[SR-Users] Kamailio & Asterisk SIP Registration Forwarding - Asterisk replies 401 Unauthorized

Ben Fitzgerald ben at letscorp.us
Thu Jul 16 19:31:19 CEST 2015 

Thanks for your response.

I did read the section about the secret in the kb url. I followed the
example and inserted the test users on tFe url (101, 102, 103) and they
have secret set to NULL. I have tried both secret=NULL and secret="" and
Asterisk still asks for authentication. Also when I do "sip show peers" I
get:

Name/username             Host                                    Dyn
Forcerport ACL Port     Status      Description
 Realtime
kamailio-inbound          kamailioIP                               a
      5060     Unmonitored

I added qualify=yes and now:

Name/username             Host                                    Dyn
Forcerport ACL Port     Status      Description
 Realtime
kamailio-inbound         kamailioIP                               a
    5060     UNREACHABLE

Could this be the issue? I have verified that Kamailio receives the
responses by doing ngrep and I can see the SIP 401 from Asterisk.

Maybe I am missing something else? I'm not sure I understand how Asterisk's
peer selection affects this. When I received the registration request from
Kamailio, the From: address and domain are the same as the To: address and
domain, which are the values I have set in the sipusers table.

Another thing, even though the client handset says registered, the table
'sipregs' is not updated with fullcontact, regseconds, or any data at all.
Yet I can still make a call. So maybe Asterisk is not authenticating
INVITES (whether or not it's registered) and that's why I can call.

Any further help or things I should try?

Benjamin Fitzgerald
LETS Corporation
(925) 235-1154
ben at letscorp.us




*******Confidential Notice:
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
delete this message from all computers and contact Orion Systems/LETS Corp
immediately by return e-mail and/or telephone at (925) 566-5600

On Thu, Jul 16, 2015 at 3:40 AM, Alberto Sagredo <
alberto.sagredo at avanzada7.com> wrote:

> You could remove secret= on extensiones to check if its related to
> authentication or not
>
> You must not request authentication to kamailio in order to work properly
> in front of Asterisk
>
> As Daniel mention check if Kamailio peer is created and extensiones have
> no secret.. you would need to add alternate sippasswd table for kamailio
> authentication
>
> BR
>
> 2015-07-16 1:42 GMT+02:00 Ben Fitzgerald <ben at letscorp.us>:
>
>> Hi, I've been following this integration tutorial
>> http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
>> and have a successful registration and I can even make calls through my
>> asterisk box.
>>
>> However what is unusual to me is that every time a phone registers with
>> Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies
>> with 401 Unauthorized. Oddly enough the phone registers and can still make
>> calls. What worries me is that as we scale to 100's of cps, this seemingly
>> erroneous message may slow down Asterisk because it's trying to handle
>> authentication for users which have already been authenticated by Kamailio.
>> If this behavior is expected, then that would be good to know as well.
>>
>> This is the sip debug from ASTERISK (I have replaced IP's with the names
>> of the servers):
>>
>>
>> <--- SIP read from TCP:kamailio:41205 --->
>> REGISTER sip:asteriskIP:5060;transport=tcp SIP/2.0
>> Via: SIP/2.0/TCP
>> kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0
>> To: <sip:40081 at asteriskIP>
>> From: <sip:40081 at asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
>> CSeq: 10 REGISTER
>> Call-ID: 0005ce130bcee5c4-26538 at kamailio
>> Max-Forwards: 70
>> Content-Length: 0
>> User-Agent: kamailio (4.3.0 (x86_64/linux))
>> Contact: <sip:40081 at kamailio:5060>
>> Expires: 3600
>>
>> <------------->
>> --- (11 headers 0 lines) ---
>> Sending to kamailio:5060 (no NAT)
>> Sending to kamailio:5060 (no NAT)
>>
>> <--- Transmitting (no NAT) to kamailio:5060 --->
>> SIP/2.0 401 Unauthorized
>> Via:
>> SIP/2.0/TCP kamailio;branch=z9hG4bK998f.2846e405000000000000000000000000.0;received=
>> kamailio
>> From: <sip:40081 at asteriskIP>;tag=32fda68bf54efeeb04e3edc67b53c63d-cfb0
>> To: <sip:40081 at asteriskIP>;tag=as404bac9a
>> Call-ID: 0005ce130bcee5c4-26538@ kamailio
>> CSeq: 10 REGISTER
>> Server: Asterisk PBX 11.6-cert2
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
>> PUBLISH
>> Supported: replaces, timer
>> WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="262b338e"
>> Content-Length: 0
>>
>>
>> <------------>
>> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
>> in 32000 ms (Method: REGISTER)
>> Scheduling destruction of SIP dialog '0005ce130bcee5c4-26538@ kamailio'
>> in 32000 ms (Method: REGISTER)
>> Really destroying SIP dialog '0005ce130bcee5c1-26536@ kamailio' Method:
>> REGISTER
>>
>> =========================
>>
>> sip.conf for kamailio trunk:
>>
>> [kamailio-inbound]
>> type=friend
>> dtmfmode=auto
>> host=kamailioIP
>> allow=all
>> context=sipout
>> insecure=port,invite
>> canreinvite=no
>>
>> ========================
>>
>> Asterisk version: 11.6-cert2
>> Kamailio version: 4.3
>>
>> Benjamin Fitzgerald
>> LETS Corporation
>> (925) 235-1154
>> ben at letscorp.us
>>
>>
>>
>>
>> *******Confidential Notice:
>> This message is intended only for the use of the individual or entity to
>> which it is addressed and may contain information that is privileged,
>> confidential and exempt from disclosure under applicable law. If the reader
>> of this message is not the intended recipient, you are hereby notified that
>> any dissemination, distribution or copying of this communication is
>> strictly prohibited. If you have received this message in error, please
>> delete this message from all computers and contact Orion Systems/LETS Corp
>> immediately by return e-mail and/or telephone at (925) 566-5600
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150716/9f67e2d4/attachment.html>

More information about the sr-users mailing list