Authentication

General Help
1

Hi guys!

I’m guessing that this might be a repeated post as I don’t think I am the only person having problems with this. My appologies if I’m repeating, it happens that when you look for answers sometimes they play hard to get… :wink:

Here is my question. I have an old Freepbx, an asterisk 1.2 in production. I want/NEED to upgrade to a newer version with LTS, so I’m migrating to 1.8. I have a serious problem where my carriers don’t require me to authenticate to them, they accept everything I throw at them from my public IPs. When I configure the trunks to them in asterisk 1.8 I keep getting Authenticate problems like this one:

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP XX.XX.XX.XX:5060;branch=z9hG4bK559e073f
Record-Route: sip:YY.YY.YY.YY;ftag=as5385450f;lr
From: 8888888888 sip:[email protected];tag=as5385450f
To: sip:[email protected]
Call-ID: [email protected]:5060
CSeq: 102 INVITE
Server: Sippy
WWW-Authenticate: Digest realm=“YY.YY.YY.YY”,nonce=“6a55e59332683becfbcb7a10a9af9aa3a9d6”

For months I’ve been looking for help in forums, but haven’t gotten lucky. Setting a user/password on the trunk is not an option as I have MANY other equipments (not Asterisk) hitting those same carriers.

Could anyone shed a light on where to look, please? Here is my trunk config:

CARRIER
allow=g729
host=YY.YY.YY.YY
qualify=yes
type=peer

I have tried many, many SIP options, but don’t really have an inventory of what I’ve done and how I’ve done it. This battle has been going on for months now and my memory fails me to remember all those settings…

I appreciate all the help I can get!

Thanks!!! :wink:

Asterisk version 1.8.7
FreePBX version 2.9.0.12

2

Do you have g.729 CODEC installed?

add the line insecure=port,invite and you should be all set.

You also have to put disallow=all above your allow if you only want g.729.

You also don’t have a context, you don’t need it if not receiving calls on this trunk.

What version FreePBX?

3

don’t register against such trunks you don’t need it, and allow anonymous sip calls from these servers.

4

@dicko

I’m not registering to the carrier, that thing you see up there that I posted is the only configuration I have for that trunk. I still need to configure the outgoing trunk to the carrier and that’s where I have problems… :frowning:

@SkykingOH
I tried adding the fields you mentioned, but it does not seem to work…
This is what I got…

disallow=all
allow=g729
host=psip2.smartisvoip.com
qualify=yes
type=peer
insecure=port,invite

5

You didn’t answer my question on what version of FreePBX?

Also you didn’t answer about g.729 CODEC.

What error is it giving now?

6

Oh, Sorry SkykingOH.

I do have g729 and here are my versions:
Asterisk version 1.8.7
FreePBX version 2.9.0.12

Thanks for the help.

7

Ok good, I just wanted to make sure you are running a FreePBX that supports 1.8

What error are you getting with the insecure line?

Just for grins try type=friend

8

I keep getting unauthorized:

<— SIP read from UDP:206.165.69.152:5060 —>
SIP/2.0 100 trying – your call is important to us
Via: SIP/2.0/UDP XX.XX.XX.XX:5060;branch=z9hG4bK160ed170
From: “8888888888” sip:[email protected];tag=as385b8b3b
To: sip:[email protected]
Call-ID: [email protected]:5060
CSeq: 102 INVITE
Server: Sip EXpress router (0.9.6 (i386/freebsd))
Content-Length: 0

<------------->
— (8 headers 0 lines) —

<— SIP read from UDP:206.165.69.152:5060 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP XX.XX.XX.XX:5060;branch=z9hG4bK160ed170
Record-Route: sip:YY.YY.YY.YY;ftag=as385b8b3b;lr
From: 8888888888 sip:[email protected];tag=as385b8b3b
To: sip:[email protected]
Call-ID: [email protected]:5060
CSeq: 102 INVITE
Server: Sippy
WWW-Authenticate: Digest realm=“YY.YY.YY.YY”,nonce=“fdf1ea8159e5ff87d72cf0390ca2850b029f”

Changing the fype to friend did no godd either…

I keep getting this as well:

[2002-03-21 19:52:49] NOTICE[3635]: chan_sip.c:19661 handle_response_invite: Failed to authenticate on INVITE to '“8888888888” sip:[email protected];tag=as385b8b3b’
Really destroying SIP dialog ‘[email protected]:5060’ Method: INVITE

Thanks!

