Hi. I'm trying to get Asterisk 13 to authenticate when it sends an INVITE, and for some reason it's simply not doing it.
I've even resorted to reading the source code to try and work out what I'm doing wrong... In channels/chan_sip.c I find: * SIP Dial string syntax: * SIP/devicename * or SIP/username@domain (SIP uri) * or SIP/username[:password[:md5secret[:authname[:transport]]]]@host[:port] * or SIP/devicename/extension * or SIP/devicename/extension/IPorHost * or SIP/username@domain//IPorHost * and there is an optional [!dnid] argument you can append to alter the * To: header. (Note: I don't think I have ever seen that optional "!dnid" argument documented anywhere...?) So, the version with the username and password looks to me like what I want... Dial(SIP/${SIPuser}:${SIPpass}@${SIPhost}) or else Dial(SIP/${SIPuser}:${SIPpass}@${SIPhost}!${SIPdial}) would seem to be what I need (I need to authenticate to SIPhost with the credentials SIPuser and SIPpass and I want to dial on to SIPdial). However, doing this results in the NOTICE message: chan_sip.c:23862 handle_response_invite: Failed to authenticate on INVITE to '"Antony Stone" <sip:Polycom650@198.51.100.29>;tag=as6625b0b4' The first thing which puzzles me about this is that 198.51.100.29 is the IP address of the telephone I dialled *in* to the context with in order to cause the Dial() command to get processed (and Polycom650 is indeed the username of the telephone). This has nothing at all to do with the username and password I'm trying to authenticate with at the remote server. If I do a packet capture on this machine to show what it's actually sending out to SIPhost, I see three packets: 1 0.000000000 192.0.2.29 → 203.0.113.56 SIP/SDP 960 Request: INVITE sip:9...@the.remote.ser.ver 2 0.007364024 203.0.113.56 → 192.0.2.29 SIP 558 Status: 401 Unauthorized 3 0.007552844 192.0.2.29 → 203.0.113.56 SIP 485 Request: ACK sip:9...@the.remote.ser.ver and that's it. Asterisk sends the (unauthorised) INVITE, as normal, the remote server understandably says "401 Unauthorised" in response, to which I expect Asterisk to say "ACK" and then repeat the INVITE with the authentication included, but it does nothing after the ACK - it doesn't even try to authenticate. If I create a stanza in sip.conf such as: [RemoteServer] type=peer fromuser=9411 secret=3ce12cda9d host=the.remote.ser.ver and change the Dial() to: Dial(SIP/RemoteServer/${SIPdial}) then all works, and the packet capture shows me exactly the same as above, but then followed by a fourth packet, which is the INVITE complete with authentication (which of course works). However, creating stanzas in sip.conf is not an option for me, since I need to be able to dial out using account credentials which are going to be passed in to the dialplan as variables from an AMI Originate request (I'm creating this dialplan in order to check whether credentials which have been supplied to me are in fact correct and allow me to place a call). So, what am I doing wrong - how can I get Asterisk to actually use the credentials which I've supplied in the Dial() command? Thanks for any help :) Antony. -- I conclude that there are two ways of constructing a software design: One way is to make it so simple that there are _obviously_ no deficiencies, and the other way is to make it so complicated that there are no _obvious_ deficiencies. - C A R Hoare Please reply to the list; please *don't* CC me. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users