Asterisk 1.8.4 ( backfire/10.03.1-rc6) Phone failed to Regis

Hello,

My ATA HT488 is failing to Register with my latest Asterisk 1.8.4 setup. It work good with my Asterisk 1.4
I have same settings but getting errors in 1.8.4
Here is the SIP debug for same device using both Asterisks
In 1.8.4 i see error “[Dec 25 02:10:38] NOTICE[2496]: chan_sip.c:13740 check_auth: Correct auth, but based on stale nonce received from ‘“Nagpur” sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=f19affff67650000’”

Any help please
Thanks
Baba2s


Asterisk 1.4
<— SIP read from 59.95.75.120:5061 —>
REGISTER sip:xxxxxxxxx.redirectme.net SIP/2.0
Via: SIP/2.0/UDP 192.168.1.4:5061;branch=z9hG4bKe549ffff65beffff
From: “Nagpur” sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=f6a000002189ffff
To: sip:5001@xxxxxxxxx.redirectme.net;user=phone
Contact: *
Call-ID: 33c50000235bffff@192.168.1.4
CSeq: 100 REGISTER
Expires: 0
User-Agent: Grandstream HT488 1.0.2.16
Max-Forwards: 70
Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE
Content-Length: 0

<------------->
— (12 headers 0 lines) —
Using latest REGISTER request as basis request
Sending to 59.95.75.120 : 5061 (NAT)

<— Transmitting (NAT) to 59.95.75.120:5061 —>
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.4:5061;branch=z9hG4bKe549ffff65beffff;received=59.95.75.120
From: “Nagpur” sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=f6a000002189ffff
To: sip:5001@xxxxxxxxx.redirectme.net;user=phone
Call-ID: 33c50000235bffff@192.168.1.4
CSeq: 100 REGISTER
User-Agent: Mozilla/4.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Contact: sip:5001@69.123.4.213
Content-Length: 0

<------------>

<— Transmitting (NAT) to 59.95.75.120:5061 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.4:5061;branch=z9hG4bKe549ffff65beffff;received=59.95.75.120
From: “Nagpur” sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=f6a000002189ffff
To: sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=as3f8a4ae8
Call-ID: 33c50000235bffff@192.168.1.4
CSeq: 100 REGISTER
User-Agent: Mozilla/4.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="7ddd9ddf"
Content-Length: 0

<------------>
Scheduling destruction of SIP dialog ‘33c50000235bffff@192.168.1.4’ in 32000 ms (Method: REGISTER)
OpenWrt*CLI>
<— SIP read from 59.95.75.120:5061 —>
REGISTER sip:xxxxxxxxx.redirectme.net SIP/2.0
Via: SIP/2.0/UDP 192.168.1.4:5061;branch=z9hG4bK86f300001f7dffff
From: “Nagpur” sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=f6a000002189ffff
To: sip:5001@xxxxxxxxx.redirectme.net;user=phone
Contact: *
Authorization: Digest username=“5001”, realm=“asterisk”, algorithm=MD5, uri=“sip:xxxxxxxxx.redirectme.net”, nonce=“7ddd9ddf”, response="82552051f5ce6d69814d5e2f1dd54023"
Call-ID: 33c50000235bffff@192.168.1.4
CSeq: 101 REGISTER
Expires: 0
User-Agent: Grandstream HT488 1.0.2.16
Max-Forwards: 70
Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE
Content-Length: 0

<------------->
— (13 headers 0 lines) —
Using latest REGISTER request as basis request
Sending to 59.95.75.120 : 5061 (NAT)

<— Transmitting (NAT) to 59.95.75.120:5061 —>
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.4:5061;branch=z9hG4bK86f300001f7dffff;received=59.95.75.120
From: “Nagpur” sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=f6a000002189ffff
To: sip:5001@xxxxxxxxx.redirectme.net;user=phone
Call-ID: 33c50000235bffff@192.168.1.4
CSeq: 101 REGISTER
User-Agent: Mozilla/4.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Contact: sip:5001@69.123.4.213
Content-Length: 0

<------------>
– Unregistered SIP '5001’
OpenWrt*CLI>
<— Transmitting (NAT) to 59.95.75.120:5061 —>
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.4:5061;branch=z9hG4bK86f300001f7dffff;received=59.95.75.120
From: “Nagpur” sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=f6a000002189ffff
To: sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=as3f8a4ae8
Call-ID: 33c50000235bffff@192.168.1.4
CSeq: 101 REGISTER
User-Agent: Mozilla/4.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Expires: 0
Date: Sun, 25 Dec 2011 15:49:10 GMT
Content-Length: 0


Asterisk 1.8.4
<— SIP read from UDP:59.95.65.54:5060 —>
REGISTER sip:xxxxxxxxx.redirectme.net SIP/2.0
Via: SIP/2.0/UDP 192.168.1.4;branch=z9hG4bKac6affff5ecfffff
From: “Nagpur” sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=f19affff67650000
To: sip:5001@xxxxxxxxx.redirectme.net;user=phone
Contact: *
Call-ID: a5700000516affff@192.168.1.4
CSeq: 100 REGISTER
Expires: 0
User-Agent: Grandstream HT488 1.0.2.16
Max-Forwards: 70
Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE
Content-Length: 0

