Hi.
I'm trying to get Asterisk 13 to authenticate when it sends an INVITE, and for
some reason it's simply not doing it.
I've even resorted to reading the source code to try and work out what I'm
doing wrong...
In channels/chan_sip.c I find:
* SIP Dial string syntax:
* SIP/devicename
* or SIP/username@domain (SIP uri)
* or SIP/username[:password[:md5secret[:authname[:transport]]]]@host[:port]
* or SIP/devicename/extension
* or SIP/devicename/extension/IPorHost
* or SIP/username@domain//IPorHost
* and there is an optional [!dnid] argument you can append to alter the
* To: header.
(Note: I don't think I have ever seen that optional "!dnid" argument
documented anywhere...?)
So, the version with the username and password looks to me like what I want...
Dial(SIP/${SIPuser}:${SIPpass}@${SIPhost}) or else
Dial(SIP/${SIPuser}:${SIPpass}@${SIPhost}!${SIPdial})
would seem to be what I need (I need to authenticate to SIPhost with the
credentials SIPuser and SIPpass and I want to dial on to SIPdial).
However, doing this results in the NOTICE message:
chan_sip.c:23862 handle_response_invite: Failed to authenticate on INVITE to
'"Antony Stone" <sip:Polycom650@198.51.100.29>;tag=as6625b0b4'
The first thing which puzzles me about this is that 198.51.100.29 is the IP
address of the telephone I dialled *in* to the context with in order to cause
the Dial() command to get processed (and Polycom650 is indeed the username of
the telephone).
This has nothing at all to do with the username and password I'm trying to
authenticate with at the remote server.
If I do a packet capture on this machine to show what it's actually sending
out to SIPhost, I see three packets:
1 0.000000000 192.0.2.29 → 203.0.113.56 SIP/SDP 960 Request: INVITE
sip:9...@the.remote.ser.ver
2 0.007364024 203.0.113.56 → 192.0.2.29 SIP 558 Status: 401 Unauthorized
3 0.007552844 192.0.2.29 → 203.0.113.56 SIP 485 Request: ACK
sip:9...@the.remote.ser.ver
and that's it.
Asterisk sends the (unauthorised) INVITE, as normal, the remote server
understandably says "401 Unauthorised" in response, to which I expect Asterisk
to say "ACK" and then repeat the INVITE with the authentication included, but
it does nothing after the ACK - it doesn't even try to authenticate.
If I create a stanza in sip.conf such as:
[RemoteServer]
type=peer
fromuser=9411
secret=3ce12cda9d
host=the.remote.ser.ver
and change the Dial() to:
Dial(SIP/RemoteServer/${SIPdial})
then all works, and the packet capture shows me exactly the same as above, but
then followed by a fourth packet, which is the INVITE complete with
authentication (which of course works).
However, creating stanzas in sip.conf is not an option for me, since I need to
be able to dial out using account credentials which are going to be passed in
to the dialplan as variables from an AMI Originate request (I'm creating this
dialplan in order to check whether credentials which have been supplied to me
are in fact correct and allow me to place a call).
So, what am I doing wrong - how can I get Asterisk to actually use the
credentials which I've supplied in the Dial() command?
Thanks for any help :)
Antony.
--
I conclude that there are two ways of constructing a software design: One way
is to make it so simple that there are _obviously_ no deficiencies, and the
other way is to make it so complicated that there are no _obvious_
deficiencies.
- C A R Hoare
Please reply to the list;
please *don't* CC me.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
