Solved

SIP Trunk / 407 Proxy Authentication Required / Inbound SIP Rejected

Posted on 2009-04-02
5
6,909 Views
Last Modified: 2013-12-21
I have s SIP trunk from BroadVox that works fine for outbound calls but incoming calls are getting rejected with a 407 Proxy Authentication Required.  I have searched on this and *think* I have done every solution that I found so am in need of assistance!  Any help would be greatly appreciated

To avoid any NAT issues this box is currently setup outside for testing purposes.  This is a new install of Trixbox.

Incoming Settings:

User Context: xxxxxx1517 (BroadVox BTN/Number)
User Details:
type=user
context=from-trunk
insecure=invite        **Have also tried "very"


The one thing that I noticed that seemed weird to me was that the one of the INVITE and (later) a CONTACT tags show an "S@IP" -- I was thinking that should be something like the DID.

INVITE sip:s@xxx.xxx.xxx.244:5060 SIP/2.0

SIP DEBUG:
<--- SIP read from 209.249.3.59:5060 --->
INVITE sip:s@xxx.xxx.xxx.244:5060 SIP/2.0
Max-Forwards: 69
Session-Expires: 3600;refresher=uac
Supported: timer, 100rel
To: <sip:xxxxxx2893@209.249.3.56:5060>
From: <sip:xxxxxx1158@209.249.3.59>;tag=3447630969-781005
P-Asserted-Identity:<sip:xxxxxx1158@209.249.3.74:5060>
Call-ID: 1162567-3447630969-780999@NXT02.broadvox.net
CSeq: 1 INVITE
Allow: INVITE, BYE, OPTIONS, CANCEL, ACK, REGISTER, NOTIFY, INFO, REFER, SUBSCRIBE, PRACK, UPDATE
Via: SIP/2.0/UDP 209.249.3.59:5060;branch=z9hG4bK7a001eed94cd4cfa02d2806d9277e027
Contact: <sip:xxxxxx1158@209.249.3.59:5060>
Call-Info: <sip:209.249.3.59>;method="NOTIFY;Event=telephone-event;Duration=1000"
Content-Type: application/sdp
Content-Length: 250

v=0
o=NXT02 19868 14247 IN IP4 209.249.3.59
s=sip call
c=IN IP4 209.249.3.60
t=0 0
m=audio 10454 RTP/AVP 0 18 101
a=rtpmap:0 PCMU/8000
a=sendrecv
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

<------------->
[Apr 1 17:02:08] VERBOSE[17205] logger.c: --- (15 headers 12 lines) ---
[Apr 1 17:02:08] VERBOSE[17205] logger.c: Sending to 209.249.3.59 : 5060 (no NAT)
[Apr 1 17:02:08] VERBOSE[17205] logger.c: Using INVITE request as basis request - 1162567-3447630969-780999@NXT02.broadvox.net
[Apr 1 17:02:08] VERBOSE[17205] logger.c: Found peer 'BroadVox1'
[Apr 1 17:02:08] VERBOSE[17205] logger.c:
<--- Reliably Transmitting (no NAT) to 209.249.3.59:5060 --->
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 209.249.3.59:5060;branch=z9hG4bK7a001eed94cd4cfa02d2806d9277e027;received=209.249.3.59
From: <sip:xxxxxx1158@209.249.3.59>;tag=3447630969-781005
To: <sip:xxxxxx2893@209.249.3.56:5060>;tag=as4f148838
Call-ID: 1162567-3447630969-780999@NXT02.broadvox.net
CSeq: 1 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Proxy-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="30f9dfd6"
Content-Length: 0
0
Comment
Question by:joeschuh
  • 3
  • 2
5 Comments
 
LVL 19

Expert Comment

by:feptias
ID: 24059088
try type=friend
0
 
LVL 19

Assisted Solution

by:feptias
feptias earned 400 total points
ID: 24059210
For DID's delivered on a SIP trunk, it is preferable to receive the invites with DID@sip_domain_or_ip. However, if your peer service is defined in users.conf rather than sip.conf, then Asterisk always seems to register using s@sip_domain_or_ip in the Contact header. This is annoying because it usually means the service provider sends all the invites back as s@sip_domain_or_ip.

