<div>Thank you for your help!</div><div><br></div><div>I looked into the UE's IMS register request as you told me. (the content of request is shown below)</div><div><br></div><div>As my thinking, my UE can support only two algorithms: hmac-sha1-96 and hmac-md5-96.</div><div><br></div><div>But fhoss cannot support above auth algorithms (fhoss can support digest-akav1-md5, digest-akav2-md5, digest, http_digest_md5, early-ims-security, nass-bundled and sip digest).</div><div><br></div><div>What algorithm should I switch to for authentication in fhoss? Or do I have to change the UE device (smartphone) for auth?</div><div><br></div><div>Very thanks,</div><div>Taekkyung Oh.</div><div><br></div><div><strong><em><IMS register request from the UE></em></strong></div><div><strong>Frame 4153: 840 bytes on wire (6720 bits), 840 bytes captured (6720 bits) on interface 0</strong></div><div><strong>Ethernet II, Src: 02:42:ac:16:00:16 (02:42:ac:16:00:16), Dst: 02:42:ac:16:00:06 (02:42:ac:16:00:06)</strong></div><div><strong>Internet Protocol Version 4, Src: 172.22.0.22, Dst: 172.22.0.6</strong></div><div><strong>User Datagram Protocol, Src Port: 2152, Dst Port: 2152</strong></div><div><strong>GPRS Tunneling Protocol</strong></div><div><strong>Internet Protocol Version 4, Src: 192.168.101.3, Dst: 172.22.0.21</strong></div><div><strong>Transmission Control Protocol, Src Port: 5060, Dst Port: 5060, Seq: 1021, Ack: 1, Len: 750</strong></div><div><strong>[2 Reassembled TCP Segments (1770 bytes): #4147(1020), #4153(750)]</strong></div><div><strong>Session Initiation Protocol (REGISTER)</strong></div><div><strong> Request-Line: REGISTER sip:ims.mnc001.mcc001.3gppnetwork.org SIP/2.0</strong></div><div><strong> Method: REGISTER</strong></div><div><strong> Request-URI: sip:ims.mnc001.mcc001.3gppnetwork.org</strong></div><div><strong> Request-URI Host Part: ims.mnc001.mcc001.3gppnetwork.org</strong></div><div><strong> [Resent Packet: False]</strong></div><div><strong> Message Header</strong></div><div><strong> To: <sip:001010000031094@ims.mnc001.mcc001.3gppnetwork.org></strong></div><div><strong> SIP to address: sip:001010000031094@ims.mnc001.mcc001.3gppnetwork.org</strong></div><div><strong> SIP to address User Part: 001010000031094</strong></div><div><strong> SIP to address Host Part: ims.mnc001.mcc001.3gppnetwork.org</strong></div><div><strong> From: <sip:001010000031094@ims.mnc001.mcc001.3gppnetwork.org>;tag=qyecbkJ</strong></div><div><strong> SIP from address: sip:001010000031094@ims.mnc001.mcc001.3gppnetwork.org</strong></div><div><strong> SIP from address User Part: 001010000031094</strong></div><div><strong> SIP from address Host Part: ims.mnc001.mcc001.3gppnetwork.org</strong></div><div><strong> SIP from tag: qyecbkJ</strong></div><div><strong> Contact: <sip:001010000031094@192.168.101.3:5060>;+sip.instance="<urn:gsma:imei:86355804-632692-0>";+g.3gpp.accesstype="cellular2";audio;video;+g.3gpp.smsip;+g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp-service.ims.icsi.mmtel"</strong></div><div><strong> Contact URI: sip:001010000031094@192.168.101.3:5060</strong></div><div><strong> Contact URI User Part: 001010000031094</strong></div><div><strong> Contact URI Host Part: 192.168.101.3</strong></div><div><strong> Contact URI Host Port: 5060</strong></div><div><strong> Contact parameter: +sip.instance="<urn:gsma:imei:86355804-632692-0>"</strong></div><div><strong> Contact parameter: +g.3gpp.accesstype="cellular2"</strong></div><div><strong> Contact parameter: audio</strong></div><div><strong> Contact parameter: video</strong></div><div><strong> Contact