For anyone interested: server_header="Server: Mitel Border GW"
This effectively forges the header to the one from the firmware. There are many other: Aastra 800 OpenCom Aastra 400 MiVoice Office 400 Aastra MX-ONE Forum 5 Telepo Mitel-5000-ICP Mitel Border GW Mitel-3300-ICP
Source: - binwalk -e 6930.st - jffs2-root/fs_1/bin/linemgrSip will be of interest
security through obscurity
Kevin
Am Mi., 7. Nov. 2018 um 15:06 Uhr schrieb Kevin Olbrich ko@sv01.de:
Hi!
I have found the problem. It is indeed desired behaviour! Current FW is 5.1.0. I have now browsed the realease notes from latest to oldest and release 5.0.0 (first for Mitel 6900 series) states, that this phone only works, if registered to Mitel call servers. This remark is only listet there and in no other location. Seems like all who buy this phone are currently out of luck. The phone does not detect a Mitel call server and throws an internal 606 and disables the line until reboot. Source: Page 14 of Mitel 6800/6900 Series SIP Phones 5.0.0 Release Notes
I never had such a case, where a vendor locks his phone to it's own platform. In particular does not communicate this change.
Thanks for your help while debugging this. I have learned a lot during debug.
Kind regards Kevin
Am Di., 6. Nov. 2018 um 23:30 Uhr schrieb Sergiu Pojoga <pojogas@gmail.com
:
Hardly a guess, just experience, lol
You're welcome.
On Tue, Nov 6, 2018 at 5:24 PM Kevin Olbrich ko@sv01.de wrote:
Am Di., 6. Nov. 2018 um 23:09 Uhr schrieb Sergiu Pojoga < pojogas@gmail.com>:
I would assume the phone sends multiple REGISTER requests with same CallID, one or more of which has an expire=0, as a NAT traversal technique trying to discover its public IP at first. May be it doesn't do it very well.
I have checked again and indeed, correct guess!
Since you are using Kamailio for auth/usrloc, sending its REGISTER with
expire=0 would indicate that the Kamailio contact has expired (probably after such a request was received from the phone). Try checking it with 'kamctl ul show'
Correct as well, endpoint is not listed there.
I will check if I can get debug from the phone.
Thank you very much!
Kevin
On Tue, Nov 6, 2018 at 4:57 PM Henning Westerholt hw@kamailio.org wrote:
Am Dienstag, 6. November 2018, 22:50:54 CET schrieb Kevin Olbrich:
Am Di., 6. Nov. 2018 um 22:40 Uhr schrieb Sergiu Pojoga <
pojogas@gmail.com>:
> It's not clear what kamailio/asterisk integration method you are
using.
> Looking at the 2 provided messages - the 2nd one is not a relay of
the 1st
> one.
I might have matched the wrong transaction. I use HEP/HOMER to
observe
communication and Kamailio starts a new flow (=Call-Id) to asterisk
(this
message is no coming from the phone).
> handle authentication/usrloc in Kamailio? > or > using PATH extension?
I do auth + usrloc in Kamailio, no PATH.
Maybe the Kamailio debug would lead me to the problem but verbose
level 3
has too much info.
Hi Kevin,
you could control the time when the specific not-working phone send a REGISTER. Then you can enable the debugging for a few seconds during this time, and then deactivate it again. This should work even on a production server. Debugging it on a test server is of course an even better way.
Best regards,
Henning
-- Henning Westerholt - https://skalatan.de/blog/ Kamailio services - https://skalatan.de/services Kamailio security assessment - https://skalatan.de/de/assessment
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users