16 Jul
2015
16 Jul
'15
2:42 a.m.
Hi, I've been following this integration tutorial
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
and have a successful registration and I can even make calls through my
asterisk box.
However what is unusual to me is that every time a phone registers with
Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies
with 401 Unauthorized. Oddly enough the phone registers and can still make
calls. What worries me is that as we scale to 100's of cps, this seemingly
erroneous message may slow down Asterisk because it's trying to handle
authentication for users which have already been authenticated by Kamailio.
If this behavior is expected, then that would be good to know as well.
This is the sip debug from ASTERISK (I have replaced IP's with the names of
the servers):
<--- SIP read from TCP:kamailio:41205 --->
REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0
Via: SIP/2.0/TCP
kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0
To: <sip:40081@asteriskIP>
From: <sip:40081@asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
CSeq: 10 REGISTER
Call-ID: 0005ce130bcee5c4-26538@kamailio
Max-Forwards: 70
Content-Length: 0
User-Agent: kamailio (4.3.0 (x86_64/linux))
Contact: <sip:40081@kamailio:5060>
Expires: 3600
<------------->
--- (11 headers 0 lines) ---
Sending to kamailio:5060 (no NAT)
Sending to kamailio:5060 (no NAT)
<--- Transmitting (no NAT) to kamailio:5060 --->
SIP/2.0 401 Unauthorized
Via:
SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received=
kamailio
From: <sip:40081@asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
To: <sip:40081@asteriskIP>;tag=as404bac9a
Call-ID: 0005ce130bcee5c4-26538@ kamailio
CSeq: 10 REGISTER
Server: Asterisk PBX 11.6-cert2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="262b338e"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in
32000 ms (Method: REGISTER)
Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in
32000 ms (Method: REGISTER)
Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio' Method:
REGISTER
=========================
sip.conf for kamailio trunk:
[kamailio-inbound]
type=friend
dtmfmode=auto
host=kamailioIP
allow=all
context=sipout
insecure=port,invite
canreinvite=no
========================
Asterisk version: 11.6-cert2
Kamailio version: 4.3
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
16 Jul
16 Jul
12:03 p.m.
New subject: Kamailio & Asterisk SIP Registration Forwarding - Asterisk replies 401 Unauthorized
On Wednesday 15 July 2015 16:42:31 Ben Fitzgerald wrote:
Hi, I've been following this integration tutorial
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
and have a successful registration and I can even make calls through my
asterisk box.
However what is unusual to me is that every time a phone registers with
Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies
with 401 Unauthorized. Oddly enough the phone registers and can still make
calls. What worries me is that as we scale to 100's of cps, this seemingly
erroneous message may slow down Asterisk because it's trying to handle
authentication for users which have already been authenticated by Kamailio.
If this behavior is expected, then that would be good to know as well.
[...]
=========================
sip.conf for kamailio trunk:
[kamailio-inbound]
type=friend
dtmfmode=auto
host=kamailioIP
allow=all
context=sipout
insecure=port,invite
canreinvite=no
Asterisk is a bit strange in figuring out which peer to use, this peer
definition is not used in the way you think, see default sip.conf:
;------- Naming devices ------------------------------------------------------
;
; When naming devices, make sure you understand how Asterisk matches calls
; that come in.
; 1. Asterisk checks the SIP From: address username and matches against
; names of devices with type=user
; The name is the text between square brackets [name]
; 2. Asterisk checks the From: addres and matches the list of devices
; with a type=peer
; 3. Asterisk checks the IP address (and port number) that the INVITE
; was sent from and matches against any devices with type=peer
;
; Don't mix extensions with the names of the devices. Devices need a unique
; name. The device name is *not* used as phone numbers. Phone numbers are
; anything you declare as an extension in the dialplan (extensions.conf).
;
; When setting up trunks, make sure there's no risk that any From: username
; (caller ID) will match any of your device names, because then Asterisk
; might match the wrong device.
;
You need to make sure the secret for users is empty in the view asterisk has
on the usertable shared with kamailio.
It is explained with a bright yellow explamation mark on the kb url:
sipusers is the standard table required by Asterisk to store SIP user profile,
with one extra column sippasswd where will be stored the password for SIP
authentication. By default, Asterisk uses the column secret for SIP user
password, but if that is filled in, Asterisk will ask for authentication
again, resulting in double-authentication which we want to avoid.
sipregs is used to store SIP registrations. Registrations can be stored in
sipusers tables as well, in case you do not want a separate table. Just omit
the appropriate entry in /etc/asterisk/extconfig.conf.
1:40 p.m.
You could remove secret= on extensiones to check if its related to
authentication or not
You must not request authentication to kamailio in order to work properly
in front of Asterisk
As Daniel mention check if Kamailio peer is created and extensiones have no
secret.. you would need to add alternate sippasswd table for kamailio
authentication
BR
2015-07-16 1:42 GMT+02:00 Ben Fitzgerald <ben(a)letscorp.us>us>:
Hi, I've been following this integration tutorial
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
and have a successful registration and I can even make calls through my
asterisk box.
However what is unusual to me is that every time a phone registers with
Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies
with 401 Unauthorized. Oddly enough the phone registers and can still make
calls. What worries me is that as we scale to 100's of cps, this seemingly
erroneous message may slow down Asterisk because it's trying to handle
authentication for users which have already been authenticated by Kamailio.
If this behavior is expected, then that would be good to know as well.
