Hi, I've been following this integration tutorial http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb and have a successful registration and I can even make calls through my asterisk box.
However what is unusual to me is that every time a phone registers with Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies with 401 Unauthorized. Oddly enough the phone registers and can still make calls. What worries me is that as we scale to 100's of cps, this seemingly erroneous message may slow down Asterisk because it's trying to handle authentication for users which have already been authenticated by Kamailio. If this behavior is expected, then that would be good to know as well.
This is the sip debug from ASTERISK (I have replaced IP's with the names of the servers):
<--- SIP read from TCP:kamailio:41205 ---> REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0 To: sip:40081@asteriskIP From: sip:40081@asteriskIP;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 CSeq: 10 REGISTER Call-ID: 0005ce130bcee5c4-26538@kamailio Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (4.3.0 (x86_64/linux)) Contact: sip:40081@kamailio:5060 Expires: 3600
<-------------> --- (11 headers 0 lines) --- Sending to kamailio:5060 (no NAT) Sending to kamailio:5060 (no NAT)
<--- Transmitting (no NAT) to kamailio:5060 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received= kamailio From: sip:40081@asteriskIP;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 To: sip:40081@asteriskIP;tag=as404bac9a Call-ID: 0005ce130bcee5c4-26538@ kamailio CSeq: 10 REGISTER Server: Asterisk PBX 11.6-cert2 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="262b338e" Content-Length: 0
<------------> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio' Method: REGISTER
=========================
sip.conf for kamailio trunk:
[kamailio-inbound] type=friend dtmfmode=auto host=kamailioIP allow=all context=sipout insecure=port,invite canreinvite=no
========================
Asterisk version: 11.6-cert2 Kamailio version: 4.3
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
On Wednesday 15 July 2015 16:42:31 Ben Fitzgerald wrote:
Hi, I've been following this integration tutorial http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb and have a successful registration and I can even make calls through my asterisk box.
However what is unusual to me is that every time a phone registers with Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies with 401 Unauthorized. Oddly enough the phone registers and can still make calls. What worries me is that as we scale to 100's of cps, this seemingly erroneous message may slow down Asterisk because it's trying to handle authentication for users which have already been authenticated by Kamailio. If this behavior is expected, then that would be good to know as well.
[...]
=========================
sip.conf for kamailio trunk:
[kamailio-inbound] type=friend dtmfmode=auto host=kamailioIP allow=all context=sipout insecure=port,invite canreinvite=no
Asterisk is a bit strange in figuring out which peer to use, this peer definition is not used in the way you think, see default sip.conf:
;------- Naming devices ------------------------------------------------------ ; ; When naming devices, make sure you understand how Asterisk matches calls ; that come in. ; 1. Asterisk checks the SIP From: address username and matches against ; names of devices with type=user ; The name is the text between square brackets [name] ; 2. Asterisk checks the From: addres and matches the list of devices ; with a type=peer ; 3. Asterisk checks the IP address (and port number) that the INVITE ; was sent from and matches against any devices with type=peer ; ; Don't mix extensions with the names of the devices. Devices need a unique ; name. The device name is *not* used as phone numbers. Phone numbers are ; anything you declare as an extension in the dialplan (extensions.conf). ; ; When setting up trunks, make sure there's no risk that any From: username ; (caller ID) will match any of your device names, because then Asterisk ; might match the wrong device. ;
You need to make sure the secret for users is empty in the view asterisk has on the usertable shared with kamailio.
It is explained with a bright yellow explamation mark on the kb url:
sipusers is the standard table required by Asterisk to store SIP user profile, with one extra column sippasswd where will be stored the password for SIP authentication. By default, Asterisk uses the column secret for SIP user password, but if that is filled in, Asterisk will ask for authentication again, resulting in double-authentication which we want to avoid.
sipregs is used to store SIP registrations. Registrations can be stored in sipusers tables as well, in case you do not want a separate table. Just omit the appropriate entry in /etc/asterisk/extconfig.conf.
You could remove secret= on extensiones to check if its related to authentication or not
You must not request authentication to kamailio in order to work properly in front of Asterisk
As Daniel mention check if Kamailio peer is created and extensiones have no secret.. you would need to add alternate sippasswd table for kamailio authentication
BR
2015-07-16 1:42 GMT+02:00 Ben Fitzgerald ben@letscorp.us:
Hi, I've been following this integration tutorial http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb and have a successful registration and I can even make calls through my asterisk box.
However what is unusual to me is that every time a phone registers with Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies with 401 Unauthorized. Oddly enough the phone registers and can still make calls. What worries me is that as we scale to 100's of cps, this seemingly erroneous message may slow down Asterisk because it's trying to handle authentication for users which have already been authenticated by Kamailio. If this behavior is expected, then that would be good to know as well.
