Did anyone notice issues with Fritzbox 7390 devices? When upgrading from 4.0.1 to 4.0.7 some of these devices fail to register after some time.
They keep trying to reuse an old nonce and ignore the new one in the 401 response to the REGISTER. It will try 11 times to register with the same cseq, nonce and nc, then it will try to register (11 times) with cseq+1, nc+1 and still the old nonce. So www_auth fails with -4: stale nonce. I could find anything in kamailio auth module to accept this behavior.
On 07/04/15 10:36, Daniel Tryba wrote:
Did anyone notice issues with Fritzbox 7390 devices? When upgrading from 4.0.1 to 4.0.7 some of these devices fail to register after some time.
They keep trying to reuse an old nonce and ignore the new one in the 401 response to the REGISTER. It will try 11 times to register with the same cseq, nonce and nc, then it will try to register (11 times) with cseq+1, nc+1 and still the old nonce. So www_auth fails with -4: stale nonce. I could find anything in kamailio auth module to accept this behavior.
Did this happen only after upgrading to kamailio 4.0.7? I don't remember any recent changes in dealing with stale nonce, therefore should be same code for 4.0.1 and 4.0.7. Do you have enabled one time nonce feature?
Cheers, Daniel
On Tuesday 07 April 2015 12:29:16 Daniel-Constantin Mierla wrote:
Did this happen only after upgrading to kamailio 4.0.7? I don't remember any recent changes in dealing with stale nonce, therefore should be same code for 4.0.1 and 4.0.7.
Yes, downgrading fixed this behavior.
Do you have enabled one time nonce feature?
No, I'm using all defaults, with auth_db:
if(!www_authenticate("$td", "subscriber")) { www_challenge("$td", "1"); }
The goal is to upgrade to latest 4.2.x, but as intermediate I did a quick upgrade from Debian/oldstable to Debian/stable with latest 4.0.x.
I'll try to test these devices against 4.2.x. But firmware updates (apparantly not available to our internation versions) for these devices contain following fix: http://avm.de/service/downloads/download/show/16020/
Telefonie: Behoben - keine Registrierung von SIPGate Trunking
I have no idea if kamailio is being used in this setup.
On 07/04/15 13:14, Daniel Tryba wrote:
On Tuesday 07 April 2015 12:29:16 Daniel-Constantin Mierla wrote:
Did this happen only after upgrading to kamailio 4.0.7? I don't remember any recent changes in dealing with stale nonce, therefore should be same code for 4.0.1 and 4.0.7.
Yes, downgrading fixed this behavior.
Hmm, not recalling any change in this part of auth modules. Have you spotted any change in git history?
The new nonce should be used if there is a new 401.
Do you have enabled one time nonce feature?
No, I'm using all defaults, with auth_db:
if(!www_authenticate("$td", "subscriber")) { www_challenge("$td", "1"); }
The goal is to upgrade to latest 4.2.x, but as intermediate I did a quick upgrade from Debian/oldstable to Debian/stable with latest 4.0.x.
I'll try to test these devices against 4.2.x. But firmware updates (apparantly not available to our internation versions) for these devices contain following fix: http://avm.de/service/downloads/download/show/16020/
Telefonie: Behoben - keine Registrierung von SIPGate Trunking
I have no idea if kamailio is being used in this setup.
Yes, sipgate is using kamailio (iirc, the architecture was presented at Kamailio World Conference 2014).
Cheers, Daniel
On Wednesday 08 April 2015 09:50:01 Daniel-Constantin Mierla wrote:
Hmm, not recalling any change in this part of auth modules. Have you spotted any change in git history?
Haven't had the time yet to research further and don't think I'll get to it this week. I'll report back after checking against 4.2.x.
-
Daniel Tryba -
Daniel-Constantin Mierla