This is the sip debug from ASTERISK (I have replaced IP's with the names
of the servers):
<--- SIP read from TCP:kamailio:41205 --->
REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0
Via: SIP/2.0/TCP
kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0
To: <sip:40081@asteriskIP>
From: <sip:40081@asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
CSeq: 10 REGISTER
Call-ID: 0005ce130bcee5c4-26538@kamailio
Max-Forwards: 70
Content-Length: 0
User-Agent: kamailio (4.3.0 (x86_64/linux))
Contact: <sip:40081@kamailio:5060>
Expires: 3600
<------------->
--- (11 headers 0 lines) ---
Sending to kamailio:5060 (no NAT)
Sending to kamailio:5060 (no NAT)
<--- Transmitting (no NAT) to kamailio:5060 --->
SIP/2.0 401 Unauthorized
Via:
SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received=
kamailio
From: <sip:40081@asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
To: <sip:40081@asteriskIP>;tag=as404bac9a
Call-ID: 0005ce130bcee5c4-26538@ kamailio
CSeq: 10 REGISTER
Server: Asterisk PBX 11.6-cert2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="262b338e"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
in 32000 ms (Method: REGISTER)
Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
in 32000 ms (Method: REGISTER)
Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio' Method:
REGISTER
=========================
sip.conf for kamailio trunk:
[kamailio-inbound]
type=friend
dtmfmode=auto
host=kamailioIP
allow=all
context=sipout
insecure=port,invite
canreinvite=no
========================
Asterisk version: 11.6-cert2
Kamailio version: 4.3
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
8:31 p.m.
Thanks for your response.
I did read the section about the secret in the kb url. I followed the
example and inserted the test users on tFe url (101, 102, 103) and they
have secret set to NULL. I have tried both secret=NULL and secret="" and
Asterisk still asks for authentication. Also when I do "sip show peers" I
get:
Name/username Host Dyn
Forcerport ACL Port Status Description
Realtime
kamailio-inbound kamailioIP a
5060 Unmonitored
I added qualify=yes and now:
Name/username Host Dyn
Forcerport ACL Port Status Description
Realtime
kamailio-inbound kamailioIP a
5060 UNREACHABLE
Could this be the issue? I have verified that Kamailio receives the
responses by doing ngrep and I can see the SIP 401 from Asterisk.
Maybe I am missing something else? I'm not sure I understand how Asterisk's
peer selection affects this. When I received the registration request from
Kamailio, the From: address and domain are the same as the To: address and
domain, which are the values I have set in the sipusers table.
Another thing, even though the client handset says registered, the table
'sipregs' is not updated with fullcontact, regseconds, or any data at all.
Yet I can still make a call. So maybe Asterisk is not authenticating
INVITES (whether or not it's registered) and that's why I can call.
Any further help or things I should try?
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 3:40 AM, Alberto Sagredo <
alberto.sagredo(a)avanzada7.com> wrote:
You could remove secret= on extensiones to check if
its related to
authentication or not
You must not request authentication to kamailio in order to work properly
in front of Asterisk
As Daniel mention check if Kamailio peer is created and extensiones have
no secret.. you would need to add alternate sippasswd table for kamailio
authentication
BR
2015-07-16 1:42 GMT+02:00 Ben Fitzgerald <ben(a)letscorp.us>us>:
Hi, I've been following this integration
tutorial
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
and have a successful registration and I can even make calls through my
asterisk box.
However what is unusual to me is that every time a phone registers with
Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies
with 401 Unauthorized. Oddly enough the phone registers and can still make
calls. What worries me is that as we scale to 100's of cps, this seemingly
erroneous message may slow down Asterisk because it's trying to handle
authentication for users which have already been authenticated by Kamailio.
If this behavior is expected, then that would be good to know as well.
This is the sip debug from ASTERISK (I have replaced IP's with the names
of the servers):
<--- SIP read from TCP:kamailio:41205 --->
REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0
Via: SIP/2.0/TCP
kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0
To: <sip:40081@asteriskIP>
From: <sip:40081@asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
CSeq: 10 REGISTER
Call-ID: 0005ce130bcee5c4-26538@kamailio
Max-Forwards: 70
Content-Length: 0
User-Agent: kamailio (4.3.0 (x86_64/linux))
Contact: <sip:40081@kamailio:5060>
Expires: 3600
<------------->
--- (11 headers 0 lines) ---
Sending to kamailio:5060 (no NAT)
Sending to kamailio:5060 (no NAT)
<--- Transmitting (no NAT) to kamailio:5060 --->
SIP/2.0 401 Unauthorized
Via:
SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received=
kamailio
From: <sip:40081@asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
To: <sip:40081@asteriskIP>;tag=as404bac9a
Call-ID: 0005ce130bcee5c4-26538@ kamailio
CSeq: 10 REGISTER
Server: Asterisk PBX 11.6-cert2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="262b338e"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
in 32000 ms (Method: REGISTER)
Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
in 32000 ms (Method: REGISTER)
Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio' Method:
REGISTER
=========================
sip.conf for kamailio trunk:
[kamailio-inbound]
type=friend
dtmfmode=auto
host=kamailioIP
allow=all
context=sipout
insecure=port,invite
canreinvite=no
========================
Asterisk version: 11.6-cert2
Kamailio version: 4.3
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
9:48 p.m.
Maybe you got to get some traces with sip set debug on on asterisk or ngrep
in kamailio to check whereis the problem.
I think you are not authenticating correctly
Check if you insert on sipusers and sipppers table what is commented on KB
by asipto.
Maybe your Kamailio is not responding to OPTIONS (qualify=yes)
add at the beginning of your kamailio.cfg file
request_route {
if(is_method("OPTIONS") ) {
sl_send_reply("200","Keepalive");
exit;
}
.....
To solve qualify problem
BR
2015-07-16 19:31 GMT+02:00 Ben Fitzgerald <ben(a)letscorp.us>us>:
Thanks for your response.
I did read the section about the secret in the kb url. I followed the
example and inserted the test users on tFe url (101, 102, 103) and they
have secret set to NULL. I have tried both secret=NULL and secret="" and
Asterisk still asks for authentication. Also when I do "sip show peers" I
get:
Name/username Host Dyn
Forcerport ACL Port Status Description
Realtime
kamailio-inbound kamailioIP a
5060 Unmonitored
I added qualify=yes and now:
Name/username Host Dyn
Forcerport ACL Port Status Description
Realtime
kamailio-inbound kamailioIP a
5060 UNREACHABLE
Could this be the issue? I have verified that Kamailio receives the
responses by doing ngrep and I can see the SIP 401 from Asterisk.