This is the sip debug from ASTERISK (I have replaced IP's with the names of the servers):
<--- SIP read from TCP:kamailio:41205 ---> REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0 To: sip:40081@asteriskIP From: sip:40081@asteriskIP;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 CSeq: 10 REGISTER Call-ID: 0005ce130bcee5c4-26538@kamailio Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (4.3.0 (x86_64/linux)) Contact: sip:40081@kamailio:5060 Expires: 3600
<-------------> --- (11 headers 0 lines) --- Sending to kamailio:5060 (no NAT) Sending to kamailio:5060 (no NAT)
<--- Transmitting (no NAT) to kamailio:5060 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received= kamailio From: sip:40081@asteriskIP;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 To: sip:40081@asteriskIP;tag=as404bac9a Call-ID: 0005ce130bcee5c4-26538@ kamailio CSeq: 10 REGISTER Server: Asterisk PBX 11.6-cert2 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="262b338e" Content-Length: 0
<------------> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio' Method: REGISTER
=========================
sip.conf for kamailio trunk:
[kamailio-inbound] type=friend dtmfmode=auto host=kamailioIP allow=all context=sipout insecure=port,invite canreinvite=no
========================
Asterisk version: 11.6-cert2 Kamailio version: 4.3
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Thanks for your response.
I did read the section about the secret in the kb url. I followed the example and inserted the test users on tFe url (101, 102, 103) and they have secret set to NULL. I have tried both secret=NULL and secret="" and Asterisk still asks for authentication. Also when I do "sip show peers" I get:
Name/username Host Dyn Forcerport ACL Port Status Description Realtime kamailio-inbound kamailioIP a 5060 Unmonitored
I added qualify=yes and now:
Name/username Host Dyn Forcerport ACL Port Status Description Realtime kamailio-inbound kamailioIP a 5060 UNREACHABLE
Could this be the issue? I have verified that Kamailio receives the responses by doing ngrep and I can see the SIP 401 from Asterisk.
Maybe I am missing something else? I'm not sure I understand how Asterisk's peer selection affects this. When I received the registration request from Kamailio, the From: address and domain are the same as the To: address and domain, which are the values I have set in the sipusers table.
Another thing, even though the client handset says registered, the table 'sipregs' is not updated with fullcontact, regseconds, or any data at all. Yet I can still make a call. So maybe Asterisk is not authenticating INVITES (whether or not it's registered) and that's why I can call.
Any further help or things I should try?
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 3:40 AM, Alberto Sagredo < alberto.sagredo@avanzada7.com> wrote:
You could remove secret= on extensiones to check if its related to authentication or not
You must not request authentication to kamailio in order to work properly in front of Asterisk
As Daniel mention check if Kamailio peer is created and extensiones have no secret.. you would need to add alternate sippasswd table for kamailio authentication
BR
2015-07-16 1:42 GMT+02:00 Ben Fitzgerald ben@letscorp.us:
Hi, I've been following this integration tutorial http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb and have a successful registration and I can even make calls through my asterisk box.
However what is unusual to me is that every time a phone registers with Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies with 401 Unauthorized. Oddly enough the phone registers and can still make calls. What worries me is that as we scale to 100's of cps, this seemingly erroneous message may slow down Asterisk because it's trying to handle authentication for users which have already been authenticated by Kamailio. If this behavior is expected, then that would be good to know as well.
This is the sip debug from ASTERISK (I have replaced IP's with the names of the servers):
<--- SIP read from TCP:kamailio:41205 ---> REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0 To: sip:40081@asteriskIP From: sip:40081@asteriskIP;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 CSeq: 10 REGISTER Call-ID: 0005ce130bcee5c4-26538@kamailio Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (4.3.0 (x86_64/linux)) Contact: sip:40081@kamailio:5060 Expires: 3600
<-------------> --- (11 headers 0 lines) --- Sending to kamailio:5060 (no NAT) Sending to kamailio:5060 (no NAT)
<--- Transmitting (no NAT) to kamailio:5060 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received= kamailio From: sip:40081@asteriskIP;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 To: sip:40081@asteriskIP;tag=as404bac9a Call-ID: 0005ce130bcee5c4-26538@ kamailio CSeq: 10 REGISTER Server: Asterisk PBX 11.6-cert2 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="262b338e" Content-Length: 0
<------------> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio' Method: REGISTER
=========================
sip.conf for kamailio trunk:
[kamailio-inbound] type=friend dtmfmode=auto host=kamailioIP allow=all context=sipout insecure=port,invite canreinvite=no
========================
Asterisk version: 11.6-cert2 Kamailio version: 4.3
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Maybe you got to get some traces with sip set debug on on asterisk or ngrep in kamailio to check whereis the problem.
I think you are not authenticating correctly
Check if you insert on sipusers and sipppers table what is commented on KB by asipto.
Maybe your Kamailio is not responding to OPTIONS (qualify=yes)
add at the beginning of your kamailio.cfg file request_route {
if(is_method("OPTIONS") ) {
sl_send_reply("200","Keepalive");
exit;
}
.....
To solve qualify problem
BR
2015-07-16 19:31 GMT+02:00 Ben Fitzgerald ben@letscorp.us:
Thanks for your response.
I did read the section about the secret in the kb url. I followed the example and inserted the test users on tFe url (101, 102, 103) and they have secret set to NULL. I have tried both secret=NULL and secret="" and Asterisk still asks for authentication. Also when I do "sip show peers" I get:
Name/username Host Dyn Forcerport ACL Port Status Description Realtime kamailio-inbound kamailioIP a 5060 Unmonitored
I added qualify=yes and now:
Name/username Host Dyn Forcerport ACL Port Status Description Realtime kamailio-inbound kamailioIP a 5060 UNREACHABLE
Could this be the issue? I have verified that Kamailio receives the responses by doing ngrep and I can see the SIP 401 from Asterisk.
