Can not connect to my provider?

Asterisk Asterisk Support
#1

Hello

i try to connect to my french provider ovh with asterisk 12.

I try since several days and i always have this error :
[2014-09-02 23:31:21] NOTICE[2734]: chan_sip.c:15358 sip_reg_timeout: – Registration for '0033185xxxxxx@sip.ovh.fr’ timed out, trying again (Attempt #9)

here is my sip.conf :

[code][general]
language=fr
allowguest=yes
progressinband=yes
language=fr
;qualify=yes
canreinvite=no
Externip=xx.xxx.xxx.xxx
localnet=192.168.0.0/255.255.255.0
srvlookup=yes
bindport=5061
bindaddr=0.0.0.0
nat=force_rport,comedia
defaultexpiry = 3600

register => 0033185xxxxxx:password@sip.ovh.fr:5060

[forfait-ovh]
type=friend
host=sip.ovh.fr
context=ovh-sip
language=fr
insecure=port,invite
qualify=yes
defaultuser=0033185xxxxxx
secret=password
nat=yes
fromdomain=sip.ovh.fr
fromuser=0033185xxxxxx
canreinvite=no
dtmfmode=auto
video=no
restrictcid=no
amaflags=default
[/code]

and here is my trace :

[code]Retransmitting #3 (NAT) to 91.121.129.20:5060:
REGISTER sip:sip.ovh.fr SIP/2.0

Via: SIP/2.0/UDP xx.xxx.xxx.xxx:5061;branch=z9hG4bK2522692b;rport

Max-Forwards: 70

From: sip:0033185xxxxxx@sip.ovh.fr;tag=as7a1755f7

To: sip:0033185xxxxxx@sip.ovh.fr

Call-ID: 4fe870bd00e62559240dd0e243e47bb1@[::1]

CSeq: 108 REGISTER

Supported: replaces, timer

User-Agent: Asterisk PBX 12.3.2

Expires: 3600

Contact: sip:s@xx.xxx.xxx.xxx:5061

Content-Length: 0

localhost*CLI>

<— SIP read from UDP:91.121.129.20:5060 —>
SIP/2.0 401 Unauthorized
Call-ID: 4fe870bd00e62559240dd0e243e47bb1@[0:0:0:0:0:0:0:1]
CSeq: 108 REGISTER
From: sip:0033185xxxxxx@sip.ovh.fr;tag=as7a1755f7
To: sip:0033185xxxxxx@sip.ovh.fr;tag=00-08175-2d784759-523546ec1
Via: SIP/2.0/UDP xx.xxx.xxx.xxx:5061;received=xx.xxx.xxx.xxx;rport=5061;branch=z9hG4bK2522692b
WWW-Authenticate: Digest realm=“sip.ovh.fr”,nonce=“2d7842870f4ef61e335cee5b0a905cf7”,opaque=“2d73a9393bd9dfe”,stale=false,algorithm=MD5
Server: Cirpack/v4.56 (gw_sip)
Content-Length: 0[/code]

the password is ok.

Someone know what might be the problem ?

Thank you

#2

We’ve seen this before. Your ITSP has broken handling of IPv6 based Call-IDs. Call-IDs are opaque and should be returned exactly as sent, not with IPv6 addresses normalised. I thought the workaround was an explicit fromdomain, but you already seem to have that.

Also note that allowguest=yes is normally bad security practice. canreinvite is definitely deprecated, and may have been withdrawn by version 12. insecure=port is rarely needed. remotesecret is a better way of solving the problem that insecure=invite normally addresses. Best practice is to use type=peer. nat=yes is being deprecated, although I believe there are still cases that are not covered by the individual sub options (the reason is almost certainly to encourage people to use only the sub-options that they actually need, most of which are not for your use of NAT).

#3

The other thing that will probably help is to ensure that the reverse lookup on your domain name doesn’t result in the loopback address.