Maybe I am missing something else? I'm not sure I understand how
Asterisk's peer selection affects this. When I received the registration
request from Kamailio, the From: address and domain are the same as the To:
address and domain, which are the values I have set in the sipusers table.
Another thing, even though the client handset says registered, the table
'sipregs' is not updated with fullcontact, regseconds, or any data at all.
Yet I can still make a call. So maybe Asterisk is not authenticating
INVITES (whether or not it's registered) and that's why I can call.
Any further help or things I should try?
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 3:40 AM, Alberto Sagredo <
alberto.sagredo(a)avanzada7.com> wrote:
You could remove secret= on extensiones to check
if its related to
authentication or not
You must not request authentication to kamailio in order to work properly
in front of Asterisk
As Daniel mention check if Kamailio peer is created and extensiones have
no secret.. you would need to add alternate sippasswd table for kamailio
authentication
BR
2015-07-16 1:42 GMT+02:00 Ben Fitzgerald <ben(a)letscorp.us>us>:
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi, I've been following this integration
tutorial
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
and have a successful registration and I can even make calls through my
asterisk box.
However what is unusual to me is that every time a phone registers with
Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies
with 401 Unauthorized. Oddly enough the phone registers and can still make
calls. What worries me is that as we scale to 100's of cps, this seemingly
erroneous message may slow down Asterisk because it's trying to handle
authentication for users which have already been authenticated by Kamailio.
If this behavior is expected, then that would be good to know as well.
This is the sip debug from ASTERISK (I have replaced IP's with the names
of the servers):
<--- SIP read from TCP:kamailio:41205 --->
REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0
Via: SIP/2.0/TCP
kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0
To: <sip:40081@asteriskIP>
From: <sip:40081@asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
CSeq: 10 REGISTER
Call-ID: 0005ce130bcee5c4-26538@kamailio
Max-Forwards: 70
Content-Length: 0
User-Agent: kamailio (4.3.0 (x86_64/linux))
Contact: <sip:40081@kamailio:5060>
Expires: 3600
<------------->
--- (11 headers 0 lines) ---
Sending to kamailio:5060 (no NAT)
Sending to kamailio:5060 (no NAT)
<--- Transmitting (no NAT) to kamailio:5060 --->
SIP/2.0 401 Unauthorized
Via:
SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received=
kamailio
From: <sip:40081@asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
To: <sip:40081@asteriskIP>;tag=as404bac9a
Call-ID: 0005ce130bcee5c4-26538@ kamailio
CSeq: 10 REGISTER
Server: Asterisk PBX 11.6-cert2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="262b338e"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
in 32000 ms (Method: REGISTER)
Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
in 32000 ms (Method: REGISTER)
Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio' Method:
REGISTER
=========================
sip.conf for kamailio trunk:
[kamailio-inbound]
type=friend
dtmfmode=auto
host=kamailioIP
allow=all
context=sipout
insecure=port,invite
canreinvite=no
========================
Asterisk version: 11.6-cert2
Kamailio version: 4.3
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
17 Jul
17 Jul
12:59 a.m.
Thank you for the qualify solution, that worked.
However, on the KB by asipto, they only create a `sipreg` and `sipusers`
table and then in extconfig.conf for asterisk, sipusers and sippeers are
both using the `sipusers` table in MySQL.
I included a sip trace in the original email but I will include a more
detailed sip debug here. It looks like Asterisk and Kamailio can exchange
messages but for some reason, the SIP dialog stops after Asterisk sends
back a SIP 401 Unauthorized to Kamailio. Any ideas?
*1. Kamailio using sipgrep*
T 2015/07/16 14:50:52.393582 UserAgentIP:64521 -> KamailioIP:5060
[AP]
REGISTER sip:opvpnx.ulets.us SIP/2.0.
Via: SIP/2.0/TCP 192.168.0.179:64521;alias;branch=z9hG4bK.j~V~btADL;rport.
From: <sip:102@opvpnx.ulets.us>;tag=QZ7de-7u5.
To: sip:102@opvpnx.ulets.us.
CSeq: 29 REGISTER.
Call-ID: puXkrkIICT.
Max-Forwards: 70.
Supported: outbound.
Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml.
Contact: <sip:102@
UserAgentIP:64521;transport=tcp>;+sip.instance="<urn:uuid:f8f0aa7c-5b20-4ff2-ac5a-d7b4004afb50>".
Expires: 3600.
User-Agent: Alpha TalkIphone/2.2.5-80-g783bf67 (belle-sip/1.4.0).
Content-Length: 0.
Authorization: Digest realm="opvpnx.ulets.us",
nonce="VagoaFWoJzylK0MxoOAIPTRhtZBlmVmr", username="102",
uri="sip:
opvpnx.ulets.us", response="24b8f292fca38e72fbcf36417dcecd24".
.
T 2015/07/16 14:50:52.440789 KamailioIP:5060 -> UserAgentIP:64521
[AP]
SIP/2.0 200 OK.
Via: SIP/2.0/TCP 192.168.0.179:64521
;alias;branch=z9hG4bK.j~V~btADL;rport=64521;received= UserAgentIP.
From: <sip:102@opvpnx.ulets.us>;tag=QZ7de-7u5.
To: sip:102@opvpnx.ulets.us;tag=723cfa83f1495d1e63c1f1bb20bde818.a56d.
CSeq: 29 REGISTER.
Call-ID: puXkrkIICT.
Contact: <sip:102@
UserAgentIP:64521;transport=tcp>;expires=3600;received="sip:
UserAgentIP:64521;transport=tcp";+sip.instance="<urn:uuid:f8f0aa7c-5b20-4ff2-ac5a-d7b4004afb50>".
LETSSBC.
Content-Length: 0.
.
*#*
*# These next two messages when Kamailio forwards REGISTER to Asterisk*
*#*
T 2015/07/16 14:50:52.466461 KamailioIP:43488 -> AsteriskIP:5060
[AP]
REGISTER sip: AsteriskIP:5060;transport=tcp SIP/2.0.
Via:
SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0.
To: <sip:102@ AsteriskIP >.