The solution is either to move the Broadvox peer definition from users.conf to sip.conf - something that may be out of your hands if using Trixbox - or to add some extra dial plan instructions to extract the DID from the To header. The following lines should do the trick:
exten => s,1,Set(DN=${SIP_HEADER(TO):5})
exten => s,2,Set(DN=${CUT(DN,@,1)})

You now have the DID number in a variable called DN. You would be able to use this in a Goto or in other ways to route the call for the dialled DID number.
0
 
LVL 2

Author Comment

by:joeschuh
ID: 24063983
I did make a mistake in GUI config for insecure=very... I had it in the INCOMING section under USER DETAILS when it needed to be in the OUTBOUND section under PEER DETAILS...  The wording made me think it should be in inbound since it was inbound I was having a problem with....

Oddly enough the next issue I faced was DID's inbound -- only the default route (blank DID) will work.  The peer service (for trixbox) is in the sip.conf by way of an include of sip_additional.conf.  I actually don't see a users.conf.

I don't know if this changes anything but I am wondering if you know of any way to get the DIDs inbound to work and being able to use the GUI?
0
 
LVL 19

Expert Comment

by:feptias
ID: 24072293
I am not very familiar with the Trixbox GUI, but I can offer some general advice:

Use sip debug to look at the Request-URI in the INVITES coming to your server from Broadvox. Are they:
(a) "INVITE sip:s@<your_ip> ..." or
(b) "INVITE sip:<dialled_DID>@<your_ip> ..."?

If (a): The DID will almost certainly be in the "To header". If not, you must ask Broadvox how to get it. You could ask Broadvox what has to be done to get the DID as part of the INVITE Request-URI they send to you or you could configure a general incoming route (blank DID number) that sends the call to a special section of code in the dial plan (extensions.conf) where the DID number is extracted from the "To header". I showed you how to do that in my earlier answer.

If (b): If the DID is already in the INVITE Request-URI, then you just need to configure the incoming route in Trixbox to recognise the number in the format that is being sent. This link to another provider's help pages covers the details:
http://www.voiptalk.org/products/trixbox-sip-trunk-setup.html
0
 
LVL 2

Accepted Solution

by:
joeschuh earned 0 total points
ID: 24079511
BroadVox sent me a sample config wich has worked.  Why they didn't do this to begin with I don't know.  Many thanks to Feptias as well..  Here is the complete config for a trunk -- which allowed the allow anonymous to be turned off as well...

TRUNK

PEER DETAILS:
host=dfwnx01ga1.pa.broadvox.net
username=[username/BTN]
secret=[password]
type=peer
insecure=very
context=from-trunk

USER CONTEXT: [BTN]
USER DETAILS:
type=user
context=from-trunk

REGISTRATION: [username]:[password]@dfwnx01ga1.pa.broadvox.net/to

Ass the following in the extensions_custom.conf:
[from-pstn-custom]
exten => to,1,Goto(from-pstn,${SIP_HEADER(TO):5:10},1)
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
T1 Modules 1 56
Auto-Dialers 3 67
power requirements for 50 SPA303G phones? 2 60
VOIP System 9 99
The point of this post is to give you a copy/paste installation solution to setting up Asterisk 1.6 on Ubuntu 9.04 (or similar) server. # Setup the system apt-get install subversion apt-get install make apt-get install linux-source kernel-p…
How To Create Custom / Distinctive Ring Tones on Polycom Phones Purpose and Overview When creating a custom ring tone, you have simple aspirations: to make your phone cooler than everyone else's. Perhaps you need a louder ringer. Perhaps you w…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question