Solved

SIP Trunk / 407 Proxy Authentication Required / Inbound SIP Rejected

Posted on 2009-04-02
5
6,602 Views
Last Modified: 2013-12-21
I have s SIP trunk from BroadVox that works fine for outbound calls but incoming calls are getting rejected with a 407 Proxy Authentication Required.  I have searched on this and *think* I have done every solution that I found so am in need of assistance!  Any help would be greatly appreciated

To avoid any NAT issues this box is currently setup outside for testing purposes.  This is a new install of Trixbox.

Incoming Settings:

User Context: xxxxxx1517 (BroadVox BTN/Number)
User Details:
type=user
context=from-trunk
insecure=invite        **Have also tried "very"


The one thing that I noticed that seemed weird to me was that the one of the INVITE and (later) a CONTACT tags show an "S@IP" -- I was thinking that should be something like the DID.

INVITE sip:s@xxx.xxx.xxx.244:5060 SIP/2.0

SIP DEBUG:
<--- SIP read from 209.249.3.59:5060 --->
INVITE sip:s@xxx.xxx.xxx.244:5060 SIP/2.0
Max-Forwards: 69
Session-Expires: 3600;refresher=uac
Supported: timer, 100rel
To: <sip:xxxxxx2893@209.249.3.56:5060>
From: <sip:xxxxxx1158@209.249.3.59>;tag=3447630969-781005
P-Asserted-Identity:<sip:xxxxxx1158@209.249.3.74:5060>
Call-ID: 1162567-3447630969-780999@NXT02.broadvox.net
CSeq: 1 INVITE
Allow: INVITE, BYE, OPTIONS, CANCEL, ACK, REGISTER, NOTIFY, INFO, REFER, SUBSCRIBE, PRACK, UPDATE
Via: SIP/2.0/UDP 209.249.3.59:5060;branch=z9hG4bK7a001eed94cd4cfa02d2806d9277e027
Contact: <sip:xxxxxx1158@209.249.3.59:5060>
Call-Info: <sip:209.249.3.59>;method="NOTIFY;Event=telephone-event;Duration=1000"
Content-Type: application/sdp
Content-Length: 250

v=0
o=NXT02 19868 14247 IN IP4 209.249.3.59
s=sip call
c=IN IP4 209.249.3.60
t=0 0
m=audio 10454 RTP/AVP 0 18 101
a=rtpmap:0 PCMU/8000
a=sendrecv
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

<------------->
[Apr 1 17:02:08] VERBOSE[17205] logger.c: --- (15 headers 12 lines) ---
[Apr 1 17:02:08] VERBOSE[17205] logger.c: Sending to 209.249.3.59 : 5060 (no NAT)
[Apr 1 17:02:08] VERBOSE[17205] logger.c: Using INVITE request as basis request - 1162567-3447630969-780999@NXT02.broadvox.net
[Apr 1 17:02:08] VERBOSE[17205] logger.c: Found peer 'BroadVox1'
[Apr 1 17:02:08] VERBOSE[17205] logger.c:
<--- Reliably Transmitting (no NAT) to 209.249.3.59:5060 --->
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 209.249.3.59:5060;branch=z9hG4bK7a001eed94cd4cfa02d2806d9277e027;received=209.249.3.59
From: <sip:xxxxxx1158@209.249.3.59>;tag=3447630969-781005
To: <sip:xxxxxx2893@209.249.3.56:5060>;tag=as4f148838
Call-ID: 1162567-3447630969-780999@NXT02.broadvox.net
CSeq: 1 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Proxy-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="30f9dfd6"
Content-Length: 0
0
Comment
Question by:joeschuh
  • 3
  • 2
5 Comments
 
LVL 19

Expert Comment

by:feptias
ID: 24059088
try type=friend
0
 
LVL 19

Assisted Solution

by:feptias
feptias earned 400 total points
ID: 24059210
For DID's delivered on a SIP trunk, it is preferable to receive the invites with DID@sip_domain_or_ip. However, if your peer service is defined in users.conf rather than sip.conf, then Asterisk always seems to register using s@sip_domain_or_ip in the Contact header. This is annoying because it usually means the service provider sends all the invites back as s@sip_domain_or_ip.

The solution is either to move the Broadvox peer definition from users.conf to sip.conf - something that may be out of your hands if using Trixbox - or to add some extra dial plan instructions to extract the DID from the To header. The following lines should do the trick:
exten => s,1,Set(DN=${SIP_HEADER(TO):5})
exten => s,2,Set(DN=${CUT(DN,@,1)})

You now have the DID number in a variable called DN. You would be able to use this in a Goto or in other ways to route the call for the dialled DID number.
0
 
LVL 2

Author Comment

by:joeschuh
ID: 24063983
I did make a mistake in GUI config for insecure=very... I had it in the INCOMING section under USER DETAILS when it needed to be in the OUTBOUND section under PEER DETAILS...  The wording made me think it should be in inbound since it was inbound I was having a problem with....

Oddly enough the next issue I faced was DID's inbound -- only the default route (blank DID) will work.  The peer service (for trixbox) is in the sip.conf by way of an include of sip_additional.conf.  I actually don't see a users.conf.

I don't know if this changes anything but I am wondering if you know of any way to get the DIDs inbound to work and being able to use the GUI?
0
 
LVL 19

Expert Comment

by:feptias
ID: 24072293
I am not very familiar with the Trixbox GUI, but I can offer some general advice:

Use sip debug to look at the Request-URI in the INVITES coming to your server from Broadvox. Are they:
(a) "INVITE sip:s@<your_ip> ..." or
(b) "INVITE sip:<dialled_DID>@<your_ip> ..."?

If (a): The DID will almost certainly be in the "To header". If not, you must ask Broadvox how to get it. You could ask Broadvox what has to be done to get the DID as part of the INVITE Request-URI they send to you or you could configure a general incoming route (blank DID number) that sends the call to a special section of code in the dial plan (extensions.conf) where the DID number is extracted from the "To header". I showed you how to do that in my earlier answer.

If (b): If the DID is already in the INVITE Request-URI, then you just need to configure the incoming route in Trixbox to recognise the number in the format that is being sent. This link to another provider's help pages covers the details:
http://www.voiptalk.org/products/trixbox-sip-trunk-setup.html
0
 
LVL 2

Accepted Solution

by:
joeschuh earned 0 total points
ID: 24079511
BroadVox sent me a sample config wich has worked.  Why they didn't do this to begin with I don't know.  Many thanks to Feptias as well..  Here is the complete config for a trunk -- which allowed the allow anonymous to be turned off as well...

TRUNK

PEER DETAILS:
host=dfwnx01ga1.pa.broadvox.net
username=[username/BTN]
secret=[password]
type=peer
insecure=very
context=from-trunk

USER CONTEXT: [BTN]
USER DETAILS:
type=user
context=from-trunk

REGISTRATION: [username]:[password]@dfwnx01ga1.pa.broadvox.net/to

Ass the following in the extensions_custom.conf:
[from-pstn-custom]
exten => to,1,Goto(from-pstn,${SIP_HEADER(TO):5:10},1)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

The Zaptel people (www.zaptel.com) got kind of annoyed with the fact that they were getting bombarded with searches for the zaptel driver system for Asterisk (not to mention they own the trademark on zaptel). So, they kindly requested that Digium ch…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now