PBXs running:
FreePBX 15.0.23; Sangoma Distro
Asterisk 16.25.2
Hello,
Our PBXs started rejecting calls today from our VoIP Innovations trunks. Upon investigating further, we found that asterisk is filling the logs with this message:
[2022-04-25 13:49:06] ERROR[2605]: res_pjsip_stir_shaken.c:303 stir_shaken_incoming_request: STIR/SHAKEN INVITE for VoIP_Innovations_3 has unsupported ppt ("shaken")
Also, sngrep shows that all invites are getting the Identity with a ppt of “shaken”
Identity: ##REDACTED##;info=<https://t-mobile-sticr.fosrvt.com/a469c800cf6
861da3e6b8527088d880791e28584393b4b3158384aeea497c9.pem>;alg=ES256;ppt="shaken"
Right after receiving the packet, we get a 100 Trying and then the PBX rejects the call with status code 428: Use Supported PASSporT Format:
2022/04/25 14:02:21.468665 ##PBX IP##:5060 -> ##VI IP##:5060
SIP/2.0 428 Use Supported PASSporT Format
Via: SIP/2.0/UDP ##VI IP##:5060;rport=5060;received=##VI IP##;branch=z9hG4bK1sansay800000170rdb8588
Record-Route: <sip:[email protected]##VI IP##:5060;transport=udp;lr>
Call-ID: [email protected]##VI IP##
From: <sip:##Origin TN##@##VI IP##>;tag=sansay800000170rdb8588
To: <sip:##Destination TN##@##PBX IP##>;tag=bf57855d-4c66-4fcf-aba4-32186b3905a5
CSeq: 1 INVITE
Server: FPBX-15.0.23(16.25.2)
Content-Length: 0
The only info we’ve found on code 428 is:
IETF draft-ietf-stir-rfc4474bis introduces the following SIP failure response codes in subclause 6.2.2:
A 428 response will be sent (per Section 6.2) when an Identity header field is required, but no Identity header field without a “ppt” parameter, or with a supported “ppt” value, has been received. In the case where one or more Identity header fields with unsupported “ppt” values have been received, then a verification service may send a 428 with a human-readable reason phrase like “Use Supported PASSporT Format”.
So, it seems as though Asterisk forgot that ppt is supposed to be “shaken” and doesn’t accept the call. Per this page, at least, “ppt … must be shaken.”
Any help will be greatly appreciated 