From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497.
CSeq: 10 REGISTER.
Call-ID: 2ee5ec48557bba33-31464@ KamailioIP.
Max-Forwards: 70.
Content-Length: 0.
User-Agent: kamailio (4.3.0 (x86_64/linux)).
Contact: <sip:102@ KamailioIP:5060>.
Expires: 3600.
.
T 2015/07/16 14:50:52.494578 AsteriskIP:5060 -> KamailioIP:43488
[AP]
SIP/2.0 401 Unauthorized.
Via:
SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0;received=
KamailioIP.
From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497.
To: <sip:102@ AsteriskIP >;tag=as0eb2442e.
Call-ID: 2ee5ec48557bba33-31464@ KamailioIP.
CSeq: 10 REGISTER.
Server: Asterisk PBX 11.6-cert2.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH.
Supported: replaces, timer.
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="5b30f8aa".
Content-Length: 0.
*2. Asterisk using sip set debug on*
t91*CLI>
<--- SIP read from TCP: KamailioIP:43488 --->
REGISTER sip: AsteriskIP:5060;transport=tcp SIP/2.0
Via:
SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0
To: <sip:102@ AsteriskIP >
From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497
CSeq: 10 REGISTER
Call-ID: 2ee5ec48557bba33-31464@ KamailioIP
Max-Forwards: 70
Content-Length: 0
User-Agent: kamailio (4.3.0 (x86_64/linux))
Contact: <sip:102@ KamailioIP:5060>
Expires: 3600
<------------->
--- (11 headers 0 lines) ---
Sending to KamailioIP:5060 (no NAT)
Sending to KamailioIP:5060 (no NAT)
<--- Transmitting (no NAT) to KamailioIP:5060 --->
SIP/2.0 401 Unauthorized
Via:
SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0;received=
KamailioIP
From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497
To: <sip:102@ AsteriskIP >;tag=as0eb2442e
Call-ID: 2ee5ec48557bba33-31464@ KamailioIP
CSeq: 10 REGISTER
Server: Asterisk PBX 11.6-cert2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="5b30f8aa"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '2ee5ec48557bba33-31464@ KamailioIP'
in 32000 ms (Method: REGISTER)
Scheduling destruction of SIP dialog '2ee5ec48557bba33-31464@ KamailioIP'
in 32000 ms (Method: REGISTER)
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 11:48 AM, Alberto Sagredo <
alberto.sagredo(a)avanzada7.com> wrote:
Maybe you got to get some traces with sip set debug on
on asterisk or
ngrep in kamailio to check whereis the problem.
I think you are not authenticating correctly
Check if you insert on sipusers and sipppers table what is commented on KB
by asipto.
Maybe your Kamailio is not responding to OPTIONS (qualify=yes)
add at the beginning of your kamailio.cfg file
request_route {
if(is_method("OPTIONS") ) {
sl_send_reply("200","Keepalive");
exit;
}
.....
To solve qualify problem
BR
2015-07-16 19:31 GMT+02:00 Ben Fitzgerald <ben(a)letscorp.us>us>:
Thanks for your response.
I did read the section about the secret in the kb url. I followed the
example and inserted the test users on tFe url (101, 102, 103) and they
have secret set to NULL. I have tried both secret=NULL and secret="" and
Asterisk still asks for authentication. Also when I do "sip show peers" I
get:
Name/username Host Dyn
Forcerport ACL Port Status Description
Realtime
kamailio-inbound kamailioIP a
5060 Unmonitored
I added qualify=yes and now:
Name/username Host Dyn
Forcerport ACL Port Status Description
Realtime
kamailio-inbound kamailioIP a
5060 UNREACHABLE
Could this be the issue? I have verified that Kamailio receives the
responses by doing ngrep and I can see the SIP 401 from Asterisk.
Maybe I am missing something else? I'm not sure I understand how
Asterisk's peer selection affects this. When I received the registration
request from Kamailio, the From: address and domain are the same as the To:
address and domain, which are the values I have set in the sipusers table.
Another thing, even though the client handset says registered, the table
'sipregs' is not updated with fullcontact, regseconds, or any data at all.
Yet I can still make a call. So maybe Asterisk is not authenticating
INVITES (whether or not it's registered) and that's why I can call.
Any further help or things I should try?
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 3:40 AM, Alberto Sagredo <
alberto.sagredo(a)avanzada7.com> wrote:
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
You could remove secret= on extensiones to check
if its related to
authentication or not
You must not request authentication to kamailio in order to work
properly in front of Asterisk
As Daniel mention check if Kamailio peer is created and extensiones have
no secret.. you would need to add alternate sippasswd table for kamailio
authentication
BR
2015-07-16 1:42 GMT+02:00 Ben Fitzgerald <ben(a)letscorp.us>us>:
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi, I've been following this integration
tutorial
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
and have a successful registration and I can even make calls through my
asterisk box.
However what is unusual to me is that every time a phone registers with
Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies
with 401 Unauthorized. Oddly enough the phone registers and can still make
calls. What worries me is that as we scale to 100's of cps, this seemingly
erroneous message may slow down Asterisk because it's trying to handle
authentication for users which have already been authenticated by Kamailio.
If this behavior is expected, then that would be good to know as well.
This is the sip debug from ASTERISK (I have replaced IP's with the
names of the servers):
<--- SIP read from TCP:kamailio:41205 --->
REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0
Via: SIP/2.0/TCP
kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0
To: <sip:40081@asteriskIP>
From: <sip:40081@asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
CSeq: 10 REGISTER
Call-ID: 0005ce130bcee5c4-26538@kamailio
Max-Forwards: 70
Content-Length: 0
User-Agent: kamailio (4.3.0 (x86_64/linux))
Contact: <sip:40081@kamailio:5060>
Expires: 3600
<------------->
--- (11 headers 0 lines) ---
Sending to kamailio:5060 (no NAT)
Sending to kamailio:5060 (no NAT)
<--- Transmitting (no NAT) to kamailio:5060 --->
SIP/2.0 401 Unauthorized
Via:
SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received=
kamailio
From: <sip:40081@asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
To: <sip:40081@asteriskIP>;tag=as404bac9a
Call-ID: 0005ce130bcee5c4-26538@ kamailio
CSeq: 10 REGISTER
Server: Asterisk PBX 11.6-cert2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="262b338e"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
in 32000 ms (Method: REGISTER)
Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
in 32000 ms (Method: REGISTER)
Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio'
Method: REGISTER
=========================
sip.conf for kamailio trunk:
[kamailio-inbound]
type=friend
dtmfmode=auto
host=kamailioIP
allow=all
context=sipout
insecure=port,invite
canreinvite=no
========================
Asterisk version: 11.6-cert2
Kamailio version: 4.3
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity
to which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
9:38 p.m.