9

Can you send out the output of SIP show peer trunkname please

10

My server’s name is Berlix. Here is the output:

berlix*CLI> sip show peer Smart_Net_Stns

  • Name : Smart_Net_Stns
    Secret :
    MD5Secret :
    Remote Secret:
    Context : from-trunk-sip-Smart_Net_Stns
    Subscr.Cont. :
    Language :
    AMA flags : Unknown
    Transfer mode: open
    CallingPres : Presentation Allowed, Not Screened
    Callgroup :
    Pickupgroup :
    MOH Suggest :
    Mailbox :
    VM Extension : *97
    LastMsgsSent : 32767/65535
    Call limit : 0
    Max forwards : 0
    Dynamic : No
    Callerid : “” <>
    MaxCallBR : 384 kbps
    Expire : -1
    Insecure : port,invite
    Force rport : No
    ACL : No
    DirectMedACL : No
    T.38 support : No
    T.38 EC mode : Unknown
    T.38 MaxDtgrm: -1
    DirectMedia : Yes
    PromiscRedir : No
    User=Phone : No
    Video Support: No
    Text Support : No
    Ign SDP ver : No
    Trust RPID : No
    Send RPID : No
    Subscriptions: Yes
    Overlap dial : Yes
    DTMFmode : rfc2833
    Timer T1 : 500
    Timer B : 32000
    ToHost :
    Addr->IP : :5060
    Defaddr->IP : (null)
    Prim.Transp. : UDP
    Allowed.Trsp : UDP
    Def. Username:
    SIP Options : (none)
    Codecs : 0x100 (g729)
    Codec Order : (g729:20)
    Auto-Framing : No
    100 on REG : Yes
    Status : OK (54 ms)
    Useragent :
    Reg. Contact :
    Qualify Freq : 60000 ms
    Sess-Timers : Accept
    Sess-Refresh : uas
    Sess-Expires : 1800 secs
    Min-Sess : 90 secs
    RTP Engine : asterisk
    Parkinglot :
    Use Reason : No
    Encryption : No

berlix*CLI>

11

Turn direct media off, Asterisk is trying to invite the call off the box and it is failing authentication (IP based). It took me a couple of passes to find this.

12

…sorry to pop your bubble, but it didn’t help… :(. Here is my 'sip show peer ’ output again…

berlix*CLI> sip show peer Smart_Net_Stns

  • Name : Smart_Net_Stns
    Secret :
    MD5Secret :
    Remote Secret:
    Context : from-trunk-sip-Smart_Net_Stns
    Subscr.Cont. :
    Language :
    AMA flags : Unknown
    Transfer mode: open
    CallingPres : Presentation Allowed, Not Screened
    Callgroup :
    Pickupgroup :
    MOH Suggest :
    Mailbox :
    VM Extension : *97
    LastMsgsSent : 32767/65535
    Call limit : 0
    Max forwards : 0
    Dynamic : No
    Callerid : “” <>
    MaxCallBR : 384 kbps
    Expire : -1
    Insecure : port,invite
    Force rport : No
    ACL : No
    DirectMedACL : No
    T.38 support : No
    T.38 EC mode : Unknown
    T.38 MaxDtgrm: -1
    DirectMedia : No
    PromiscRedir : No
    User=Phone : No
    Video Support: No
    Text Support : No
    Ign SDP ver : No
    Trust RPID : No
    Send RPID : No
    Subscriptions: Yes
    Overlap dial : Yes
    DTMFmode : rfc2833
    Timer T1 : 500
    Timer B : 32000
    ToHost : psip2.smartisvoip.com
    Addr->IP : 206.165.69.152:5060
    Defaddr->IP : (null)
    Prim.Transp. : UDP
    Allowed.Trsp : UDP
    Def. Username:
    SIP Options : (none)
    Codecs : 0x100 (g729)
    Codec Order : (g729:20)
    Auto-Framing : No
    100 on REG : Yes
    Status : OK (93 ms)
    Useragent :
    Reg. Contact :
    Qualify Freq : 60000 ms
    Sess-Timers : Accept
    Sess-Refresh : uas
    Sess-Expires : 1800 secs
    Min-Sess : 90 secs
    RTP Engine : asterisk
    Parkinglot :
    Use Reason : No
    Encryption : No

Thanks again!

13

Anyone have any other suggestion so I can try it out…?

All help is GREATLY appreciated!

Thanks!