Solved

SIP Trunk / 407 Proxy Authentication Required / Inbound SIP Rejected

Posted on 2009-04-02
5
7,081 Views
Last Modified: 2013-12-21
I have s SIP trunk from BroadVox that works fine for outbound calls but incoming calls are getting rejected with a 407 Proxy Authentication Required.  I have searched on this and *think* I have done every solution that I found so am in need of assistance!  Any help would be greatly appreciated

To avoid any NAT issues this box is currently setup outside for testing purposes.  This is a new install of Trixbox.

Incoming Settings:

User Context: xxxxxx1517 (BroadVox BTN/Number)
User Details:
type=user
context=from-trunk
insecure=invite        **Have also tried "very"


The one thing that I noticed that seemed weird to me was that the one of the INVITE and (later) a CONTACT tags show an "S@IP" -- I was thinking that should be something like the DID.

INVITE sip:s@xxx.xxx.xxx.244:5060 SIP/2.0

SIP DEBUG:
<--- SIP read from 209.249.3.59:5060 --->
INVITE sip:s@xxx.xxx.xxx.244:5060 SIP/2.0
Max-Forwards: 69
Session-Expires: 3600;refresher=uac
Supported: timer, 100rel
To: <sip:xxxxxx2893@209.249.3.56:5060>
From: <sip:xxxxxx1158@209.249.3.59>;tag=3447630969-781005
P-Asserted-Identity:<sip:xxxxxx1158@209.249.3.74:5060>
Call-ID: 1162567-3447630969-780999@NXT02.broadvox.net
CSeq: 1 INVITE
Allow: INVITE, BYE, OPTIONS, CANCEL, ACK, REGISTER, NOTIFY, INFO, REFER, SUBSCRIBE, PRACK, UPDATE
Via: SIP/2.0/UDP 209.249.3.59:5060;branch=z9hG4bK7a001eed94cd4cfa02d2806d9277e027
Contact: <sip:xxxxxx1158@209.249.3.59:5060>
Call-Info: <sip:209.249.3.59>;method="NOTIFY;Event=telephone-event;Duration=1000"
Content-Type: application/sdp
Content-Length: 250

v=0
o=NXT02 19868 14247 IN IP4 209.249.3.59
s=sip call
c=IN IP4 209.249.3.60
t=0 0
m=audio 10454 RTP/AVP 0 18 101
a=rtpmap:0 PCMU/8000
a=sendrecv
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

<------------->
[Apr 1 17:02:08] VERBOSE[17205] logger.c: --- (15 headers 12 lines) ---
[Apr 1 17:02:08] VERBOSE[17205] logger.c: Sending to 209.249.3.59 : 5060 (no NAT)
[Apr 1 17:02:08] VERBOSE[17205] logger.c: Using INVITE request as basis request - 1162567-3447630969-780999@NXT02.broadvox.net
[Apr 1 17:02:08] VERBOSE[17205] logger.c: Found peer 'BroadVox1'
[Apr 1 17:02:08] VERBOSE[17205] logger.c:
<--- Reliably Transmitting (no NAT) to 209.249.3.59:5060 --->
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 209.249.3.59:5060;branch=z9hG4bK7a001eed94cd4cfa02d2806d9277e027;received=209.249.3.59
From: <sip:xxxxxx1158@209.249.3.59>;tag=3447630969-781005
To: <sip:xxxxxx2893@209.249.3.56:5060>;tag=as4f148838
Call-ID: 1162567-3447630969-780999@NXT02.broadvox.net
CSeq: 1 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Proxy-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="30f9dfd6"
Content-Length: 0
0
Comment
Question by:joeschuh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 19

Expert Comment

by:feptias
ID: 24059088
try type=friend
0
 
LVL 19

Assisted Solution

by:feptias
feptias earned 400 total points
ID: 24059210
For DID's delivered on a SIP trunk, it is preferable to receive the invites with DID@sip_domain_or_ip. However, if your peer service is defined in users.conf rather than sip.conf, then Asterisk always seems to register using s@sip_domain_or_ip in the Contact header. This is annoying because it usually means the service provider sends all the invites back as s@sip_domain_or_ip.

The solution is either to move the Broadvox peer definition from users.conf to sip.conf - something that may be out of your hands if using Trixbox - or to add some extra dial plan instructions to extract the DID from the To header. The following lines should do the trick:
exten => s,1,Set(DN=${SIP_HEADER(TO):5})
exten => s,2,Set(DN=${CUT(DN,@,1)})

You now have the DID number in a variable called DN. You would be able to use this in a Goto or in other ways to route the call for the dialled DID number.
0
 
LVL 2

Author Comment

by:joeschuh
ID: 24063983
I did make a mistake in GUI config for insecure=very... I had it in the INCOMING section under USER DETAILS when it needed to be in the OUTBOUND section under PEER DETAILS...  The wording made me think it should be in inbound since it was inbound I was having a problem with....

Oddly enough the next issue I faced was DID's inbound -- only the default route (blank DID) will work.  The peer service (for trixbox) is in the sip.conf by way of an include of sip_additional.conf.  I actually don't see a users.conf.

I don't know if this changes anything but I am wondering if you know of any way to get the DIDs inbound to work and being able to use the GUI?
0
 
LVL 19

Expert Comment

by:feptias
ID: 24072293
I am not very familiar with the Trixbox GUI, but I can offer some general advice:

Use sip debug to look at the Request-URI in the INVITES coming to your server from Broadvox. Are they:
(a) "INVITE sip:s@<your_ip> ..." or
(b) "INVITE sip:<dialled_DID>@<your_ip> ..."?

If (a): The DID will almost certainly be in the "To header". If not, you must ask Broadvox how to get it. You could ask Broadvox what has to be done to get the DID as part of the INVITE Request-URI they send to you or you could configure a general incoming route (blank DID number) that sends the call to a special section of code in the dial plan (extensions.conf) where the DID number is extracted from the "To header". I showed you how to do that in my earlier answer.

If (b): If the DID is already in the INVITE Request-URI, then you just need to configure the incoming route in Trixbox to recognise the number in the format that is being sent. This link to another provider's help pages covers the details:
http://www.voiptalk.org/products/trixbox-sip-trunk-setup.html
0
 
LVL 2

Accepted Solution

by:
joeschuh earned 0 total points
ID: 24079511
BroadVox sent me a sample config wich has worked.  Why they didn't do this to begin with I don't know.  Many thanks to Feptias as well..  Here is the complete config for a trunk -- which allowed the allow anonymous to be turned off as well...

TRUNK

PEER DETAILS:
host=dfwnx01ga1.pa.broadvox.net
username=[username/BTN]
secret=[password]
type=peer
insecure=very
context=from-trunk

USER CONTEXT: [BTN]
USER DETAILS:
type=user
context=from-trunk

REGISTRATION: [username]:[password]@dfwnx01ga1.pa.broadvox.net/to

Ass the following in the extensions_custom.conf:
[from-pstn-custom]
exten => to,1,Goto(from-pstn,${SIP_HEADER(TO):5:10},1)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cannot call in with full number 1 140
Device Pack Upgrade for Cisco Call Manager 11 158
Cisco Telephony RegEx Help 2 95
Advice on ESXi 5.1 Health / Storage 1 79
So you think no one can listen in on your VOIP conversations, eh? Well... if you haven't setup Secure Real Time Transport (SRTP), your voice communications can be hacked into by just about anyone! First, let's talk about the intended audience for…
I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question