Remote extension fails to authenticate--SOLVED

2010/9/27 update

I knew this was going to hurt when I found it …

The problem turns out to be a difference between what you can use in FreePBX/Asterisk and the older version of Asterisk we had running:

FreePBX only allows you to use the extension number as the UserID / Authorization name [in Bria terms]. The older Asterisk we were using allowed text for UserID / Authorization name. Once I changed both fields to the extension number, everything went fine.

Hi,

I’ve got an odd problem here - a failure to authenticate on 1.4.24 from a Bria (Counterpath) softphone, even though I’m able to operate on 1.4.5 fine (we have two * servers, and are trying to migrate to the newer version).

Local LAN at head office: 172.27.1.0/24. New * server is .239
Local PC at remote location: 10.135.135.8

Connecting them is an IPSec VPN tunnel. I know this works fine, because it’s been installed for literally years. I can get to the old * server fine, too (172.27.1.249), and register on it. Unless I’m downloading files from the Internet, the IP phone operation is just fine - I have local headoffice (Ontario 705) dialtone from Victoria, BC (250). Also, if I use PPtP to connect to the 172.27.1.0/24 network, the behaviour doesn’t change.

After reading forum postings, and thinking that * was looking at my PC’s IP address and not allowing registration because it wasn’t part of the LAN that * is participating in, I put the following into sip_nat.conf:
localnet=10.0.0.0/255.0.0.0
Didn’t make any difference.

I’ve tried to minimize complexity in setting up the extension, so I’ve used ‘derek’ for all of the Display Name, SIP Alias, and Secret parameters in the extension setup web page. The rest of the parameters are set the same as the ones for the (working) extensions (that use the Polycom IP phones).

Here is the sip_additional entry for my remote (extension 23)

[23]
deny=0.0.0.0/0.0.0.0
type=friend
secret=derek
qualify=yes
port=5060
pickupgroup=
permit=0.0.0.0/0.0.0.0
nat=no
[email protected]
host=dynamic
dtmfmode=rfc2833
dial=SIP/23
context=from-internal
canreinvite=no
callgroup=
callerid=device <23>
accountcode=
call-limit=50

Here’s an asterisk trace of a failure to authenticate:

[[email protected] tmp]# cat traceasteriskfail02
<— SIP read from 10.135.135.8:1974 —>
REGISTER sip:172.27.1.239 SIP/2.0
Via: SIP/2.0/UDP 10.135.135.8:1974;branch=z9hG4bK-d8754z-ab946281f7258714-1—d8754z-;rport
Max-Forwards: 70
Contact: sip:[email protected]:1974;rinstance=407b8a218a93e199
To: "derek"sip:[email protected]
From: "derek"sip:[email protected];tag=ba39bca3
Call-ID: Mzg3ZmVlYWEyMTQwNGUzODM4YzFlOTg3ZmIzYTJmNjM.
CSeq: 1 REGISTER
Expires: 3600
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
User-Agent: Bria 3 release 3.1.2 stamp 58754
Content-Length: 0

<------------->
— (12 headers 0 lines) —
Using latest REGISTER request as basis request
Sending to 10.135.135.8 : 1974 (NAT)

<— Transmitting (NAT) to 10.135.135.8:1974 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.135.135.8:1974;branch=z9hG4bK-d8754z-ab946281f7258714-1—d8754z-;received=10.135.135.8;rport=1974
From: "derek"sip:[email protected];tag=ba39bca3
To: "derek"sip:[email protected];tag=as26361b01
Call-ID: Mzg3ZmVlYWEyMTQwNGUzODM4YzFlOTg3ZmIzYTJmNjM.
CSeq: 1 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="43f88ab8"
Content-Length: 0

<------------>
Scheduling destruction of SIP dialog ‘Mzg3ZmVlYWEyMTQwNGUzODM4YzFlOTg3ZmIzYTJmNjM.’ in 32000 ms (Method: REGISTER)
asterisk2*CLI>
<— SIP read from 10.135.135.8:1974 —>
REGISTER sip:172.27.1.239 SIP/2.0
Via: SIP/2.0/UDP 10.135.135.8:1974;branch=z9hG4bK-d8754z-8c09ce0bec6751c2-1—d8754z-;rport
Max-Forwards: 70
Contact: sip:[email protected]:1974;rinstance=407b8a218a93e199
To: "derek"sip:[email protected]
From: "derek"sip:[email protected];tag=ba39bca3
Call-ID: Mzg3ZmVlYWEyMTQwNGUzODM4YzFlOTg3ZmIzYTJmNjM.
CSeq: 2 REGISTER
Expires: 3600
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
User-Agent: Bria 3 release 3.1.2 stamp 58754
Authorization: Digest username=“derek”,realm=“asterisk”,nonce=“43f88ab8”,uri=“sip:172.27.1.239”,response=“694fdd482dc11e7898b11145042342f7”,algorithm=MD5
Content-Length: 0

<------------->
— (13 headers 0 lines) —
Using latest REGISTER request as basis request
Sending to 10.135.135.8 : 1974 (NAT)

<— Transmitting (NAT) to 10.135.135.8:1974 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.135.135.8:1974;branch=z9hG4bK-d8754z-8c09ce0bec6751c2-1—d8754z-;received=10.135.135.8;rport=1974
From: "derek"sip:[email protected];tag=ba39bca3
To: "derek"sip:[email protected];tag=as26361b01
Call-ID: Mzg3ZmVlYWEyMTQwNGUzODM4YzFlOTg3ZmIzYTJmNjM.
CSeq: 2 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="68bcbe3b"
Content-Length: 0

<------------>
Scheduling destruction of SIP dialog ‘Mzg3ZmVlYWEyMTQwNGUzODM4YzFlOTg3ZmIzYTJmNjM.’ in 32000 ms (Method: REGISTER)
asterisk2*CLI>
<— SIP read from 10.135.135.8:1974 —>
REGISTER sip:172.27.1.239 SIP/2.0
Via: SIP/2.0/UDP 10.135.135.8:1974;branch=z9hG4bK-d8754z-915e0af162ee7003-1—d8754z-;rport
Max-Forwards: 70
Contact: sip:[email protected]:1974;rinstance=407b8a218a93e199
To: "derek"sip:[email protected]
From: "derek"sip:[email protected];tag=ba39bca3
Call-ID: Mzg3ZmVlYWEyMTQwNGUzODM4YzFlOTg3ZmIzYTJmNjM.
CSeq: 3 REGISTER
Expires: 3600
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
User-Agent: Bria 3 release 3.1.2 stamp 58754
Authorization: Digest username=“derek”,realm=“asterisk”,nonce=“68bcbe3b”,uri=“sip:172.27.1.239”,response=“0b73c12f1c33e9ae409683c3a1c6a7eb”,algorithm=MD5
Content-Length: 0

<------------->
— (13 headers 0 lines) —
Using latest REGISTER request as basis request
Sending to 10.135.135.8 : 1974 (NAT)

<— Transmitting (NAT) to 10.135.135.8:1974 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.135.135.8:1974;branch=z9hG4bK-d8754z-915e0af162ee7003-1—d8754z-;received=10.135.135.8;rport=1974
From: "derek"sip:[email protected];tag=ba39bca3
To: "derek"sip:[email protected];tag=as26361b01
Call-ID: Mzg3ZmVlYWEyMTQwNGUzODM4YzFlOTg3ZmIzYTJmNjM.
CSeq: 3 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="71ee7a7f"
Content-Length: 0

<------------>

Any insights ? things to try ?

Thanks in advance…