I've got a new openser config I'm testing with a secondary server (1.1.1
on Centos5), but I'm having a few problems getting some clients, X-lite
3.0 and an ATA from draytek, who are unable to register with the server.
Watching with ngrep on the server and wireshark locally I see the server
and the client communicating, the client sends a register to the server,
the server says 401 Unauthorized and generates a realm and nonce, but
instead of going on with the next step in the register process (adding
one to the Cseq and generating a nonce of its own) the client just
doesn't seem to notice that the 401 was sent (could they possibly be
expecting a 407?) they just keep trying with the first step in the process.
Is this an error in my config (sending a 401 instead of something else)
or a deficiency in the client ( I have a few grandstream phones which
work perfectly)...
Here's a few lines from the ngrep output...
U X.X.X.30:5061 -> X.X.X.17:5061
REGISTER sip:logycs.it SIP/2.0.
Via: SIP/2.0/UDP X.X.X.30:5061;branch=z9hG4bK-Rgr-15494;rport.
From: Test User <sip:testuser@logycs.it>;tag=dio-18539.
To: <sip:testuser@logycs.it>.
Call-ID: lpB-27408(a)X.X.X.30.
CSeq: 100 REGISTER.
Contact: <sip:testuser@X.X.X.30:5061>.
Max-Forwards: 70.
Expires: 600.
User-Agent: DrayTek UA-1.2.1 Vigor2100V series.
Content-Length: 0.
.
#
U X.X.X.17:5061 -> X.X.X.30:5061
SIP/2.0 100 Trying.
Via: SIP/2.0/UDP X.X.X.30:5061;branch=z9hG4bK-Rgr-15494;rport=5061.
From: Test User <sip:testuser@logycs.it>;tag=dio-18539.
To: <sip:testuser@logycs.it>.
Call-ID: lpB-27408(a)X.X.X.30.
CSeq: 100 REGISTER.
Mobilia SIP Server.
Content-Length: 0.
Warning: 392 X.X.X.17:5061 "Noisy feedback tells: pid=11509
req_src_ip=X.X.X.30 req_src_port=5061 in_uri=sip:logycs.it
out_uri=sip:logycs.it via_cnt==1".
.
#
U X.X.X.17:5061 -> X.X.X.30:5061
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP X.X.X.30:5061;branch=z9hG4bK-Rgr-15494;rport=5061.
From: Test User <sip:testuser@logycs.it>;tag=dio-18539.
To: <sip:testuser@logycs.it>;tag=e39f848b5629fc672733e67aefa3e192.f4af.
Call-ID: lpB-27408(a)X.X.X.30.
CSeq: 100 REGISTER.
WWW-Authenticate: Digest realm="logycs.it",
nonce="4666de896a20a47ce567604e015d96a9f7b93027".
Mobilia SIP Server.
Content-Length: 0.
Warning: 392 X.X.X.17:5061 "Noisy feedback tells: pid=11509
req_src_ip=X.X.X.30 req_src_port=5061 in_uri=sip:logycs.it
out_uri=sip:logycs.it via_cnt==1".
The ATA is .30 and has a public IP, as does the Server (.17)
I personally can't see any errors in terms of where the replies are
being sent, but I may be overlooking something quite obvious.
The useful parts of my openser.cfg (I have use domain as 1 in auth,
auth_db, etc, but the registration isn't even getting that far yet).
listen = udp:X.X.X.17:5061
mpath = "/usr/lib/openser/modules"
alias = siptest.logycs.it
children = 8
debug = 6
fork = yes
disable_tcp = no
log_facility = LOG_LOCAL6
log_stderror = no
tcp_children = 4
mhomed = no
server_header = "Mobilia SIP Server"
server_signature = yes
sock_mode = 0600
user_agent_header = "Mobilia SIP Server"
reply_to_via = no
sip_warning = yes
check_via = yes
dns = no
rev_dns = no
syn_branch = yes
disable_core_dump = yes
dns_try_ipv6 = no
dns_use_search_list = yes
route[0]
{
xlog("L_INFO", "New request - M=$rm RURI=$ru F=$fu T=$tu IP=$si
ID=$ci\n");
force_rport();
if(msg:len > max_len)
{
xlog("L_INFO", "Message too big - M=$rm RURI=$ru F=$fu T=$tu IP=$si
ID=$ci\n");
sl_send_reply("513", "Message Too Big");
exit;
}
if (!mf_process_maxfwd_header("10"))
{
xlog("L_INFO", "Too many hops - M=$rm RURI=$ru F=$fu T=$tu IP=$si
ID=$ci\n");
sl_send_reply("483", "Too Many Hops");
exit;
}
if(!is_method("REGISTER"))
{
if(nat_uac_test("3"))
{
record_route(";nat=yes");
}
else
{
record_route();
}
}
if(loose_route())
{
if(!has_totag())
{
xlog("L_INFO", "Initial loose-routing rejected - M=$rm
RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
sl_send_reply("403", "Initial Loose-Routing Rejected");
exit;
}
if(nat_uac_test("19") || search("^Route:.*;nat=yes"))
{
fix_nated_contact();
if(!search("^Content-Length:[ ]*0"))
{
fix_nated_sdp("3");
setflag(6);
}
}
if(is_method("BYE"))
{
setflag(24); # account failed transactions
setflag(25); # account successful transactions
}
# mark as loose-routed for acc
setflag(26);
route(1);
}
if(is_method("REGISTER"))
{
route(2);
}
setflag(24); # account failed transactions
setflag(25); # account successful transactions
if(is_method("INVITE"))
{
route(3);
}
if(is_method("CANCEL") || is_method("ACK"))
{
route(4);
}
route(5);
}
route[2]
{
sl_send_reply("100", "Trying");
if(!www_authorize("", "subscriber"))
{
xlog("L_INFO", "Register authentication failed - M=$rm RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
www_challenge("", "0");
exit;
}
if(!check_to())
{
xlog("L_INFO", "Spoofed To-URI detected - M=$rm RURI=$ru F=$fu T=$tu
IP=$si ID=$ci\n");
sl_send_reply("403", "Spoofed To-URI Detected");
exit;
}
consume_credentials();
if(!search("^Contact:[ ]*\*") && nat_uac_test("19"))
{
fix_nated_register();
setflag(6);
}
if(!save("location"))
{
xlog("L_ERR", "Saving contact failed - M=$rm RURI=$ru F=$fu T=$tu
IP=$si ID=$ci\n");
sl_reply_error();
}
xlog("L_INFO", "Registration successful - M=$rm RURI=$ru F=$fu T=$tu
IP=$si ID=$ci\n");
exit;
}