I think I have fixed the authentication issue yet the SIP dialog has
completely changed. Now the dialog involves Asterisk sending SIP NOTIFY to
Kamailio, which is then forwarded to the client. Kamailio.cfg has no routes
to handle NOTIFY and there are no SUBSCRIBE messages preceding the NOTIFY.
Only REGISTER and 200 OK. Is this expected behavior? The sipregs database
is now correctly updated when a peer registers so that's good.
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 2:59 PM, Ben Fitzgerald <ben(a)letscorp.us> wrote:
Thank you for the qualify solution, that worked.
However, on the KB by asipto, they only create a `sipreg` and `sipusers`
table and then in extconfig.conf for asterisk, sipusers and sippeers are
both using the `sipusers` table in MySQL.
I included a sip trace in the original email but I will include a more
detailed sip debug here. It looks like Asterisk and Kamailio can exchange
messages but for some reason, the SIP dialog stops after Asterisk sends
back a SIP 401 Unauthorized to Kamailio. Any ideas?
*1. Kamailio using sipgrep*
T 2015/07/16 14:50:52.393582 UserAgentIP:64521 -> KamailioIP:5060
[AP]
REGISTER sip:opvpnx.ulets.us SIP/2.0.
Via: SIP/2.0/TCP 192.168.0.179:64521;alias;branch=z9hG4bK.j~V~btADL;rport.
From: <sip:102@opvpnx.ulets.us>;tag=QZ7de-7u5.
To: sip:102@opvpnx.ulets.us.
CSeq: 29 REGISTER.
Call-ID: puXkrkIICT.
Max-Forwards: 70.
Supported: outbound.
Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml.
Contact: <sip:102@
UserAgentIP:64521;transport=tcp>;+sip.instance="<urn:uuid:f8f0aa7c-5b20-4ff2-ac5a-d7b4004afb50>".
Expires: 3600.
User-Agent: Alpha TalkIphone/2.2.5-80-g783bf67 (belle-sip/1.4.0).
Content-Length: 0.
Authorization: Digest realm="opvpnx.ulets.us",
nonce="VagoaFWoJzylK0MxoOAIPTRhtZBlmVmr", username="102",
uri="sip:
opvpnx.ulets.us", response="24b8f292fca38e72fbcf36417dcecd24".
.
T 2015/07/16 14:50:52.440789 KamailioIP:5060 -> UserAgentIP:64521
[AP]
SIP/2.0 200 OK.
Via: SIP/2.0/TCP 192.168.0.179:64521
;alias;branch=z9hG4bK.j~V~btADL;rport=64521;received= UserAgentIP.
From: <sip:102@opvpnx.ulets.us>;tag=QZ7de-7u5.
To: sip:102@opvpnx.ulets.us;tag=723cfa83f1495d1e63c1f1bb20bde818.a56d.
CSeq: 29 REGISTER.
Call-ID: puXkrkIICT.
Contact: <sip:102@
UserAgentIP:64521;transport=tcp>;expires=3600;received="sip:
UserAgentIP:64521;transport=tcp";+sip.instance="<urn:uuid:f8f0aa7c-5b20-4ff2-ac5a-d7b4004afb50>".
LETSSBC.
Content-Length: 0.
.
*#*
*# These next two messages when Kamailio forwards REGISTER to Asterisk*
*#*
T 2015/07/16 14:50:52.466461 KamailioIP:43488 -> AsteriskIP:5060
[AP]
REGISTER sip: AsteriskIP:5060;transport=tcp SIP/2.0.
Via:
SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0.
To: <sip:102@ AsteriskIP >.
From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497.
CSeq: 10 REGISTER.
Call-ID: 2ee5ec48557bba33-31464@ KamailioIP.
Max-Forwards: 70.
Content-Length: 0.
User-Agent: kamailio (4.3.0 (x86_64/linux)).
Contact: <sip:102@ KamailioIP:5060>.
Expires: 3600.
.
T 2015/07/16 14:50:52.494578 AsteriskIP:5060 -> KamailioIP:43488
[AP]
SIP/2.0 401 Unauthorized.
Via:
SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0;received=
KamailioIP.
From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497.
To: <sip:102@ AsteriskIP >;tag=as0eb2442e.
Call-ID: 2ee5ec48557bba33-31464@ KamailioIP.
CSeq: 10 REGISTER.
Server: Asterisk PBX 11.6-cert2.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH.
Supported: replaces, timer.
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="5b30f8aa".
Content-Length: 0.