Maybe I am missing something else? I'm not sure I understand how Asterisk's peer selection affects this. When I received the registration request from Kamailio, the From: address and domain are the same as the To: address and domain, which are the values I have set in the sipusers table.
Another thing, even though the client handset says registered, the table 'sipregs' is not updated with fullcontact, regseconds, or any data at all. Yet I can still make a call. So maybe Asterisk is not authenticating INVITES (whether or not it's registered) and that's why I can call.
Any further help or things I should try?
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 3:40 AM, Alberto Sagredo < alberto.sagredo@avanzada7.com> wrote:
You could remove secret= on extensiones to check if its related to authentication or not
You must not request authentication to kamailio in order to work properly in front of Asterisk
As Daniel mention check if Kamailio peer is created and extensiones have no secret.. you would need to add alternate sippasswd table for kamailio authentication
BR
2015-07-16 1:42 GMT+02:00 Ben Fitzgerald ben@letscorp.us:
Hi, I've been following this integration tutorial http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb and have a successful registration and I can even make calls through my asterisk box.
However what is unusual to me is that every time a phone registers with Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies with 401 Unauthorized. Oddly enough the phone registers and can still make calls. What worries me is that as we scale to 100's of cps, this seemingly erroneous message may slow down Asterisk because it's trying to handle authentication for users which have already been authenticated by Kamailio. If this behavior is expected, then that would be good to know as well.
This is the sip debug from ASTERISK (I have replaced IP's with the names of the servers):
<--- SIP read from TCP:kamailio:41205 ---> REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0 To: sip:40081@asteriskIP From: sip:40081@asteriskIP;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 CSeq: 10 REGISTER Call-ID: 0005ce130bcee5c4-26538@kamailio Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (4.3.0 (x86_64/linux)) Contact: sip:40081@kamailio:5060 Expires: 3600
<-------------> --- (11 headers 0 lines) --- Sending to kamailio:5060 (no NAT) Sending to kamailio:5060 (no NAT)
<--- Transmitting (no NAT) to kamailio:5060 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received= kamailio From: sip:40081@asteriskIP;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 To: sip:40081@asteriskIP;tag=as404bac9a Call-ID: 0005ce130bcee5c4-26538@ kamailio CSeq: 10 REGISTER Server: Asterisk PBX 11.6-cert2 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="262b338e" Content-Length: 0
<------------> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio' Method: REGISTER
=========================
sip.conf for kamailio trunk:
[kamailio-inbound] type=friend dtmfmode=auto host=kamailioIP allow=all context=sipout insecure=port,invite canreinvite=no
========================
Asterisk version: 11.6-cert2 Kamailio version: 4.3
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Thank you for the qualify solution, that worked.
However, on the KB by asipto, they only create a `sipreg` and `sipusers` table and then in extconfig.conf for asterisk, sipusers and sippeers are both using the `sipusers` table in MySQL.
I included a sip trace in the original email but I will include a more detailed sip debug here. It looks like Asterisk and Kamailio can exchange messages but for some reason, the SIP dialog stops after Asterisk sends back a SIP 401 Unauthorized to Kamailio. Any ideas?
*1. Kamailio using sipgrep*
T 2015/07/16 14:50:52.393582 UserAgentIP:64521 -> KamailioIP:5060 [AP] REGISTER sip:opvpnx.ulets.us SIP/2.0. Via: SIP/2.0/TCP 192.168.0.179:64521;alias;branch=z9hG4bK.j~V~btADL;rport. From: sip:102@opvpnx.ulets.us;tag=QZ7de-7u5. To: sip:102@opvpnx.ulets.us. CSeq: 29 REGISTER. Call-ID: puXkrkIICT. Max-Forwards: 70. Supported: outbound. Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml. Contact: <sip:102@ UserAgentIP:64521;transport=tcp>;+sip.instance="urn:uuid:f8f0aa7c-5b20-4ff2-ac5a-d7b4004afb50". Expires: 3600. User-Agent: Alpha TalkIphone/2.2.5-80-g783bf67 (belle-sip/1.4.0). Content-Length: 0. Authorization: Digest realm="opvpnx.ulets.us", nonce="VagoaFWoJzylK0MxoOAIPTRhtZBlmVmr", username="102", uri="sip: opvpnx.ulets.us", response="24b8f292fca38e72fbcf36417dcecd24". .
T 2015/07/16 14:50:52.440789 KamailioIP:5060 -> UserAgentIP:64521 [AP] SIP/2.0 200 OK. Via: SIP/2.0/TCP 192.168.0.179:64521 ;alias;branch=z9hG4bK.j~V~btADL;rport=64521;received= UserAgentIP. From: sip:102@opvpnx.ulets.us;tag=QZ7de-7u5. To: sip:102@opvpnx.ulets.us;tag=723cfa83f1495d1e63c1f1bb20bde818.a56d. CSeq: 29 REGISTER. Call-ID: puXkrkIICT. Contact: <sip:102@ UserAgentIP:64521;transport=tcp>;expires=3600;received="sip: UserAgentIP:64521;transport=tcp";+sip.instance="urn:uuid:f8f0aa7c-5b20-4ff2-ac5a-d7b4004afb50". LETSSBC. Content-Length: 0. .