parameter: +g.3gpp.smsip</strong></div><div><strong> Contact parameter: +g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp-service.ims.icsi.mmtel"\r\n</strong></div><div><strong> Expires: 600000</strong></div><div><strong> P-Access-Network-Info: 3GPP-E-UTRAN-FDD;utran-cell-id-3gpp=0010100010019B01</strong></div><div><strong> access-type: 3GPP-E-UTRAN-FDD</strong></div><div><strong> utran-cell-id-3gpp: 0010100010019B01</strong></div><div><strong> Supported: path,sec-agree</strong></div><div><strong> Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,UPDATE,PRACK,NOTIFY,MESSAGE,REFER</strong></div><div><strong> Require: sec-agree</strong></div><div><strong> Proxy-Require: sec-agree</strong></div><div><strong> [truncated]Security-Client: ipsec-3gpp;alg=hmac-sha-1-96;prot=esp;mod=trans;ealg=des-ede3-cbc;spi-c=10559690;spi-s=65664952;port-c=31112;port-s=31803,ipsec-3gpp;alg=hmac-sha-1-96;prot=esp;mod=trans;ealg=aes-cbc;spi-c=10559690;spi-s=65664</strong></div><div><strong> [Security-mechanism]: ipsec-3gpp</strong></div><div><strong> alg: hmac-sha-1-96</strong></div><div><strong> prot: esp</strong></div><div><strong> mod=trans</strong></div><div><strong> ealg: des-ede3-cbc</strong></div><div><strong> spi-c: 10559690 (0x00a120ca)</strong></div><div><strong> spi-s: 65664952 (0x03e9f7b8)</strong></div><div><strong> port-c: 31112</strong></div><div><strong> port-s: 31803</strong></div><div><strong> [Security-mechanism]: ipsec-3gpp</strong></div><div><strong> alg: hmac-sha-1-96</strong></div><div><strong> prot: esp</strong></div><div><strong> mod=trans</strong></div><div><strong> ealg: aes-cbc</strong></div><div><strong> spi-c: 10559690 (0x00a120ca)</strong></div><div><strong> spi-s: 65664952 (0x03e9f7b8)</strong></div><div><strong> port-c: 31112</strong></div><div><strong> port-s: 31803</strong></div><div><strong> [Security-mechanism]: ipsec-3gpp</strong></div><div><strong> alg: hmac-sha-1-96</strong></div><div><strong> prot: esp</strong></div><div><strong> mod=trans</strong></div><div><strong> ealg: null</strong></div><div><strong> spi-c: 10559690 (0x00a120ca)</strong></div><div><strong> spi-s: 65664952 (0x03e9f7b8)</strong></div><div><strong> port-c: 31112</strong></div><div><strong> port-s: 31803</strong></div><div><strong> [Security-mechanism]: ipsec-3gpp</strong></div><div><strong> alg: hmac-md5-96</strong></div><div><strong> prot: esp</strong></div><div><strong> mod=trans</strong></div><div><strong> ealg: des-ede3-cbc</strong></div><div><strong> spi-c: 10559690 (0x00a120ca)</strong></div><div><strong> spi-s: 65664952 (0x03e9f7b8)</strong></div><div><strong> port-c: 31112</strong></div><div><strong> port-s: 31803</strong></div><div><strong> [Security-mechanism]: ipsec-3gpp</strong></div><div><strong> alg: hmac-md5-96</strong></div><div><strong> prot: esp</strong></div><div><strong> mod=trans</strong></div><div><strong> ealg: aes-cbc</strong></div><div><strong> spi-c: 10559690 (0x00a120ca)</strong></div><div><strong> spi-s: 65664952 (0x03e9f7b8)</strong></div><div><strong> port-c: 31112</strong></div><div><strong> port-s: 31803</strong></div><div><strong> [Security-mechanism]: ipsec-3gpp</strong></div><div><strong> alg: hmac-md5-96</strong></div><div><strong> prot: esp</strong></div><div><strong> mod=trans</strong></div><div><strong> ealg: null</strong></div><div><strong> spi-c: 10559690 (0x00a120ca)</strong></div><div><strong> spi-s: 65664952 (0x03e9f7b8)</strong></div><div><strong> port-c: 31112</strong></div><div><strong> port-s: 31803</strong></div><div><strong> Authorization: Digest