Eugene. ;;===================================================================== Some modifications since the last time. Now that asterisk has the secret in outbound calls, it seems to want the proxy to authenticate to asterisk for inbound calls. Thats fixed with the insecure=very. As well, its authname not authuser. The username and secret variables stay the same.
--
Sip.conf
In the [general] section of the config file create a line like this:
register => <accountid>@sip.broadvoice.com:<password>:<account id>@sip.broadvoice.com/<extension>
Replace accountid with your account or phone number, password with your password and extension with one of your accessible extensions in the dial plan.
BroadVoice Peer
Add a new section towards the bottom of the file to insure you don't overwrite any important data in [general]
[sip.broadvoice.com] type=peer user=phone host=sip.broadvoice.com fromdomain=sip.broadvoice.com fromuser=<phone number> secret=<register password> username=<phone number> insecure=very context=from-broadvoice authname=<phone number> dtmfmode=inband dtmf=inband ;Disable canreinvite if you are behind a NAT canreinvite=no
Insure you fillin fromuser with your phone number.
/etc/hosts Finding the right proxy
Ping the following hosts and select for the best time:
- proxy.lax.broadvoice.com - proxy.dca.broadvoice.com - proxy.mia.broadvoice.com
After you have chosen the one with the best ping time, do a dnslookup by running nslookup on the hostname. [edit] Modifying /etc/hosts
Using the IP Address you received from nslookup add a line like this to /etc/hosts:
{ip} sip.broadvoice.comInsert the IP appropriately.
extensions.conf Default Dial Plan
Put the following block in your extensions.conf as it will be your default dial plan:
[default]
exten => _1NXXNXXXXXX, 1, dial(SIP/[EMAIL PROTECTED],30) exten => _1NXXNXXXXXX, 2, congestion() exten => _1NXXNXXXXXX, 102, busy()
;;==================================================================================
----- Original Message ----- From: "Zanzamar Majere" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "Asterisk Users Mailing List - Non-Commercial Discussion" <[email protected]>
Sent: Wednesday, March 09, 2005 9:53 AM
Subject: Re: [Asterisk-Users] Broadvoice latest changes and stillnot working- An Additional Server
Thank you for the response. I still have the errors mentioned below, sip response and Failed to authenticate on INVITE
[PPPPPPPPPP] type=peer username=PPPPPPPPPP fromuser=PPPPPPPPPP authuser=PPPPPPPPPP fromdomain=sip.broadvoice.com secret=XXXXXXXXXX host=sip.broadvoice.com dtmfmode=inband insecure=very context=sip qualify=yes disallow=all allow=ulaw allow=gsm ;Disable canreinvite if you are behind a NAT ;canreinvite=no nat=no
Does anyone else have any other suggestions?
On Wednesday 09 March 2005 06:56 am, MF Hulber wrote:Try changing the extension from Broadvoice1 to the actual phone number (and don't send your secret in a public email or maybe that's Chris'):
[*8475100139*] type=peer ;user=phone host=sip.broadvoice.com fromdomain=sip.broadvoice.com fromuser=8475100139 secret=XXXXXXXXXXX username=8475100139
Zanzamar Majere wrote: >I have made all the changes to sip.conf for my broadvoice peer >friend(and I have tried it as peer) and I am still seeing this response >(on call out). Any suggestions? I don't think it is a problem with the >phones themselves authenticating, as Asterisk takes care of all the >authentication from my understanding. > >Free world does work for calling out however. So I know at least that >works. > > > >-- Got SIP response 400 "Bad request" back from 147.135.0.128 >Mar 9 01:11:09 NOTICE[12284]: chan_sip.c:6798 handle_response: Failed >to authenticate on INVITE to '"PPPPPPPPPP" ><sip:[EMAIL PROTECTED]>;tag=as5b80cade' > >On Wed, 2005-03-09 at 00:48, Chris Nibeck wrote: >>First off... please cancel previous amplification request. I have >>implemented your ideas with the same errored result. >> >>I am not sure that we are not making it thru authentication. From my >>digging and comparing packet dumps comparing the soft phone to asterisk >>they have identical transactions through the ACK reply (the last one >>on the debug below). The softphone seems to be authenticated after the >>ACK. I am a newbie to debugging this stuff. I just want to get it >>working. >> >>Thanks everyone in advance for your help. I am certainly very very >>happy to try anything. >> >>Based on Luki's suggestions I... >> >>Changed sip.conf... >> >>[broadvoice1] >>type=peer >>;user=phone >>host=sip.broadvoice.com >>fromdomain=sip.broadvoice.com >>fromuser=8475100139 >>secret=DELETED >>username=8475100139 >>insecure=very >>context=default >>authname=8475100139 >>dtmfmode=inband >>dtmf=inband >>;Disable canreinvite if you are behind a NAT >>canreinvite=no >>nat=no >> >>Changed extensions.conf... >> >>exten => _8X.,1, dial(SIP/${EXTEN:[EMAIL PROTECTED],30) ; Dial Broadvoice >>for 30 seconds >>exten => _8X.,2, congestion() ; No answer, nothing >>exten => _8X., 102, busy() ; >> >>End result... >> >>Mar 9 01:30:42 NOTICE[15376]: chan_sip.c:5047 handle_response: Failed >>to authenticate on INVITE to '"6050" >><sip:[EMAIL PROTECTED]>;tag=as545ccba3' >> >> >>SIP debug... >> >> -- Executing Dial("SIP/6050-132b", >>"SIP/[EMAIL PROTECTED]|30") in new stack >>We're at xxx.xxx.xxx.xxx port 18212 >>Answering with capability 2 >>Answering with capability 4 >>Answering with capability 8 >>12 headers, 10 lines >>Reliably Transmitting: >>INVITE sip:[EMAIL PROTECTED] SIP/2.0 >>Via: SIP/2.0/UDP xxx.xxx.xxx.xxx:5060;branch=z9hG4bK3ca6ade0 >>From: "6050" <sip:[EMAIL PROTECTED]>;tag=as545ccba3 >>To: <sip:[EMAIL PROTECTED]> >>Contact: <sip:[EMAIL PROTECTED]> >>Call-ID: [EMAIL PROTECTED] >>CSeq: 102 INVITE >>User-Agent: Asterisk PBX >>Date: Wed, 09 Mar 2005 07:30:41 GMT >>Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER >>Content-Type: application/sdp >>Content-Length: 205 >> >>v=0 >>o=root 3998 3998 IN IP4 xxx.xxx.xxx.xxx >>s=session >>c=IN IP4 xxx.xxx.xxx.xxx >>t=0 0 >>m=audio 18212 RTP/AVP 3 0 8 >>a=rtpmap:3 GSM/8000 >>a=rtpmap:0 PCMU/8000 >>a=rtpmap:8 PCMA/8000 >>a=silenceSupp:off - - - - >> (no NAT) to 147.135.8.128:5060 >> -- Called [EMAIL PROTECTED] >>com*CLI> >> >>Sip read: >>INVITE sip:[EMAIL PROTECTED] SIP/2.0 >>Via: SIP/2.0/UDP 64.4.192.110:5060;branch=z9hG4bK-1b5b3221 >>From: 6050 <sip:[EMAIL PROTECTED]>;tag=7e2776985d5a0891o0 >>To: <sip:[EMAIL PROTECTED]> >>Call-ID: [EMAIL PROTECTED] >>CSeq: 102 INVITE >>Max-Forwards: 70 >>Proxy-Authorization: Digest >>username="6050",realm="asterisk",nonce="42d82e9b",uri="sip: >>[EMAIL PROTECTED]",algorithm=MD5,response="420e39b35648a10c >>129dd4fb5f97ec47" >>Contact: 6050 <sip:[EMAIL PROTECTED]:5060> >>Expires: 240 >>User-Agent: Sipura/SPA3000-2.0.10(GWf) >>Content-Length: 241 >>Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER >>Supported: x-sipura >>Content-Type: application/sdp >> >>v=0 >>o=- 1138990026 1138990026 IN IP4 64.4.192.110 >>s=- >>c=IN IP4 64.4.192.110 >>t=0 0 >>m=audio 16388 RTP/AVP 0 100 101 >>a=rtpmap:0 PCMU/8000 >>a=rtpmap:100 NSE/8000 >>a=rtpmap:101 telephone-event/8000 >>a=fmtp:101 0-15 >>a=ptime:30 >>a=sendrecv >> >>15 headers, 12 lines >>Ignoring this request >>Transmitting (no NAT): >>SIP/2.0 100 Trying >>Via: SIP/2.0/UDP 64.4.192.110:5060;branch=z9hG4bK-1b5b3221 >>From: 6050 <sip:[EMAIL PROTECTED]>;tag=7e2776985d5a0891o0 >>To: <sip:[EMAIL PROTECTED]>;tag=as2f065f18 >>Call-ID: [EMAIL PROTECTED] >>CSeq: 102 INVITE >>User-Agent: Asterisk PBX >>Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER >>Contact: <sip:[EMAIL PROTECTED]> >>Content-Length: 0 >> >> >> to 64.4.192.110:5060 >>com*CLI> >> >>Sip read: >>SIP/2.0 100 Trying >>Via: SIP/2.0/UDP xxx.xxx.xxx.xxx:5060;branch=z9hG4bK3ca6ade0 >>From: "6050" <sip:[EMAIL PROTECTED]>;tag=as545ccba3 >>To: <sip:[EMAIL PROTECTED]> >>Call-ID: [EMAIL PROTECTED] >>CSeq: 102 INVITE >> >> >>6 headers, 0 lines >>com*CLI> >> >>Sip read: >>SIP/2.0 401 Unauthorized >>Via: SIP/2.0/UDP xxx.xxx.xxx.xxx:5060;branch=z9hG4bK3ca6ade0 >>From: "6050" <sip:[EMAIL PROTECTED]>;tag=as545ccba3 >>To: <sip:[EMAIL PROTECTED]>;tag=SD38rq699- >>Call-ID: [EMAIL PROTECTED] >>CSeq: 102 INVITE >>WWW-Authenticate: DIGEST >>realm="BroadWorks",algorithm=MD5,nonce="1110353299563" >>Content-Length: 0 >> >> >>8 headers, 0 lines >>Transmitting: >>ACK sip:[EMAIL PROTECTED] SIP/2.0 >>Via: SIP/2.0/UDP xxx.xxx.xxx.xxx:5060;branch=z9hG4bK3ca6ade0 >>From: "6050" <sip:[EMAIL PROTECTED]>;tag=as545ccba3 >>To: <sip:[EMAIL PROTECTED]>;tag=SD38rq699- >>Contact: <sip:[EMAIL PROTECTED]> >>Call-ID: [EMAIL PROTECTED] >>CSeq: 102 ACK >>User-Agent: Asterisk PBX >>Content-Length: 0 >> >> (no NAT) to 147.135.8.128:5060 >>Mar 9 01:30:42 NOTICE[15376]: chan_sip.c:5047 handle_response: Failed >>to authenticate on INVITE to '"6050" >><sip:[EMAIL PROTECTED]>;tag=as545ccba3' >> >>On Mar 9, 2005, at 12:08 AM, Luki wrote: >>>Chris, >>> >>>first of all, if your server has been up for 200 days, I suggest you >>>update the kernel -- you don't say if it's Linux, but chances are that >>>yes... and there have been some security bugs patched recently. >>> >>>That aside. I'm not sure, but it's possible that since you are using a >>>valid host name ('sip.broadvoice.com') in your dial statement, perhaps >>>* tried to talk to it directly and does not consider the section in >>>sip.conf. Just a guess. You will notice from the the sip debug output >>>that * does not even try to authenticate, as if it didn't know about >>>the user/secret. >>> >>>I use the BV number as the section name, so the dial statement >>>essentially looks like: Dial([EMAIL PROTECTED]) >>> >>>Try changing yours to say "broadvoice" and then the corresponding >>>section in sip.conf. I'm using the DCA server, and didn't have an >>>issue at all when they introduced INVITE authentication on the >>>weekend. This is how my section looks like: >>> >>>[360350XXXX] >>>type=peer >>>dtmfmode=inband >>>username=360350XXXX >>>fromuser=360350XXXX >>>secret=XXXXXXXXXX >>>host=sip.broadvoice.com >>>fromdomain=sip.broadvoice.com >>>canreinvite=no >>>nat=no >>>insecure=very >>>context=incoming >>>outgoinglimit=2 >>> >>>In /etc/hosts I have: >>>147.135.0.128 sip.broadvoice.com >>> >>>It's the proxy.dca.broadvoice.com server. Hope this helps... >>> >>>--Luki >>>_______________________________________________ >>>Asterisk-Users mailing list >>>[email protected] >>>http://lists.digium.com/mailman/listinfo/asterisk-users >>>To UNSUBSCRIBE or update options visit: >>> http://lists.digium.com/mailman/listinfo/asterisk-users >> >>_______________________________________________ >>Asterisk-Users mailing list >>[email protected] >>http://lists.digium.com/mailman/listinfo/asterisk-users >>To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > >_______________________________________________ >Asterisk-Users mailing list >[email protected] >http://lists.digium.com/mailman/listinfo/asterisk-users >To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users_______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