*2. Asterisk using sip set debug on*
t91*CLI>
<--- SIP read from TCP: KamailioIP:43488 --->
REGISTER sip: AsteriskIP:5060;transport=tcp SIP/2.0
Via:
SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0
To: <sip:102@ AsteriskIP >
From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497
CSeq: 10 REGISTER
Call-ID: 2ee5ec48557bba33-31464@ KamailioIP
Max-Forwards: 70
Content-Length: 0
User-Agent: kamailio (4.3.0 (x86_64/linux))
Contact: <sip:102@ KamailioIP:5060>
Expires: 3600
<------------->
--- (11 headers 0 lines) ---
Sending to KamailioIP:5060 (no NAT)
Sending to KamailioIP:5060 (no NAT)
<--- Transmitting (no NAT) to KamailioIP:5060 --->
SIP/2.0 401 Unauthorized
Via:
SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0;received=
KamailioIP
From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497
To: <sip:102@ AsteriskIP >;tag=as0eb2442e
Call-ID: 2ee5ec48557bba33-31464@ KamailioIP
CSeq: 10 REGISTER
Server: Asterisk PBX 11.6-cert2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="5b30f8aa"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '2ee5ec48557bba33-31464@ KamailioIP'
in 32000 ms (Method: REGISTER)
Scheduling destruction of SIP dialog '2ee5ec48557bba33-31464@ KamailioIP'
in 32000 ms (Method: REGISTER)
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 11:48 AM, Alberto Sagredo <
alberto.sagredo(a)avanzada7.com> wrote:
Maybe you got to get some traces with sip set
debug on on asterisk or
ngrep in kamailio to check whereis the problem.
I think you are not authenticating correctly
Check if you insert on sipusers and sipppers table what is commented on
KB by asipto.
Maybe your Kamailio is not responding to OPTIONS (qualify=yes)
add at the beginning of your kamailio.cfg file
request_route {
if(is_method("OPTIONS") ) {
sl_send_reply("200","Keepalive");
exit;
}
.....
To solve qualify problem
BR
2015-07-16 19:31 GMT+02:00 Ben Fitzgerald <ben(a)letscorp.us>us>:
Thanks for your response.
I did read the section about the secret in the kb url. I followed the
example and inserted the test users on tFe url (101, 102, 103) and they
have secret set to NULL. I have tried both secret=NULL and secret="" and
Asterisk still asks for authentication. Also when I do "sip show peers" I
get:
Name/username Host Dyn
Forcerport ACL Port Status Description
Realtime
kamailio-inbound kamailioIP a
5060 Unmonitored
I added qualify=yes and now:
Name/username Host Dyn
Forcerport ACL Port Status Description
Realtime
kamailio-inbound kamailioIP a
5060 UNREACHABLE
Could this be the issue? I have verified that Kamailio receives the
responses by doing ngrep and I can see the SIP 401 from Asterisk.
Maybe I am missing something else? I'm not sure I understand how
Asterisk's peer selection affects this. When I received the registration
request from Kamailio, the From: address and domain are the same as the To:
address and domain, which are the values I have set in the sipusers table.
Another thing, even though the client handset says registered, the table
'sipregs' is not updated with fullcontact, regseconds, or any data at all.
Yet I can still make a call. So maybe Asterisk is not authenticating
INVITES (whether or not it's registered) and that's why I can call.
Any further help or things I should try?
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 3:40 AM, Alberto Sagredo <
alberto.sagredo(a)avanzada7.com> wrote:
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
You could remove secret= on extensiones to check
if its related to
authentication or not
You must not request authentication to kamailio in order to work
properly in front of Asterisk
As Daniel mention check if Kamailio peer is created and extensiones
have no secret.. you would need to add alternate sippasswd table for
kamailio authentication
BR
2015-07-16 1:42 GMT+02:00 Ben Fitzgerald <ben(a)letscorp.us>us>:
> Hi, I've been following this integration tutorial
> http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
> and have a successful registration and I can even make calls through my
> asterisk box.
>
> However what is unusual to me is that every time a phone registers
> with Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk
> replies with 401 Unauthorized. Oddly enough the phone registers and can
> still make calls. What worries me is that as we scale to 100's of cps, this
> seemingly erroneous message may slow down Asterisk because it's trying to
> handle authentication for users which have already been authenticated by
> Kamailio. If this behavior is expected, then that would be good to know as
> well.
>
> This is the sip debug from ASTERISK (I have replaced IP's with the
> names of the servers):
>
>
> <--- SIP read from TCP:kamailio:41205 --->
> REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0
> Via: SIP/2.0/TCP
> kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0
> To: <sip:40081@asteriskIP>
> From: <sip:40081@asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
> CSeq: 10 REGISTER
> Call-ID: 0005ce130bcee5c4-26538@kamailio
> Max-Forwards: 70
> Content-Length: 0
> User-Agent: kamailio (4.3.0 (x86_64/linux))
> Contact: <sip:40081@kamailio:5060>
> Expires: 3600
>
> <------------->
> --- (11 headers 0 lines) ---
> Sending to kamailio:5060 (no NAT)
> Sending to kamailio:5060 (no NAT)
>
> <--- Transmitting (no NAT) to kamailio:5060 --->
> SIP/2.0 401 Unauthorized
> Via:
> SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received=
> kamailio
> From: <sip:40081@asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
> To: <sip:40081@asteriskIP>;tag=as404bac9a
> Call-ID: 0005ce130bcee5c4-26538@ kamailio
> CSeq: 10 REGISTER
> Server: Asterisk PBX 11.6-cert2
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
> INFO, PUBLISH
> Supported: replaces, timer
> WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
> nonce="262b338e"
> Content-Length: 0
>
>
> <------------>
> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
> in 32000 ms (Method: REGISTER)
> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
> in 32000 ms (Method: REGISTER)
> Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio'
> Method: REGISTER
>
> =========================
>
> sip.conf for kamailio trunk:
>
> [kamailio-inbound]
> type=friend
> dtmfmode=auto
> host=kamailioIP
> allow=all
> context=sipout
> insecure=port,invite
> canreinvite=no
>
> ========================
>
> Asterisk version: 11.6-cert2
> Kamailio version: 4.3
>
> Benjamin Fitzgerald
> LETS Corporation
> (925) 235-1154
> ben(a)letscorp.us
>
>
>
>
> *******Confidential Notice:
> This message is intended only for the use of the individual or entity
> to which it is addressed and may contain information that is privileged,
> confidential and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any dissemination, distribution or copying of this communication is
> strictly prohibited. If you have received this message in error, please
> delete this message from all computers and contact Orion Systems/LETS Corp
> immediately by return e-mail and/or telephone at (925) 566-5600
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users(a)lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
20 Jul
20 Jul
9:14 a.m.