*#* *# These next two messages when Kamailio forwards REGISTER to Asterisk* *#*
T 2015/07/16 14:50:52.466461 KamailioIP:43488 -> AsteriskIP:5060 [AP] REGISTER sip: AsteriskIP:5060;transport=tcp SIP/2.0. Via: SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0. To: <sip:102@ AsteriskIP >. From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497. CSeq: 10 REGISTER. Call-ID: 2ee5ec48557bba33-31464@ KamailioIP. Max-Forwards: 70. Content-Length: 0. User-Agent: kamailio (4.3.0 (x86_64/linux)). Contact: <sip:102@ KamailioIP:5060>. Expires: 3600. .
T 2015/07/16 14:50:52.494578 AsteriskIP:5060 -> KamailioIP:43488 [AP] SIP/2.0 401 Unauthorized. Via: SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0;received= KamailioIP. From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497. To: <sip:102@ AsteriskIP >;tag=as0eb2442e. Call-ID: 2ee5ec48557bba33-31464@ KamailioIP. CSeq: 10 REGISTER. Server: Asterisk PBX 11.6-cert2. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH. Supported: replaces, timer. WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="5b30f8aa". Content-Length: 0.
*2. Asterisk using sip set debug on*
t91*CLI>
<--- SIP read from TCP: KamailioIP:43488 ---> REGISTER sip: AsteriskIP:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0 To: <sip:102@ AsteriskIP > From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497 CSeq: 10 REGISTER Call-ID: 2ee5ec48557bba33-31464@ KamailioIP Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (4.3.0 (x86_64/linux)) Contact: <sip:102@ KamailioIP:5060> Expires: 3600
<-------------> --- (11 headers 0 lines) --- Sending to KamailioIP:5060 (no NAT) Sending to KamailioIP:5060 (no NAT)
<--- Transmitting (no NAT) to KamailioIP:5060 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0;received= KamailioIP From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497 To: <sip:102@ AsteriskIP >;tag=as0eb2442e Call-ID: 2ee5ec48557bba33-31464@ KamailioIP CSeq: 10 REGISTER Server: Asterisk PBX 11.6-cert2 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="5b30f8aa" Content-Length: 0
<------------> Scheduling destruction of SIP dialog '2ee5ec48557bba33-31464@ KamailioIP' in 32000 ms (Method: REGISTER) Scheduling destruction of SIP dialog '2ee5ec48557bba33-31464@ KamailioIP' in 32000 ms (Method: REGISTER)
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 11:48 AM, Alberto Sagredo < alberto.sagredo@avanzada7.com> wrote:
Maybe you got to get some traces with sip set debug on on asterisk or ngrep in kamailio to check whereis the problem.
I think you are not authenticating correctly
Check if you insert on sipusers and sipppers table what is commented on KB by asipto.
Maybe your Kamailio is not responding to OPTIONS (qualify=yes)
add at the beginning of your kamailio.cfg file request_route {
if(is_method("OPTIONS") ) { sl_send_reply("200","Keepalive"); exit; }.....
To solve qualify problem
BR
2015-07-16 19:31 GMT+02:00 Ben Fitzgerald ben@letscorp.us:
Thanks for your response.
I did read the section about the secret in the kb url. I followed the example and inserted the test users on tFe url (101, 102, 103) and they have secret set to NULL. I have tried both secret=NULL and secret="" and Asterisk still asks for authentication. Also when I do "sip show peers" I get:
Name/username Host Dyn Forcerport ACL Port Status Description Realtime kamailio-inbound kamailioIP a 5060 Unmonitored
I added qualify=yes and now:
Name/username Host Dyn Forcerport ACL Port Status Description Realtime kamailio-inbound kamailioIP a 5060 UNREACHABLE
Could this be the issue? I have verified that Kamailio receives the responses by doing ngrep and I can see the SIP 401 from Asterisk.
Maybe I am missing something else? I'm not sure I understand how Asterisk's peer selection affects this. When I received the registration request from Kamailio, the From: address and domain are the same as the To: address and domain, which are the values I have set in the sipusers table.
Another thing, even though the client handset says registered, the table 'sipregs' is not updated with fullcontact, regseconds, or any data at all. Yet I can still make a call. So maybe Asterisk is not authenticating INVITES (whether or not it's registered) and that's why I can call.
Any further help or things I should try?
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 3:40 AM, Alberto Sagredo < alberto.sagredo@avanzada7.com> wrote:
You could remove secret= on extensiones to check if its related to authentication or not
You must not request authentication to kamailio in order to work properly in front of Asterisk
As Daniel mention check if Kamailio peer is created and extensiones have no secret.. you would need to add alternate sippasswd table for kamailio authentication
BR
2015-07-16 1:42 GMT+02:00 Ben Fitzgerald ben@letscorp.us:
Hi, I've been following this integration tutorial http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb and have a successful registration and I can even make calls through my asterisk box.
However what is unusual to me is that every time a phone registers with Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies with 401 Unauthorized. Oddly enough the phone registers and can still make calls. What worries me is that as we scale to 100's of cps, this seemingly erroneous message may slow down Asterisk because it's trying to handle authentication for users which have already been authenticated by Kamailio. If this behavior is expected, then that would be good to know as well.
