[Asterisk1.4] Username mismatch?

Hello there,

I have an odd problem with an Asterisk 1.4.34. I’ve also tested it with an Asterisk 1.8.10 and this problem does not occur there, so it is something in the 1.4.34-version.

The problem is when 2 accounts (considered as “friend”) are logged in from the same IP using the same port. Both accounts will have the status online and incoming phone calls work (on both accounts). Outgoing calls (so, account A starts dialing out while both account A and B are online from the same IP) is only working for the first logged in account.

The error log shows:

The INVITE from the client to the Asterisk is showing the good authorization-key, but the only response the client gets (and Asterisk sends) is a 401 unauthorized and the above warning in the messages.

Putting the client as a “peer” makes it work, but the billing cannot handle that. This is the “show peer” on a user

On a Asterisk 1.8.10, this problem does not occur. Upgrading to 1.8 is being planned, but as we are actually a business we cannot do it just like that without testing it.

Is there a way we can use our Asterisk 1.4.34 for using multiple accounts coming from one IP address (and one port) ?

As already found on this forum, if I put insecure=invite on both accounts, but for some reason we only see “accountB” dialing out and not a single time using accountA (while on the client PBX it actually uses the dial out on account A). For our billing, this is killing :mrgreen:

This is a part of the verbose on the 1.4 Asterisk using insecure=invite dialing out on account A:

and this is how it looked on the client which is an Asterisk 1.8.10

I see that I can install 1.4.42, can somebody tell me if this newer version has the same issues ?

insecure=invite only affects incoming calls.

Your 1.4 example is dialing out on signet, not on Account A, and that is being done explicitly in the diaplan. I would say that your dialplans were significantly different, and that you would need to provide the raw dialplans to be able to see what is actually happening. As the dialplan is not part of the Asterisk distribution, I wonder if this is a difference between versions of an Asterisk GUI, rather than between versions of Asterik.

Having multiple accounts on the same server is always a problem, but again that affects incoming calls, and would normally only affect them for a peer match. A user match can, though, conflict with CLID and is not something that an ITSP would normally support (hence one would normally only want to use peer).

I don’t really understand your billing issue, but it seems to me you have billing problem not a sip.conf section matching problem.

ok, it’s unclear :wink:

Here’s schematic how it is

–signet–[ Asterisk 1.4 ] ----- AccountA / AccountB — [ Asterisk 1.8 ] — different-clients

The Asterisk 1.8 has 2 accounts which are also on the Asterisk 1.4
The Asterisk 1.8 dials out to the 1.4 (where the billing is done) and in this case, goes to the “signet” line

If I put insecure=invite, it doesn’t matter which account I’m using to dial-out on the 1.8, it will always be either one of the accounts. Without the insecure=invite (so, insecure=null), I can only dial-out with one of the accounts (and the other one give the famous error in the first post).

I basically changed the 1.4 to a 1.8 and than the same situation works. So, 1.8 does support multiple accounts dial out coming from 1 IP address. But I want to get this working on the 1.4 Asterisk …

You’ve got allowguest set to on. Turn it off. (This will probably stop it working at all without insecure=invite.)

Your original question looked as though you were reporting a regression bug, but it looks more like you simply have the problem that when the source address is the only thing which selects the sip.conf entry, you can’t distinguish between calls from the same address.

The quick fix may be to use type=user and force the fromuser on the upstream side. In fact, I cannot think of any simple way of separating the two accounts if you don’t use fromuser.

If I set the type=user, my registration fails. The fromuser-option doesn’t make any difference.

Right now, I’m at the office again so I can actually check out more. I’m working at a provider and we use an Asterisk 1.4 machine to give VoIP to our customers. Customers are stated as “friend” and with a username+password they can connect to our VoIP-system. We are basically a VoIP-switch for we’re sending it all to our carrier, so no heavy PBX stuff done. Register a client, do some billing and then forward it directly to our upstream carrier.

The problem now is that we have customers who have multiple accounts (e.g. AccountA and AccountB) and only 1 PBX where they put both accounts in. For us, both accounts are coming from the same IP address and the same port. The only difference is within the REGISTER (different username/pass obviously) and whenever they make an INVITE we ask them to do an authorization as well. So, on every INVITE there’s an unique username/password again.

REGISTERING both accounts work flawless. They both are considered online and incoming phonecalls do work. The problem is outgoing phonecalls.

It seems that the first registered account (despite the authorization) is being remembered.
AccountA and AccountB are both online, AccountA makes INVITE and works, AccountB makes INVITE and it gives back a 401 Unauthorized to the customer (and in the logging it says

[quote]
chan_sip.c: username mismatch, have , digest has [/quote]

On an Asterisk 1.8.10 using the same settings, it works. On the 1.4.34, it doesn’t.

Here’s an example of the SIP user config (we’re having the whole configuration inside a MySQL database, sorry for the layout thing. csv can be made as well)

id	pid	customer	name	accountcode	amaflags	callgroup	callerid	canreinvite	context	defaultip	dtmfmode	fromuser	fromdomain	fullcontact	host	insecure	language	mailbox	md5secret	nat	deny	permit	mask	pickupgroup	port	qualify	restrictcid	rtptimeout	rtpholdtimeout	secret	type	username	disallow	allow	musiconhold	regseconds	ipaddr	regexten	cancallforward	lastms	t38pt_udptl	t38pt_usertpsource	setvar	senddnid	maxchannels
1452	NULL	Customer A	accountA	accountA	NULL	NULL	NULL	no	customers	NULL	NULL	NULL	pbx.signet.nl	sip:accountA@172.16.255.5:5060	dynamic	NULL	NULL	NULL	NULL	yes	NULL	NULL	NULL	NULL	40532	yes	NULL	NULL	NULL	password	friend	accountA	all	alaw;ulaw;gsm;g729	NULL	1338365192	9xx.xxx.xxx.xx	accountA	no	74	NULL	NULL		y	4
3254	NULL	Customer B	accountB	accountB	NULL	NULL	NULL	no	customers	NULL	NULL	NULL	pbx.signet.nl	sip:accountB@172.16.255.5:5060	dynamic	NULL	NULL	NULL	NULL	yes	NULL	NULL	NULL	NULL	40532	yes	NULL	NULL	NULL	password	friend	accountB	all	alaw;ulaw;gsm;g729	NULL	13365345	9xx.xxx.xxx.xx	accountB	no	74	NULL	NULL		y	1

So, when account B dials out (while both registered, online and having the good credentials), it simply will be denied on Asterisk 1.4.34. My question is, will this work on a newer Asterisk 1.4.xx or can I get this working withing version 1.4.34 ?

Again, it does work on 1.8.10 using these exact settings.