OK. Great
Regards
2015-07-17 20:38 GMT+02:00 Ben Fitzgerald <ben(a)letscorp.us>us>:
I think I have fixed the authentication issue yet the
SIP dialog has
completely changed. Now the dialog involves Asterisk sending SIP NOTIFY to
Kamailio, which is then forwarded to the client. Kamailio.cfg has no routes
to handle NOTIFY and there are no SUBSCRIBE messages preceding the NOTIFY.
Only REGISTER and 200 OK. Is this expected behavior? The sipregs database
is now correctly updated when a peer registers so that's good.
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 2:59 PM, Ben Fitzgerald <ben(a)letscorp.us> wrote:
Thank you for the qualify solution, that worked.
However, on the KB by asipto, they only create a `sipreg` and `sipusers`
table and then in extconfig.conf for asterisk, sipusers and sippeers are
both using the `sipusers` table in MySQL.
I included a sip trace in the original email but I will include a more
detailed sip debug here. It looks like Asterisk and Kamailio can exchange
messages but for some reason, the SIP dialog stops after Asterisk sends
back a SIP 401 Unauthorized to Kamailio. Any ideas?
*1. Kamailio using sipgrep*
T 2015/07/16 14:50:52.393582 UserAgentIP:64521 -> KamailioIP:5060
[AP]
REGISTER sip:opvpnx.ulets.us SIP/2.0.
Via: SIP/2.0/TCP 192.168.0.179:64521
;alias;branch=z9hG4bK.j~V~btADL;rport.
From: <sip:102@opvpnx.ulets.us>;tag=QZ7de-7u5.
To: sip:102@opvpnx.ulets.us.
CSeq: 29 REGISTER.
Call-ID: puXkrkIICT.
Max-Forwards: 70.
Supported: outbound.
Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml.
Contact: <sip:102@
UserAgentIP:64521;transport=tcp>;+sip.instance="<urn:uuid:f8f0aa7c-5b20-4ff2-ac5a-d7b4004afb50>".
Expires: 3600.
User-Agent: Alpha TalkIphone/2.2.5-80-g783bf67 (belle-sip/1.4.0).
Content-Length: 0.
Authorization: Digest realm="opvpnx.ulets.us",
nonce="VagoaFWoJzylK0MxoOAIPTRhtZBlmVmr", username="102",
uri="sip:
opvpnx.ulets.us", response="24b8f292fca38e72fbcf36417dcecd24".
.
T 2015/07/16 14:50:52.440789 KamailioIP:5060 -> UserAgentIP:64521
[AP]
SIP/2.0 200 OK.
Via: SIP/2.0/TCP 192.168.0.179:64521
;alias;branch=z9hG4bK.j~V~btADL;rport=64521;received= UserAgentIP.
From: <sip:102@opvpnx.ulets.us>;tag=QZ7de-7u5.
To: sip:102@opvpnx.ulets.us;tag=723cfa83f1495d1e63c1f1bb20bde818.a56d.
CSeq: 29 REGISTER.
Call-ID: puXkrkIICT.
Contact: <sip:102@
UserAgentIP:64521;transport=tcp>;expires=3600;received="sip:
UserAgentIP:64521;transport=tcp";+sip.instance="<urn:uuid:f8f0aa7c-5b20-4ff2-ac5a-d7b4004afb50>".
LETSSBC.
Content-Length: 0.
.
*#*
*# These next two messages when Kamailio forwards REGISTER to Asterisk*
*#*
T 2015/07/16 14:50:52.466461 KamailioIP:43488 -> AsteriskIP:5060
[AP]
REGISTER sip: AsteriskIP:5060;transport=tcp SIP/2.0.
Via:
SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0.
To: <sip:102@ AsteriskIP >.
From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497.
CSeq: 10 REGISTER.
Call-ID: 2ee5ec48557bba33-31464@ KamailioIP.
Max-Forwards: 70.
Content-Length: 0.
User-Agent: kamailio (4.3.0 (x86_64/linux)).
Contact: <sip:102@ KamailioIP:5060>.
Expires: 3600.
.
T 2015/07/16 14:50:52.494578 AsteriskIP:5060 -> KamailioIP:43488
[AP]
SIP/2.0 401 Unauthorized.
Via:
SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0;received=
KamailioIP.
From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497.
To: <sip:102@ AsteriskIP >;tag=as0eb2442e.
Call-ID: 2ee5ec48557bba33-31464@ KamailioIP.
CSeq: 10 REGISTER.
Server: Asterisk PBX 11.6-cert2.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH.
Supported: replaces, timer.
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="5b30f8aa".
Content-Length: 0.
*2. Asterisk using sip set debug on*
t91*CLI>
<--- SIP read from TCP: KamailioIP:43488 --->
REGISTER sip: AsteriskIP:5060;transport=tcp SIP/2.0
Via:
SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0
To: <sip:102@ AsteriskIP >
From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497
CSeq: 10 REGISTER
Call-ID: 2ee5ec48557bba33-31464@ KamailioIP
Max-Forwards: 70
Content-Length: 0
User-Agent: kamailio (4.3.0 (x86_64/linux))
Contact: <sip:102@ KamailioIP:5060>
Expires: 3600
<------------->
--- (11 headers 0 lines) ---
Sending to KamailioIP:5060 (no NAT)
Sending to KamailioIP:5060 (no NAT)
<--- Transmitting (no NAT) to KamailioIP:5060 --->
SIP/2.0 401 Unauthorized
Via:
SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0;received=
KamailioIP
From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497
To: <sip:102@ AsteriskIP >;tag=as0eb2442e
Call-ID: 2ee5ec48557bba33-31464@ KamailioIP
CSeq: 10 REGISTER
Server: Asterisk PBX 11.6-cert2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="5b30f8aa"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '2ee5ec48557bba33-31464@ KamailioIP'
in 32000 ms (Method: REGISTER)
Scheduling destruction of SIP dialog '2ee5ec48557bba33-31464@ KamailioIP'
in 32000 ms (Method: REGISTER)
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 11:48 AM, Alberto Sagredo <
alberto.sagredo(a)avanzada7.com> wrote:
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Maybe you got to get some traces with sip set
debug on on asterisk or
ngrep in kamailio to check whereis the problem.