This is the sip debug from ASTERISK (I have replaced IP's with the names of the servers):
<--- SIP read from TCP:kamailio:41205 ---> REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0 To: sip:40081@asteriskIP From: sip:40081@asteriskIP;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 CSeq: 10 REGISTER Call-ID: 0005ce130bcee5c4-26538@kamailio Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (4.3.0 (x86_64/linux)) Contact: sip:40081@kamailio:5060 Expires: 3600
<-------------> --- (11 headers 0 lines) --- Sending to kamailio:5060 (no NAT) Sending to kamailio:5060 (no NAT)
<--- Transmitting (no NAT) to kamailio:5060 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received= kamailio From: sip:40081@asteriskIP;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 To: sip:40081@asteriskIP;tag=as404bac9a Call-ID: 0005ce130bcee5c4-26538@ kamailio CSeq: 10 REGISTER Server: Asterisk PBX 11.6-cert2 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="262b338e" Content-Length: 0
<------------> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio' Method: REGISTER
=========================
sip.conf for kamailio trunk:
[kamailio-inbound] type=friend dtmfmode=auto host=kamailioIP allow=all context=sipout insecure=port,invite canreinvite=no
========================
Asterisk version: 11.6-cert2 Kamailio version: 4.3
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
I think I have fixed the authentication issue yet the SIP dialog has completely changed. Now the dialog involves Asterisk sending SIP NOTIFY to Kamailio, which is then forwarded to the client. Kamailio.cfg has no routes to handle NOTIFY and there are no SUBSCRIBE messages preceding the NOTIFY. Only REGISTER and 200 OK. Is this expected behavior? The sipregs database is now correctly updated when a peer registers so that's good.
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 2:59 PM, Ben Fitzgerald ben@letscorp.us wrote:
Thank you for the qualify solution, that worked.
However, on the KB by asipto, they only create a `sipreg` and `sipusers` table and then in extconfig.conf for asterisk, sipusers and sippeers are both using the `sipusers` table in MySQL.
I included a sip trace in the original email but I will include a more detailed sip debug here. It looks like Asterisk and Kamailio can exchange messages but for some reason, the SIP dialog stops after Asterisk sends back a SIP 401 Unauthorized to Kamailio. Any ideas?
*1. Kamailio using sipgrep*
T 2015/07/16 14:50:52.393582 UserAgentIP:64521 -> KamailioIP:5060 [AP] REGISTER sip:opvpnx.ulets.us SIP/2.0. Via: SIP/2.0/TCP 192.168.0.179:64521;alias;branch=z9hG4bK.j~V~btADL;rport. From: sip:102@opvpnx.ulets.us;tag=QZ7de-7u5. To: sip:102@opvpnx.ulets.us. CSeq: 29 REGISTER. Call-ID: puXkrkIICT. Max-Forwards: 70. Supported: outbound. Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml. Contact: <sip:102@ UserAgentIP:64521;transport=tcp>;+sip.instance="urn:uuid:f8f0aa7c-5b20-4ff2-ac5a-d7b4004afb50". Expires: 3600. User-Agent: Alpha TalkIphone/2.2.5-80-g783bf67 (belle-sip/1.4.0). Content-Length: 0. Authorization: Digest realm="opvpnx.ulets.us", nonce="VagoaFWoJzylK0MxoOAIPTRhtZBlmVmr", username="102", uri="sip: opvpnx.ulets.us", response="24b8f292fca38e72fbcf36417dcecd24". .
T 2015/07/16 14:50:52.440789 KamailioIP:5060 -> UserAgentIP:64521 [AP] SIP/2.0 200 OK. Via: SIP/2.0/TCP 192.168.0.179:64521 ;alias;branch=z9hG4bK.j~V~btADL;rport=64521;received= UserAgentIP. From: sip:102@opvpnx.ulets.us;tag=QZ7de-7u5. To: sip:102@opvpnx.ulets.us;tag=723cfa83f1495d1e63c1f1bb20bde818.a56d. CSeq: 29 REGISTER. Call-ID: puXkrkIICT. Contact: <sip:102@ UserAgentIP:64521;transport=tcp>;expires=3600;received="sip: UserAgentIP:64521;transport=tcp";+sip.instance="urn:uuid:f8f0aa7c-5b20-4ff2-ac5a-d7b4004afb50". LETSSBC. Content-Length: 0. .
*#* *# These next two messages when Kamailio forwards REGISTER to Asterisk* *#*
T 2015/07/16 14:50:52.466461 KamailioIP:43488 -> AsteriskIP:5060 [AP] REGISTER sip: AsteriskIP:5060;transport=tcp SIP/2.0. Via: SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0. To: <sip:102@ AsteriskIP >. From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497. CSeq: 10 REGISTER. Call-ID: 2ee5ec48557bba33-31464@ KamailioIP. Max-Forwards: 70. Content-Length: 0. User-Agent: kamailio (4.3.0 (x86_64/linux)). Contact: <sip:102@ KamailioIP:5060>. Expires: 3600. .
T 2015/07/16 14:50:52.494578 AsteriskIP:5060 -> KamailioIP:43488 [AP] SIP/2.0 401 Unauthorized. Via: SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0;received= KamailioIP. From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497. To: <sip:102@ AsteriskIP >;tag=as0eb2442e. Call-ID: 2ee5ec48557bba33-31464@ KamailioIP. CSeq: 10 REGISTER. Server: Asterisk PBX 11.6-cert2. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH. Supported: replaces, timer. WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="5b30f8aa". Content-Length: 0.