username="001010000031094@ims.mnc001.mcc001.3gppnetwork.org",realm="ims.mnc001.mcc001.3gppnetwork.org",uri="sip:ims.mnc001.mcc001.3gppnetwork.org",nonce="",response=""</strong></div><div><strong> Authentication Scheme: Digest</strong></div><div><strong> Username: "001010000031094@ims.mnc001.mcc001.3gppnetwork.org"</strong></div><div><strong> Realm: "ims.mnc001.mcc001.3gppnetwork.org"</strong></div><div><strong> Authentication URI: "sip:ims.mnc001.mcc001.3gppnetwork.org"</strong></div><div><strong> Nonce Value: ""</strong></div><div><strong> Digest Authentication Response: ""</strong></div><div><strong> Call-ID: txecbknlk@192.168.101.3</strong></div><div><strong> CSeq: 1 REGISTER</strong></div><div><strong> Sequence Number: 1</strong></div><div><strong> Method: REGISTER</strong></div><div><strong> Max-Forwards: 70</strong></div><div><strong> Via: SIP/2.0/TCP 192.168.101.3:5060;branch=z9hG4bKrzecbkJzsat7Xk6daqm5;rport</strong></div><div><strong> Transport: TCP</strong></div><div><strong> Sent-by Address: 192.168.101.3</strong></div><div><strong> Sent-by port: 5060</strong></div><div><strong> Branch: z9hG4bKrzecbkJzsat7Xk6daqm5</strong></div><div><strong> RPort: rport</strong></div><div><strong> User-Agent: IM-client/OMA1.0 HW-Rto/V1.0</strong></div><div><strong> Content-Length: 0</strong></div><div><br></div><div><br></div><!-- begin signature --><!-- end signature --><div><br></div><div><br></div><div>-----Original Message-----</div><div>From: "Yuriy Gorlichenko" <ovoshlook@gmail.com></div><div>To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>;</div><div>Cc:</div><div>Sent: 2021-08-24 (화) 05:55:26 (UTC+09:00)</div><div>Subject: Re: [SR-Users] [VoLTE] 401 unauthorized error</div><div><br></div><div dir="auto"><div dir="auto"><br></div>Hi 401 is normal response for sip auth<div dir="auto">It is also normal response for IMS service</div><div dir="auto">Look into sip basic auth mechanism to clarify what is going on here and additionally look into Spec of IMS auth. There should be only auth algo change </div><div dir="auto">I believe you did not check further request processing.<br><div dir="auto"><div dir="ltr">On Mon, 23 Aug 2021, 18:19 오택경, <<a href="mailto:ohtk@kaist.ac.kr" rel="noreferrer" target="_blank">ohtk@kaist.ac.kr</a>> wrote:</div><blockquote style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex;"><div>Hi.</div><div><br></div><div>I am implementing the VoLTE setup with the dockerized project (<a href="https://github.com/herlesupreeth/docker_open5gs" rel="noopener noreferrer noreferrer noreferrer" target="_blank">https://github.com/herlesupreeth/docker_open5gs</a>).</div><div><br></div><div>I have almost done to run the VoLTE service, but 401 unauthorized error in sip and auth-pending error in fhoss have occured.</div><div><br></div><div>How can I fix this problem?</div><div><br></div><div>I will share the discussion note in which I tried to solve some problems including the above one.</div><div>: <a href="https://github.com/herlesupreeth/docker_open5gs/issues/55" rel="noopener noreferrer noreferrer noreferrer" target="_blank">https://github.com/herlesupreeth/docker_open5gs/issues/55</a></div><div><br></div><div>Very thanks,</div><div>Taekkyung Oh.</div><table class="inserted"><tbody><tr><td><img src="https://gov-dooray.com/mail-receipts?img=413230714c615274-2594eb34eb561664-2ac64ba085c6925f-2ac64baff2f15e36.gif" border="0"></td></tr></tbody></table>__________________________________________________________<br>Kamailio - Users Mailing List - Non Commercial Discussions<br> * <a href="mailto:sr-users@lists.kamailio.org" rel="noreferrer noreferrer" target="_blank">sr-users@lists.kamailio.org</a><br>Important: keep the mailing list in the recipients, do not reply only to the sender!