<------------->
— (12 headers 0 lines) —
Sending to 59.95.65.54:5060 (no NAT)

<— Transmitting (NAT) to 59.95.65.54:5060 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.4;branch=z9hG4bKac6affff5ecfffff;received=59.95.65.54;rport=5060
From: “Nagpur” sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=f19affff67650000
To: sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=as4c3ee815
Call-ID: a5700000516affff@192.168.1.4
CSeq: 100 REGISTER
Server: Mozilla/4.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="602f8be8 "
Content-Length: 0

<------------>
Scheduling destruction of SIP dialog ‘a5700000516affff@192.168.1.4’ in 32000 ms (Method: REGISTER)

<— SIP read from UDP:59.95.65.54:5060 —>
REGISTER sip:xxxxxxxxx.redirectme.net SIP/2.0
Via: SIP/2.0/UDP 192.168.1.4;branch=z9hG4bKef0000002bd20000
From: “Nagpur” sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=f19affff67650000
To: sip:5001@xxxxxxxxx.redirectme.net;user=phone
Contact: *
Authorization: Digest username=“5001”, realm=“asterisk”, algorithm=MD5, uri=“sip:xxxxxxxxx.redirectme.net”, nonce=“602f8be8”, response="5a21dd34bbcfb754b828c9224f74a481"
Call-ID: a5700000516affff@192.168.1.4
CSeq: 101 REGISTER
Expires: 0
User-Agent: Grandstream HT488 1.0.2.16
Max-Forwards: 70
Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE
Content-Length: 0

<------------->
— (13 headers 0 lines) —
Sending to 59.95.65.54:5060 (NAT)
[Dec 25 02:10:38] NOTICE[2496]: chan_sip.c:13740 check_auth: Correct auth, but based on stale nonce received from ‘“Nagpur” sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=f19affff67650000’

<— Transmitting (NAT) to 59.95.65.54:5060 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.4;branch=z9hG4bKef0000002bd20000;received=59.95.65.54;rport=5060
From: “Nagpur” sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=f19affff67650000
To: sip:5001@xxxxxxxxx.redirectme.net;user=phone;tag=as4c3ee815
Call-ID: a5700000516affff@192.168.1.4
CSeq: 101 REGISTER
Server: Mozilla/4.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="602f8be8 ", stale=true
Content-Length: 0

<------------>
Scheduling destruction of SIP dialog ‘a5700000516affff@192.168.1.4’ in 32000 ms (Method: REGISTER)

After old post searches, looks like it may be my Network firewall. not sure. My Router is WRT54GS-v4
My Firewall code is

config 'defaults’
option ‘syn_flood’ '1’
option ‘input’ 'ACCEPT’
option ‘output’ 'ACCEPT’
option ‘forward’ 'REJECT’
option ‘drop_invalid’ ‘1’

config 'zone’
option ‘name’ 'lan’
option ‘network’ 'lan’
option ‘input’ 'ACCEPT’
option ‘output’ 'ACCEPT’
option ‘forward’ ‘REJECT’

config 'zone’
option ‘name’ 'wan’
option ‘network’ 'wan’
option ‘input’ 'ACCEPT’
option ‘output’ 'ACCEPT’
option ‘forward’ 'REJECT’
option ‘masq’ '1’
option ‘mtu_fix’ ‘1’

config 'forwarding’
option ‘src’ 'lan’
option ‘dest’ 'wan’
config 'forwarding’
option ‘src’ 'wan’
option ‘dest’ ‘lan’

config 'rule’
option ‘src’ 'wan’
option ‘proto’ 'udp’
option ‘dest_port’ '68’
option ‘target’ 'ACCEPT’
option ‘family’ ‘ipv4’

config 'rule’
option ‘src’ 'wan’
option ‘proto’ 'icmp’
option ‘icmp_type’ 'echo-request’
option ‘family’ 'ipv4’
option ‘target’ ‘ACCEPT’

config 'rule’
option ‘src’ 'wan’
option ‘proto’ 'icmp’
list ‘icmp_type’ 'echo-request’
list ‘icmp_type’ 'destination-unreachable’
list ‘icmp_type’ 'packet-too-big’
list ‘icmp_type’ 'time-exceeded’
list ‘icmp_type’ 'bad-header’
list ‘icmp_type’ 'unknown-header-type’
list ‘icmp_type’ 'router-solicitation’
list ‘icmp_type’ 'neighbour-solicitation’
option ‘limit’ '1000/sec’
option ‘family’ 'ipv6’
option ‘target’ ‘ACCEPT’

