We help IT Professionals succeed at work.

SIP Trunk / 407 Proxy Authentication Required / Inbound SIP Rejected

joeschuh
joeschuh asked
on
9,459 Views
Last Modified: 2013-12-21
I have s SIP trunk from BroadVox that works fine for outbound calls but incoming calls are getting rejected with a 407 Proxy Authentication Required.  I have searched on this and *think* I have done every solution that I found so am in need of assistance!  Any help would be greatly appreciated

To avoid any NAT issues this box is currently setup outside for testing purposes.  This is a new install of Trixbox.

Incoming Settings:

User Context: xxxxxx1517 (BroadVox BTN/Number)
User Details:
type=user
context=from-trunk
insecure=invite        **Have also tried "very"


The one thing that I noticed that seemed weird to me was that the one of the INVITE and (later) a CONTACT tags show an "S@IP" -- I was thinking that should be something like the DID.

INVITE sip:s@xxx.xxx.xxx.244:5060 SIP/2.0

SIP DEBUG:
<--- SIP read from 209.249.3.59:5060 --->
INVITE sip:s@xxx.xxx.xxx.244:5060 SIP/2.0
Max-Forwards: 69
Session-Expires: 3600;refresher=uac
Supported: timer, 100rel
To: <sip:xxxxxx2893@209.249.3.56:5060>
From: <sip:xxxxxx1158@209.249.3.59>;tag=3447630969-781005
P-Asserted-Identity:<sip:xxxxxx1158@209.249.3.74:5060>
Call-ID: 1162567-3447630969-780999@NXT02.broadvox.net
CSeq: 1 INVITE
Allow: INVITE, BYE, OPTIONS, CANCEL, ACK, REGISTER, NOTIFY, INFO, REFER, SUBSCRIBE, PRACK, UPDATE
Via: SIP/2.0/UDP 209.249.3.59:5060;branch=z9hG4bK7a001eed94cd4cfa02d2806d9277e027
Contact: <sip:xxxxxx1158@209.249.3.59:5060>
Call-Info: <sip:209.249.3.59>;method="NOTIFY;Event=telephone-event;Duration=1000"
Content-Type: application/sdp
Content-Length: 250

v=0
o=NXT02 19868 14247 IN IP4 209.249.3.59
s=sip call
c=IN IP4 209.249.3.60
t=0 0
m=audio 10454 RTP/AVP 0 18 101
a=rtpmap:0 PCMU/8000
a=sendrecv
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

<------------->
[Apr 1 17:02:08] VERBOSE[17205] logger.c: --- (15 headers 12 lines) ---
[Apr 1 17:02:08] VERBOSE[17205] logger.c: Sending to 209.249.3.59 : 5060 (no NAT)
[Apr 1 17:02:08] VERBOSE[17205] logger.c: Using INVITE request as basis request - 1162567-3447630969-780999@NXT02.broadvox.net
[Apr 1 17:02:08] VERBOSE[17205] logger.c: Found peer 'BroadVox1'
[Apr 1 17:02:08] VERBOSE[17205] logger.c:
<--- Reliably Transmitting (no NAT) to 209.249.3.59:5060 --->
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 209.249.3.59:5060;branch=z9hG4bK7a001eed94cd4cfa02d2806d9277e027;received=209.249.3.59
From: <sip:xxxxxx1158@209.249.3.59>;tag=3447630969-781005
To: <sip:xxxxxx2893@209.249.3.56:5060>;tag=as4f148838
Call-ID: 1162567-3447630969-780999@NXT02.broadvox.net
CSeq: 1 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Proxy-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="30f9dfd6"
Content-Length: 0
Comment
Watch Question

feptiasChief Dude
CERTIFIED EXPERT

Commented:
try type=friend
feptiasChief Dude
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I did make a mistake in GUI config for insecure=very... I had it in the INCOMING section under USER DETAILS when it needed to be in the OUTBOUND section under PEER DETAILS...  The wording made me think it should be in inbound since it was inbound I was having a problem with....

Oddly enough the next issue I faced was DID's inbound -- only the default route (blank DID) will work.  The peer service (for trixbox) is in the sip.conf by way of an include of sip_additional.conf.  I actually don't see a users.conf.

I don't know if this changes anything but I am wondering if you know of any way to get the DIDs inbound to work and being able to use the GUI?
feptiasChief Dude
CERTIFIED EXPERT

Commented:
I am not very familiar with the Trixbox GUI, but I can offer some general advice:

Use sip debug to look at the Request-URI in the INVITES coming to your server from Broadvox. Are they:
(a) "INVITE sip:s@<your_ip> ..." or
(b) "INVITE sip:<dialled_DID>@<your_ip> ..."?

If (a): The DID will almost certainly be in the "To header". If not, you must ask Broadvox how to get it. You could ask Broadvox what has to be done to get the DID as part of the INVITE Request-URI they send to you or you could configure a general incoming route (blank DID number) that sends the call to a special section of code in the dial plan (extensions.conf) where the DID number is extracted from the "To header". I showed you how to do that in my earlier answer.

If (b): If the DID is already in the INVITE Request-URI, then you just need to configure the incoming route in Trixbox to recognise the number in the format that is being sent. This link to another provider's help pages covers the details:
http://www.voiptalk.org/products/trixbox-sip-trunk-setup.html
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.