Solved

SIP Proxy INVITE causes error 403 FORBIDDEN

Posted on 2011-02-17
7
8,831 Views
Last Modified: 2013-12-27
Hi All,

Just wondering if anyone has any experience in regards to the SIP protocol and SIP proxies working with a SIP server? I've got a problem where my phone works directly with a SIP server/pbx, but when I route it through my home-made SIP proxy (written in c#), based on RFC3261, after an INVITE I get a "403 Forbidden" returned from the pbx.

Registration works fine, the following process is where it breaks
-> REGISTER
<- 407 Proxy Authentication Required
-> REGISTER (now with Auth info)
<- 200 OK
-> INVITE
<- 407 Proxy Authentication Required
-> ACK
-> INVITE (now with Auth info)
<- 403 Forbidden

Not sure why it is forbidden, when the phone talks direct it's OK and works perfectly.

The final invite (the one that results in the 403 error) is:
INVITE sip:31@10.1.1.3 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.46:5060;branch=z9hG4bK36B1D64BA09A41087FCC96BEF8FAF613
Via: SIP/2.0/UDP 10.1.1.88:5061;branch=z9hG4bK3c49b772
From: "Test One" <sip:21@10.1.1.46>;tag=0007505a393901096ad799a8-4e59d2cc
To: <sip:31@10.1.1.46>
Call-ID: 0007505a-39390008-66fe78ec-7fd183be@10.1.1.88
Max-Forwards: 69
Date: Fri, 18 Feb 2011 03:11:23 GMT
CSeq: 102 INVITE
User-Agent: Cisco-CP7940G/8.0
Contact: <sip:21@10.1.1.88:5061;transport=udp>
Proxy-Authorization: Digest username="21",realm="3CXPhoneSystem",uri="sip:31@10.1.1.46",response="121e25ec861128d9bba5c2ffdd1a7ef2",nonce="414d535c036e745b96:3af1591dca90c314854206ba7e1895c8",algorithm=MD5
Expires: 180
Accept: application/sdp
Allow: ACK,BYE,CANCEL,INVITE,NOTIFY,OPTIONS,REFER,REGISTER,UPDATE
Remote-Party-ID: "Test One" <sip:21@10.1.1.46>;party=calling;id-type=subscriber;privacy=off;screen=yes
Supported: replaces,join,norefersub
Content-Length: 224
Content-Type: application/sdp
Content-Disposition: session;handling=optional

The phone is on 10.1.1.88, the pbx on 10.1.1.3 and my proxy is on 10.1.1.46. The phone is extension 21, trying to call extension 31. Extension 31 is registered directly to the pbx, it is not going via the SIP proxy.

While at the moment the phone 10.1.1.88 is on the same network as the pbx the sip proxy is being developed due to upcoming network changes in the environment.
0
Comment
Question by:DominikBM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 

Author Comment

by:DominikBM
ID: 34939088
Happy to provide more information, whatever may be relevant!

Thanks!
0
 

Author Comment

by:DominikBM
ID: 34939846
Thanks _alias99, greatly appreciate your help :-)
0
 
LVL 19

Accepted Solution

by:
feptias earned 500 total points
ID: 34941128
On most IP phones, when you configure the user account, there are fields for username, auth id, registrar (or sip domain) and outbound proxy. Looking at the way you are using the SIP proxy I would expect the registrar field to be 10.1.1.3 and the outbound proxy field to be 10.1.1.46, but looking at the SIP I think that may not be what you have done.

It is commendable that you are trying to write your own SIP proxy in C# from scratch - wow. You will no doubt learn a lot by doing so, but were you aware that there are open source projects with many man-years of development already invested in them doing just that? ...and with a large, active and helpful user community. OpenSIPS and Kamailio for example.
0
 

Author Comment

by:DominikBM
ID: 34946110
Hi feptias,

Thanks for your help. You were absolutely right, the problem was that the phone had the SIP proxy server address set for all fields, while it should only have had it set for the "outbound proxy" field. Changing this fixed the issue, so many thanks!

In regards to open source SIP proxy servers, yes I looked at quite a number of them but none were suitable in terms of licensing (mine is built into a product that is not open source, and under GPL we'd have to make the whole thing open source) as well as platform considerations (Windows, non-Java). When the handful of options that were left proved to be incomplete or undocumented I coded my own.

Thanks again!
0
 
LVL 19

Expert Comment

by:feptias
ID: 34946261
Good luck with the project. Thanks for the points.
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Finding a job can be stressful - searches, resume tweaks, and networking events can be super boring. Luckily we're here to help you land your dream job!
Whether you believe the “gig economy,” as it has been dubbed, is the next big economic paradigm shift (https://www.theguardian.com/commentisfree/2015/jul/26/will-we-get-by-gig-economy) or an overstated trend (http://www.wsj.com/articles/proof-of-a-g…
Articles on a wide range of technology and professional topics are available on Experts Exchange. These resources are written by members, for members, and can be written about any topic you feel passionate about. Learn how to best write an article t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question