config 'rule’
option ‘src’ 'wan’
option ‘dest’ '*'
option ‘proto’ 'icmp’
list ‘icmp_type’ 'echo-request’
list ‘icmp_type’ 'destination-unreachable’
list ‘icmp_type’ 'packet-too-big’
list ‘icmp_type’ 'time-exceeded’
list ‘icmp_type’ 'bad-header’
list ‘icmp_type’ 'unknown-header-type’
option ‘limit’ '1000/sec’
option ‘family’ 'ipv6’
option ‘target’ ‘ACCEPT’

config 'include’
option ‘path’ ‘/etc/firewall.user’

config 'rule’
option ‘src’ 'wan’
option ‘dest_port’ '5060-5079’
option ‘target’ 'ACCEPT’
option ‘proto’ ‘tcpudp’

config 'rule’
option ‘src’ 'wan’
option ‘dest_port’ '10000-64000’
option ‘target’ 'ACCEPT’
option ‘proto’ ‘udp’

========================================================
root@MYROUTER:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all – anywhere anywhere state INVALID
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all – anywhere anywhere
syn_flood tcp – anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
input_rule all – anywhere anywhere
input all – anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
DROP all – anywhere anywhere state INVALID
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
forwarding_rule all – anywhere anywhere
forward all – anywhere anywhere
reject all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all – anywhere anywhere state INVALID
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all – anywhere anywhere
output_rule all – anywhere anywhere
output all – anywhere anywhere

Chain forward (1 references)
target prot opt source destination
zone_lan_forward all – anywhere anywhere
zone_wan_forward all – anywhere anywhere

Chain forwarding_lan (1 references)
target prot opt source destination

Chain forwarding_rule (1 references)
target prot opt source destination
nat_reflection_fwd all – anywhere anywhere

Chain forwarding_wan (1 references)
target prot opt source destination

Chain input (1 references)
target prot opt source destination
zone_lan all – anywhere anywhere
zone_wan all – anywhere anywhere

Chain input_lan (1 references)
target prot opt source destination

Chain input_rule (1 references)
target prot opt source destination

Chain input_wan (1 references)
target prot opt source destination

Chain nat_reflection_fwd (1 references)
target prot opt source destination
ACCEPT tcp – 192.168.1.0/24 sunita-pc.lan tcp dpt:69
ACCEPT udp – 192.168.1.0/24 sunita-pc.lan udp dpt:tftp

Chain output (1 references)
target prot opt source destination
zone_lan_ACCEPT all – anywhere anywhere
zone_wan_ACCEPT all – anywhere anywhere

Chain output_rule (1 references)
target prot opt source destination

Chain reject (5 references)
target prot opt source destination
REJECT tcp – anywhere anywhere reject-with tcp-reset
REJECT all – anywhere anywhere reject-with icmp-port-unreachable

Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp – anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
DROP all – anywhere anywhere

Chain zone_lan (1 references)
target prot opt source destination
input_lan all – anywhere anywhere
zone_lan_ACCEPT all – anywhere anywhere

Chain zone_lan_ACCEPT (3 references)
target prot opt source destination
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere

Chain zone_lan_DROP (0 references)
target prot opt source destination
DROP all – anywhere anywhere
DROP all – anywhere anywhere

Chain zone_lan_REJECT (1 references)
target prot opt source destination
reject all – anywhere anywhere
reject all – anywhere anywhere

Chain zone_lan_forward (1 references)
target prot opt source destination
zone_wan_ACCEPT all – anywhere anywhere
forwarding_lan all – anywhere anywhere
zone_lan_REJECT all – anywhere anywhere

Chain zone_wan (1 references)
target prot opt source destination
ACCEPT udp – anywhere anywhere udp dpt:bootpc
ACCEPT icmp – anywhere anywhere icmp echo-request
ACCEPT tcp – anywhere anywhere tcp dpts:sip:5079
ACCEPT udp – anywhere anywhere udp dpts:sip:5079
ACCEPT udp – anywhere anywhere udp dpts:10000:64000
REJECT tcp – 192.168.3.178 anywhere reject-with icmp-port-unreachable
REJECT udp – 192.168.3.178 anywhere reject-with icmp-port-unreachable
ACCEPT tcp – anywhere anywhere tcp dpt:ssh
input_wan all – anywhere anywhere
zone_wan_ACCEPT all – anywhere anywhere

Chain zone_wan_ACCEPT (3 references)
target prot opt source destination
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere

Chain zone_wan_DROP (0 references)
target prot opt source destination
DROP all – anywhere anywhere
DROP all – anywhere anywhere

Chain zone_wan_REJECT (1 references)
target prot opt source destination
reject all – anywhere anywhere
reject all – anywhere anywhere

Chain zone_wan_forward (1 references)
target prot opt source destination
ACCEPT tcp – anywhere sunita-pc.lan tcp dpt:69
ACCEPT udp – anywhere sunita-pc.lan udp dpt:tftp
zone_lan_ACCEPT all – anywhere anywhere
forwarding_wan all – anywhere anywhere
zone_wan_REJECT all – anywhere anywhere

Installed Asterisk 1.8.7.1 and it resolved the issue. Thanks