I think you are not authenticating correctly
Check if you insert on sipusers and sipppers table what is commented on
KB by asipto.
Maybe your Kamailio is not responding to OPTIONS (qualify=yes)
add at the beginning of your kamailio.cfg file
request_route {
if(is_method("OPTIONS") ) {
sl_send_reply("200","Keepalive");
exit;
}
.....
To solve qualify problem
BR
2015-07-16 19:31 GMT+02:00 Ben Fitzgerald <ben(a)letscorp.us>us>:
Thanks for your response.
I did read the section about the secret in the kb url. I followed the
example and inserted the test users on tFe url (101, 102, 103) and they
have secret set to NULL. I have tried both secret=NULL and secret="" and
Asterisk still asks for authentication. Also when I do "sip show peers" I
get:
Name/username Host Dyn
Forcerport ACL Port Status Description
Realtime
kamailio-inbound kamailioIP a
5060 Unmonitored
I added qualify=yes and now:
Name/username Host Dyn
Forcerport ACL Port Status Description
Realtime
kamailio-inbound kamailioIP a
5060 UNREACHABLE
Could this be the issue? I have verified that Kamailio receives the
responses by doing ngrep and I can see the SIP 401 from Asterisk.
Maybe I am missing something else? I'm not sure I understand how
Asterisk's peer selection affects this. When I received the registration
request from Kamailio, the From: address and domain are the same as the To:
address and domain, which are the values I have set in the sipusers table.
Another thing, even though the client handset says registered, the
table 'sipregs' is not updated with fullcontact, regseconds, or any data at
all. Yet I can still make a call. So maybe Asterisk is not authenticating
INVITES (whether or not it's registered) and that's why I can call.
Any further help or things I should try?
Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben(a)letscorp.us
*******Confidential Notice:
This message is intended only for the use of the individual or entity
to which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 3:40 AM, Alberto Sagredo <
alberto.sagredo(a)avanzada7.com> wrote:
> You could remove secret= on extensiones to check if its related to
> authentication or not
>
> You must not request authentication to kamailio in order to work
> properly in front of Asterisk
>
> As Daniel mention check if Kamailio peer is created and extensiones
> have no secret.. you would need to add alternate sippasswd table for
> kamailio authentication
>
> BR
>
> 2015-07-16 1:42 GMT+02:00 Ben Fitzgerald <ben(a)letscorp.us>us>:
>
>> Hi, I've been following this integration tutorial
>> http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
>> and have a successful registration and I can even make calls through my
>> asterisk box.
>>
>> However what is unusual to me is that every time a phone registers
>> with Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk
>> replies with 401 Unauthorized. Oddly enough the phone registers and can
>> still make calls. What worries me is that as we scale to 100's of cps, this
>> seemingly erroneous message may slow down Asterisk because it's trying to
>> handle authentication for users which have already been authenticated by
>> Kamailio. If this behavior is expected, then that would be good to know as
>> well.
>>
>> This is the sip debug from ASTERISK (I have replaced IP's with the
>> names of the servers):
>>
>>
>> <--- SIP read from TCP:kamailio:41205 --->
>> REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0
>> Via: SIP/2.0/TCP
>> kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0
>> To: <sip:40081@asteriskIP>
>> From: <sip:40081@asteriskIP
>> >;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
>> CSeq: 10 REGISTER
>> Call-ID: 0005ce130bcee5c4-26538@kamailio
>> Max-Forwards: 70
>> Content-Length: 0
>> User-Agent: kamailio (4.3.0 (x86_64/linux))
>> Contact: <sip:40081@kamailio:5060>
>> Expires: 3600
>>
>> <------------->
>> --- (11 headers 0 lines) ---
>> Sending to kamailio:5060 (no NAT)
>> Sending to kamailio:5060 (no NAT)
>>
>> <--- Transmitting (no NAT) to kamailio:5060 --->
>> SIP/2.0 401 Unauthorized
>> Via:
>> SIP/2.0/TCP
kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received=
>> kamailio
>> From: <sip:40081@asteriskIP
>> >;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
>> To: <sip:40081@asteriskIP>;tag=as404bac9a
>> Call-ID: 0005ce130bcee5c4-26538@ kamailio
>> CSeq: 10 REGISTER
>> Server: Asterisk PBX 11.6-cert2
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
>> INFO, PUBLISH
>> Supported: replaces, timer
>> WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
>> nonce="262b338e"
>> Content-Length: 0
>>
>>
>> <------------>
>> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
>> in 32000 ms (Method: REGISTER)
>> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
>> in 32000 ms (Method: REGISTER)
>> Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio'
>> Method: REGISTER
>>
>> =========================
>>
>> sip.conf for kamailio trunk:
>>
>> [kamailio-inbound]
>> type=friend
>> dtmfmode=auto
>> host=kamailioIP
>> allow=all
>> context=sipout
>> insecure=port,invite
>> canreinvite=no
>>
>> ========================
>>
>> Asterisk version: 11.6-cert2
>> Kamailio version: 4.3
>>
>> Benjamin Fitzgerald
>> LETS Corporation
>> (925) 235-1154
>> ben(a)letscorp.us
>>
>>
>>
>>
>> *******Confidential Notice:
>> This message is intended only for the use of the individual or entity
>> to which it is addressed and may contain information that is privileged,
>> confidential and exempt from disclosure under applicable law. If the reader
>> of this message is not the intended recipient, you are hereby notified that
>> any dissemination, distribution or copying of this communication is
>> strictly prohibited. If you have received this message in error, please
>> delete this message from all computers and contact Orion Systems/LETS Corp
>> immediately by return e-mail and/or telephone at (925) 566-5600
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
>> list
>> sr-users(a)lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users(a)lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
3416
days inactive
3421
days old
7 comments
3 participants
participants (3)
-
Alberto Sagredo -
Ben Fitzgerald -
Daniel Tryba