<br>Edit mailing list options or unsubscribe:<br> * <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer noreferrer noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></blockquote></div></div></div><div>__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</div><div><br></div><div><br></div><!-- begin signature --><!-- end signature --><div><br></div><div><br></div><div>-----Original Message-----</div><div>From: "Yuriy Gorlichenko" <ovoshlook@gmail.com></div><div>To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>;</div><div>Cc:</div><div>Sent: 2021-08-24 (화) 05:55:26 (UTC+09:00)</div><div>Subject: Re: [SR-Users] [VoLTE] 401 unauthorized error</div><div><br></div><div dir="auto"><div dir="auto"><br></div>Hi 401 is normal response for sip auth<div dir="auto">It is also normal response for IMS service</div><div dir="auto">Look into sip basic auth mechanism to clarify what is going on here and additionally look into Spec of IMS auth. There should be only auth algo change </div><div dir="auto">I believe you did not check further request processing.<br><div dir="auto"><div dir="ltr">On Mon, 23 Aug 2021, 18:19 오택경, <<a href="mailto:ohtk@kaist.ac.kr" rel="noreferrer" target="_blank">ohtk@kaist.ac.kr</a>> wrote:</div><blockquote style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex;"><div>Hi.</div><div><br></div><div>I am implementing the VoLTE setup with the dockerized project (<a href="https://github.com/herlesupreeth/docker_open5gs" rel="noopener noreferrer noreferrer noreferrer" target="_blank">https://github.com/herlesupreeth/docker_open5gs</a>).</div><div><br></div><div>I have almost done to run the VoLTE service, but 401 unauthorized error in sip and auth-pending error in fhoss have occured.</div><div><br></div><div>How can I fix this problem?</div><div><br></div><div>I will share the discussion note in which I tried to solve some problems including the above one.</div><div>: <a href="https://github.com/herlesupreeth/docker_open5gs/issues/55" rel="noopener noreferrer noreferrer noreferrer" target="_blank">https://github.com/herlesupreeth/docker_open5gs/issues/55</a></div><div><br></div><div>Very thanks,</div><div>Taekkyung Oh.</div><table class="inserted"><tbody><tr><td><img src="https://gov-dooray.com/mail-receipts?img=413230714c615274-2594eb34eb561664-2ac64ba085c6925f-2ac64baff2f15e36.gif" border="0"></td></tr></tbody></table>__________________________________________________________<br>Kamailio - Users Mailing List - Non Commercial Discussions<br> * <a href="mailto:sr-users@lists.kamailio.org" rel="noreferrer noreferrer" target="_blank">sr-users@lists.kamailio.org</a><br>Important: keep the mailing list in the recipients, do not reply only to the sender!<br>Edit mailing list options or unsubscribe:<br> * <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer noreferrer noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></blockquote></div></div></div><div>__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</div><!--[if mso]>
<table style ="display:none"><tr><td><img src="https://gov-dooray.com/mail-receipts?img=2b57656c6a34754f-2594eb34eb561664-2ac8127a20881b2f-2ac813cba7b058dc.gif" border="0"></td></tr></table>
<![endif]-->
<!--[if !mso]><!-- -->
<table style ="visibility: hidden;"><tr><td><img src="https://gov-dooray.com/mail-receipts?img=2b57656c6a34754f-2594eb34eb561664-2ac8127a20881b2f-2ac813cba7b058dc.gif" border="0"></td></tr></table>
<!--[endif]-->