I've got a new openser config I'm testing with a secondary server (1.1.1 on Centos5), but I'm having a few problems getting some clients, X-lite 3.0 and an ATA from draytek, who are unable to register with the server.
Watching with ngrep on the server and wireshark locally I see the server and the client communicating, the client sends a register to the server, the server says 401 Unauthorized and generates a realm and nonce, but instead of going on with the next step in the register process (adding one to the Cseq and generating a nonce of its own) the client just doesn't seem to notice that the 401 was sent (could they possibly be expecting a 407?) they just keep trying with the first step in the process.
Is this an error in my config (sending a 401 instead of something else) or a deficiency in the client ( I have a few grandstream phones which work perfectly)...
Here's a few lines from the ngrep output...
U X.X.X.30:5061 -> X.X.X.17:5061 REGISTER sip:logycs.it SIP/2.0. Via: SIP/2.0/UDP X.X.X.30:5061;branch=z9hG4bK-Rgr-15494;rport. From: Test User sip:testuser@logycs.it;tag=dio-18539. To: sip:testuser@logycs.it. Call-ID: lpB-27408@X.X.X.30. CSeq: 100 REGISTER. Contact: sip:testuser@X.X.X.30:5061. Max-Forwards: 70. Expires: 600. User-Agent: DrayTek UA-1.2.1 Vigor2100V series. Content-Length: 0. .
# U X.X.X.17:5061 -> X.X.X.30:5061 SIP/2.0 100 Trying. Via: SIP/2.0/UDP X.X.X.30:5061;branch=z9hG4bK-Rgr-15494;rport=5061. From: Test User sip:testuser@logycs.it;tag=dio-18539. To: sip:testuser@logycs.it. Call-ID: lpB-27408@X.X.X.30. CSeq: 100 REGISTER. Mobilia SIP Server. Content-Length: 0. Warning: 392 X.X.X.17:5061 "Noisy feedback tells: pid=11509 req_src_ip=X.X.X.30 req_src_port=5061 in_uri=sip:logycs.it out_uri=sip:logycs.it via_cnt==1". .
# U X.X.X.17:5061 -> X.X.X.30:5061 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP X.X.X.30:5061;branch=z9hG4bK-Rgr-15494;rport=5061. From: Test User sip:testuser@logycs.it;tag=dio-18539. To: sip:testuser@logycs.it;tag=e39f848b5629fc672733e67aefa3e192.f4af. Call-ID: lpB-27408@X.X.X.30. CSeq: 100 REGISTER. WWW-Authenticate: Digest realm="logycs.it", nonce="4666de896a20a47ce567604e015d96a9f7b93027". Mobilia SIP Server. Content-Length: 0. Warning: 392 X.X.X.17:5061 "Noisy feedback tells: pid=11509 req_src_ip=X.X.X.30 req_src_port=5061 in_uri=sip:logycs.it out_uri=sip:logycs.it via_cnt==1".
The ATA is .30 and has a public IP, as does the Server (.17)
I personally can't see any errors in terms of where the replies are being sent, but I may be overlooking something quite obvious.
The useful parts of my openser.cfg (I have use domain as 1 in auth, auth_db, etc, but the registration isn't even getting that far yet).
listen = udp:X.X.X.17:5061 mpath = "/usr/lib/openser/modules" alias = siptest.logycs.it children = 8 debug = 6 fork = yes disable_tcp = no log_facility = LOG_LOCAL6 log_stderror = no tcp_children = 4 mhomed = no server_header = "Mobilia SIP Server" server_signature = yes sock_mode = 0600 user_agent_header = "Mobilia SIP Server" reply_to_via = no sip_warning = yes check_via = yes dns = no rev_dns = no syn_branch = yes disable_core_dump = yes dns_try_ipv6 = no dns_use_search_list = yes
route[0] { xlog("L_INFO", "New request - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); force_rport(); if(msg:len > max_len) { xlog("L_INFO", "Message too big - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); sl_send_reply("513", "Message Too Big"); exit; } if (!mf_process_maxfwd_header("10")) { xlog("L_INFO", "Too many hops - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); sl_send_reply("483", "Too Many Hops"); exit; } if(!is_method("REGISTER")) { if(nat_uac_test("3")) { record_route(";nat=yes"); } else { record_route(); } } if(loose_route()) { if(!has_totag()) { xlog("L_INFO", "Initial loose-routing rejected - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); sl_send_reply("403", "Initial Loose-Routing Rejected"); exit; } if(nat_uac_test("19") || search("^Route:.*;nat=yes")) { fix_nated_contact(); if(!search("^Content-Length:[ ]*0")) { fix_nated_sdp("3"); setflag(6); } } if(is_method("BYE")) { setflag(24); # account failed transactions setflag(25); # account successful transactions } # mark as loose-routed for acc setflag(26); route(1); } if(is_method("REGISTER")) { route(2); } setflag(24); # account failed transactions setflag(25); # account successful transactions if(is_method("INVITE")) { route(3); } if(is_method("CANCEL") || is_method("ACK")) { route(4); }
route(5); }
route[2] { sl_send_reply("100", "Trying"); if(!www_authorize("", "subscriber")) { xlog("L_INFO", "Register authentication failed - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); www_challenge("", "0"); exit; } if(!check_to()) { xlog("L_INFO", "Spoofed To-URI detected - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); sl_send_reply("403", "Spoofed To-URI Detected"); exit; } consume_credentials(); if(!search("^Contact:[ ]**") && nat_uac_test("19")) { fix_nated_register(); setflag(6); } if(!save("location")) { xlog("L_ERR", "Saving contact failed - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); sl_reply_error(); } xlog("L_INFO", "Registration successful - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); exit; }