*2. Asterisk using sip set debug on*
t91*CLI>
<--- SIP read from TCP: KamailioIP:43488 ---> REGISTER sip: AsteriskIP:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0 To: <sip:102@ AsteriskIP > From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497 CSeq: 10 REGISTER Call-ID: 2ee5ec48557bba33-31464@ KamailioIP Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (4.3.0 (x86_64/linux)) Contact: <sip:102@ KamailioIP:5060> Expires: 3600
<-------------> --- (11 headers 0 lines) --- Sending to KamailioIP:5060 (no NAT) Sending to KamailioIP:5060 (no NAT)
<--- Transmitting (no NAT) to KamailioIP:5060 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0;received= KamailioIP From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497 To: <sip:102@ AsteriskIP >;tag=as0eb2442e Call-ID: 2ee5ec48557bba33-31464@ KamailioIP CSeq: 10 REGISTER Server: Asterisk PBX 11.6-cert2 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="5b30f8aa" Content-Length: 0
<------------> Scheduling destruction of SIP dialog '2ee5ec48557bba33-31464@ KamailioIP' in 32000 ms (Method: REGISTER) Scheduling destruction of SIP dialog '2ee5ec48557bba33-31464@ KamailioIP' in 32000 ms (Method: REGISTER)
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 11:48 AM, Alberto Sagredo < alberto.sagredo@avanzada7.com> wrote:
Maybe you got to get some traces with sip set debug on on asterisk or ngrep in kamailio to check whereis the problem.
I think you are not authenticating correctly
Check if you insert on sipusers and sipppers table what is commented on KB by asipto.
Maybe your Kamailio is not responding to OPTIONS (qualify=yes)
add at the beginning of your kamailio.cfg file request_route {
if(is_method("OPTIONS") ) { sl_send_reply("200","Keepalive"); exit; }.....
To solve qualify problem
BR
2015-07-16 19:31 GMT+02:00 Ben Fitzgerald ben@letscorp.us:
Thanks for your response.
I did read the section about the secret in the kb url. I followed the example and inserted the test users on tFe url (101, 102, 103) and they have secret set to NULL. I have tried both secret=NULL and secret="" and Asterisk still asks for authentication. Also when I do "sip show peers" I get:
Name/username Host Dyn Forcerport ACL Port Status Description Realtime kamailio-inbound kamailioIP a 5060 Unmonitored
I added qualify=yes and now:
Name/username Host Dyn Forcerport ACL Port Status Description Realtime kamailio-inbound kamailioIP a 5060 UNREACHABLE
Could this be the issue? I have verified that Kamailio receives the responses by doing ngrep and I can see the SIP 401 from Asterisk.
Maybe I am missing something else? I'm not sure I understand how Asterisk's peer selection affects this. When I received the registration request from Kamailio, the From: address and domain are the same as the To: address and domain, which are the values I have set in the sipusers table.
Another thing, even though the client handset says registered, the table 'sipregs' is not updated with fullcontact, regseconds, or any data at all. Yet I can still make a call. So maybe Asterisk is not authenticating INVITES (whether or not it's registered) and that's why I can call.
Any further help or things I should try?
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 3:40 AM, Alberto Sagredo < alberto.sagredo@avanzada7.com> wrote:
You could remove secret= on extensiones to check if its related to authentication or not
You must not request authentication to kamailio in order to work properly in front of Asterisk
As Daniel mention check if Kamailio peer is created and extensiones have no secret.. you would need to add alternate sippasswd table for kamailio authentication
BR
2015-07-16 1:42 GMT+02:00 Ben Fitzgerald ben@letscorp.us:
Hi, I've been following this integration tutorial http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb and have a successful registration and I can even make calls through my asterisk box.
However what is unusual to me is that every time a phone registers with Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies with 401 Unauthorized. Oddly enough the phone registers and can still make calls. What worries me is that as we scale to 100's of cps, this seemingly erroneous message may slow down Asterisk because it's trying to handle authentication for users which have already been authenticated by Kamailio. If this behavior is expected, then that would be good to know as well.
This is the sip debug from ASTERISK (I have replaced IP's with the names of the servers):
<--- SIP read from TCP:kamailio:41205 ---> REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0 To: sip:40081@asteriskIP From: sip:40081@asteriskIP;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 CSeq: 10 REGISTER Call-ID: 0005ce130bcee5c4-26538@kamailio Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (4.3.0 (x86_64/linux)) Contact: sip:40081@kamailio:5060 Expires: 3600
<-------------> --- (11 headers 0 lines) --- Sending to kamailio:5060 (no NAT) Sending to kamailio:5060 (no NAT)
<--- Transmitting (no NAT) to kamailio:5060 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received= kamailio From: sip:40081@asteriskIP;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 To: sip:40081@asteriskIP;tag=as404bac9a Call-ID: 0005ce130bcee5c4-26538@ kamailio CSeq: 10 REGISTER Server: Asterisk PBX 11.6-cert2 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="262b338e" Content-Length: 0
<------------> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio' Method: REGISTER
=========================
sip.conf for kamailio trunk:
[kamailio-inbound] type=friend dtmfmode=auto host=kamailioIP allow=all context=sipout insecure=port,invite canreinvite=no
========================
Asterisk version: 11.6-cert2 Kamailio version: 4.3
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
OK. Great
Regards
2015-07-17 20:38 GMT+02:00 Ben Fitzgerald ben@letscorp.us:
I think I have fixed the authentication issue yet the SIP dialog has completely changed. Now the dialog involves Asterisk sending SIP NOTIFY to Kamailio, which is then forwarded to the client. Kamailio.cfg has no routes to handle NOTIFY and there are no SUBSCRIBE messages preceding the NOTIFY. Only REGISTER and 200 OK. Is this expected behavior? The sipregs database is now correctly updated when a peer registers so that's good.
