > > register => 441000123123 at auth.realm:password:authuser at nnn.nnn.nnn.nnn/441000123123 > > Outgoing calls are proving to be more challenging. I have this so far: > > [441000123123] > callerid="My Name" <441000123123> > type=peer > host=nnn.nnn.nnn.nnn > auth=authuser > realm=auth.realm > fromuser= 441000123123 > secret=password > insecure=invite > context=from-sip > nat=yes > qualify=no > canreinvite=no > allow=all > > The main part I'm confused about is that in most examples I've seen, the username and authname are the same value, whereas in this case we seem to have: > > A username (the phone number) > An auth name (a different value) > An auth realm > A SIP realm (different value to auth realm) > A password > A gateway host > > When I place a call with Dial(SIP/441000123123/somenumber), I get a 403 response from the gateway. Looking at a packet dump, I can see that Asterisk is not attempting to authenticate. On the other hand, REGISTER requests do authenticate successfully - I can see the digest authentication taking place in tcpdump. > > I have observed successful outgoing calls from the hard phone using tcpdump and I can see the phone using digest like so: > > Authorization: DIGEST username="authuser", realm="BroadWorks", nonce="BroadWorksASHORTHASH", qop=auth, cnonce="ASHORTHASH", nc=00000001, uri="sip:number at auth.realm:5060;user=phone", response="ALONGERHASH", algorithm=MD5 > > What is the correct configuration to use - how do I get Asterisk to successfully authenticate outgoing calls?I have answered my own question. The remote host is reachable only by IP address. Setting host=nnn.nnn.nnn.nnn causes Asterisk to send INVITEs to somenumber at nnn.nnn.nnn.nnn instead of some number at sip.domain. This is what was causing the 403 response, it's not necessary to authenticate. I haven't found a way to set the sip domain to be used for outgoing calls, so as a workaround I have inserted 'nnn.nnn.nnn.nnn sip.domain' into my /etc/hosts file. Not elegant, but it works. James.