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 2:59 PM, Ben Fitzgerald ben@letscorp.us wrote:
Thank you for the qualify solution, that worked.
However, on the KB by asipto, they only create a `sipreg` and `sipusers` table and then in extconfig.conf for asterisk, sipusers and sippeers are both using the `sipusers` table in MySQL.
I included a sip trace in the original email but I will include a more detailed sip debug here. It looks like Asterisk and Kamailio can exchange messages but for some reason, the SIP dialog stops after Asterisk sends back a SIP 401 Unauthorized to Kamailio. Any ideas?
*1. Kamailio using sipgrep*
T 2015/07/16 14:50:52.393582 UserAgentIP:64521 -> KamailioIP:5060 [AP] REGISTER sip:opvpnx.ulets.us SIP/2.0. Via: SIP/2.0/TCP 192.168.0.179:64521 ;alias;branch=z9hG4bK.j~V~btADL;rport. From: sip:102@opvpnx.ulets.us;tag=QZ7de-7u5. To: sip:102@opvpnx.ulets.us. CSeq: 29 REGISTER. Call-ID: puXkrkIICT. Max-Forwards: 70. Supported: outbound. Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml. Contact: <sip:102@ UserAgentIP:64521;transport=tcp>;+sip.instance="urn:uuid:f8f0aa7c-5b20-4ff2-ac5a-d7b4004afb50". Expires: 3600. User-Agent: Alpha TalkIphone/2.2.5-80-g783bf67 (belle-sip/1.4.0). Content-Length: 0. Authorization: Digest realm="opvpnx.ulets.us", nonce="VagoaFWoJzylK0MxoOAIPTRhtZBlmVmr", username="102", uri="sip: opvpnx.ulets.us", response="24b8f292fca38e72fbcf36417dcecd24". .
T 2015/07/16 14:50:52.440789 KamailioIP:5060 -> UserAgentIP:64521 [AP] SIP/2.0 200 OK. Via: SIP/2.0/TCP 192.168.0.179:64521 ;alias;branch=z9hG4bK.j~V~btADL;rport=64521;received= UserAgentIP. From: sip:102@opvpnx.ulets.us;tag=QZ7de-7u5. To: sip:102@opvpnx.ulets.us;tag=723cfa83f1495d1e63c1f1bb20bde818.a56d. CSeq: 29 REGISTER. Call-ID: puXkrkIICT. Contact: <sip:102@ UserAgentIP:64521;transport=tcp>;expires=3600;received="sip: UserAgentIP:64521;transport=tcp";+sip.instance="urn:uuid:f8f0aa7c-5b20-4ff2-ac5a-d7b4004afb50". LETSSBC. Content-Length: 0. .
*#* *# These next two messages when Kamailio forwards REGISTER to Asterisk* *#*
T 2015/07/16 14:50:52.466461 KamailioIP:43488 -> AsteriskIP:5060 [AP] REGISTER sip: AsteriskIP:5060;transport=tcp SIP/2.0. Via: SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0. To: <sip:102@ AsteriskIP >. From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497. CSeq: 10 REGISTER. Call-ID: 2ee5ec48557bba33-31464@ KamailioIP. Max-Forwards: 70. Content-Length: 0. User-Agent: kamailio (4.3.0 (x86_64/linux)). Contact: <sip:102@ KamailioIP:5060>. Expires: 3600. .
T 2015/07/16 14:50:52.494578 AsteriskIP:5060 -> KamailioIP:43488 [AP] SIP/2.0 401 Unauthorized. Via: SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0;received= KamailioIP. From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497. To: <sip:102@ AsteriskIP >;tag=as0eb2442e. Call-ID: 2ee5ec48557bba33-31464@ KamailioIP. CSeq: 10 REGISTER. Server: Asterisk PBX 11.6-cert2. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH. Supported: replaces, timer. WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="5b30f8aa". Content-Length: 0.
*2. Asterisk using sip set debug on*
t91*CLI>
<--- SIP read from TCP: KamailioIP:43488 ---> REGISTER sip: AsteriskIP:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0 To: <sip:102@ AsteriskIP > From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497 CSeq: 10 REGISTER Call-ID: 2ee5ec48557bba33-31464@ KamailioIP Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (4.3.0 (x86_64/linux)) Contact: <sip:102@ KamailioIP:5060> Expires: 3600
<-------------> --- (11 headers 0 lines) --- Sending to KamailioIP:5060 (no NAT) Sending to KamailioIP:5060 (no NAT)
<--- Transmitting (no NAT) to KamailioIP:5060 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TCP KamailioIP;branch=z9hG4bK328c.29246e24000000000000000000000000.0;received= KamailioIP From: <sip:102@ AsteriskIP >;tag=32fda68bf54efeeb04e3edc67b53c63d-3497 To: <sip:102@ AsteriskIP >;tag=as0eb2442e Call-ID: 2ee5ec48557bba33-31464@ KamailioIP CSeq: 10 REGISTER Server: Asterisk PBX 11.6-cert2 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="5b30f8aa" Content-Length: 0
<------------> Scheduling destruction of SIP dialog '2ee5ec48557bba33-31464@ KamailioIP' in 32000 ms (Method: REGISTER) Scheduling destruction of SIP dialog '2ee5ec48557bba33-31464@ KamailioIP' in 32000 ms (Method: REGISTER)
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 11:48 AM, Alberto Sagredo < alberto.sagredo@avanzada7.com> wrote:
Maybe you got to get some traces with sip set debug on on asterisk or ngrep in kamailio to check whereis the problem.
I think you are not authenticating correctly
Check if you insert on sipusers and sipppers table what is commented on KB by asipto.
Maybe your Kamailio is not responding to OPTIONS (qualify=yes)
add at the beginning of your kamailio.cfg file request_route {
if(is_method("OPTIONS") ) { sl_send_reply("200","Keepalive"); exit; }.....
To solve qualify problem
BR
2015-07-16 19:31 GMT+02:00 Ben Fitzgerald ben@letscorp.us:
Thanks for your response.
I did read the section about the secret in the kb url. I followed the example and inserted the test users on tFe url (101, 102, 103) and they have secret set to NULL. I have tried both secret=NULL and secret="" and Asterisk still asks for authentication. Also when I do "sip show peers" I get:
Name/username Host Dyn Forcerport ACL Port Status Description Realtime kamailio-inbound kamailioIP a 5060 Unmonitored
I added qualify=yes and now:
Name/username Host Dyn Forcerport ACL Port Status Description Realtime kamailio-inbound kamailioIP a 5060 UNREACHABLE
Could this be the issue? I have verified that Kamailio receives the responses by doing ngrep and I can see the SIP 401 from Asterisk.
Maybe I am missing something else? I'm not sure I understand how Asterisk's peer selection affects this. When I received the registration request from Kamailio, the From: address and domain are the same as the To: address and domain, which are the values I have set in the sipusers table.
Another thing, even though the client handset says registered, the table 'sipregs' is not updated with fullcontact, regseconds, or any data at all. Yet I can still make a call. So maybe Asterisk is not authenticating INVITES (whether or not it's registered) and that's why I can call.
Any further help or things I should try?
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
On Thu, Jul 16, 2015 at 3:40 AM, Alberto Sagredo < alberto.sagredo@avanzada7.com> wrote:
You could remove secret= on extensiones to check if its related to authentication or not
You must not request authentication to kamailio in order to work properly in front of Asterisk
As Daniel mention check if Kamailio peer is created and extensiones have no secret.. you would need to add alternate sippasswd table for kamailio authentication
BR
2015-07-16 1:42 GMT+02:00 Ben Fitzgerald ben@letscorp.us:
Hi, I've been following this integration tutorial http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb and have a successful registration and I can even make calls through my asterisk box.
However what is unusual to me is that every time a phone registers with Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies with 401 Unauthorized. Oddly enough the phone registers and can still make calls. What worries me is that as we scale to 100's of cps, this seemingly erroneous message may slow down Asterisk because it's trying to handle authentication for users which have already been authenticated by Kamailio. If this behavior is expected, then that would be good to know as well.
This is the sip debug from ASTERISK (I have replaced IP's with the names of the servers):
<--- SIP read from TCP:kamailio:41205 ---> REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0 To: sip:40081@asteriskIP From: sip:40081@asteriskIP ;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 CSeq: 10 REGISTER Call-ID: 0005ce130bcee5c4-26538@kamailio Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (4.3.0 (x86_64/linux)) Contact: sip:40081@kamailio:5060 Expires: 3600
<-------------> --- (11 headers 0 lines) --- Sending to kamailio:5060 (no NAT) Sending to kamailio:5060 (no NAT)
<--- Transmitting (no NAT) to kamailio:5060 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received= kamailio From: sip:40081@asteriskIP ;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0 To: sip:40081@asteriskIP;tag=as404bac9a Call-ID: 0005ce130bcee5c4-26538@ kamailio CSeq: 10 REGISTER Server: Asterisk PBX 11.6-cert2 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="262b338e" Content-Length: 0
<------------> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio' in 32000 ms (Method: REGISTER) Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio' Method: REGISTER
=========================
sip.conf for kamailio trunk:
[kamailio-inbound] type=friend dtmfmode=auto host=kamailioIP allow=all context=sipout insecure=port,invite canreinvite=no
========================
Asterisk version: 11.6-cert2 Kamailio version: 4.3
Benjamin Fitzgerald LETS Corporation (925) 235-1154 ben@letscorp.us
*******Confidential Notice: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please delete this message from all computers and contact Orion Systems/LETS Corp immediately by return e-mail and/or telephone at (925) 566-5600
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Alberto Sagredo -
Ben Fitzgerald -
Daniel Tryba