Can not connect to my provider?

Hello

i try to connect to my french provider ovh with asterisk 12.

I try since several days and i always have this error :
[2014-09-02 23:31:21] NOTICE[2734]: chan_sip.c:15358 sip_reg_timeout: – Registration for '0033185xxxxxx@sip.ovh.fr’ timed out, trying again (Attempt #9)

here is my sip.conf :

[code][general]
language=fr
allowguest=yes
progressinband=yes
language=fr
;qualify=yes
canreinvite=no
Externip=xx.xxx.xxx.xxx
localnet=192.168.0.0/255.255.255.0
srvlookup=yes
bindport=5061
bindaddr=0.0.0.0
nat=force_rport,comedia
defaultexpiry = 3600

register => 0033185xxxxxx:password@sip.ovh.fr:5060

[forfait-ovh]
type=friend
host=sip.ovh.fr
context=ovh-sip
language=fr
insecure=port,invite
qualify=yes
defaultuser=0033185xxxxxx
secret=password
nat=yes
fromdomain=sip.ovh.fr
fromuser=0033185xxxxxx
canreinvite=no
dtmfmode=auto
video=no
restrictcid=no
amaflags=default
[/code]

and here is my trace :

[code]Retransmitting #3 (NAT) to 91.121.129.20:5060:
REGISTER sip:sip.ovh.fr SIP/2.0

Via: SIP/2.0/UDP xx.xxx.xxx.xxx:5061;branch=z9hG4bK2522692b;rport

Max-Forwards: 70

From: sip:0033185xxxxxx@sip.ovh.fr;tag=as7a1755f7

To: sip:0033185xxxxxx@sip.ovh.fr

Call-ID: 4fe870bd00e62559240dd0e243e47bb1@[::1]

CSeq: 108 REGISTER

Supported: replaces, timer

User-Agent: Asterisk PBX 12.3.2

Expires: 3600

Contact: sip:s@xx.xxx.xxx.xxx:5061

Content-Length: 0


localhost*CLI>

<— SIP read from UDP:91.121.129.20:5060 —>
SIP/2.0 401 Unauthorized
Call-ID: 4fe870bd00e62559240dd0e243e47bb1@[0:0:0:0:0:0:0:1]
CSeq: 108 REGISTER
From: sip:0033185xxxxxx@sip.ovh.fr;tag=as7a1755f7
To: sip:0033185xxxxxx@sip.ovh.fr;tag=00-08175-2d784759-523546ec1
Via: SIP/2.0/UDP xx.xxx.xxx.xxx:5061;received=xx.xxx.xxx.xxx;rport=5061;branch=z9hG4bK2522692b
WWW-Authenticate: Digest realm=“sip.ovh.fr”,nonce=“2d7842870f4ef61e335cee5b0a905cf7”,opaque=“2d73a9393bd9dfe”,stale=false,algorithm=MD5
Server: Cirpack/v4.56 (gw_sip)
Content-Length: 0[/code]

the password is ok.

Someone know what might be the problem ?

Thank you

We’ve seen this before. Your ITSP has broken handling of IPv6 based Call-IDs. Call-IDs are opaque and should be returned exactly as sent, not with IPv6 addresses normalised. I thought the workaround was an explicit fromdomain, but you already seem to have that.

Also note that allowguest=yes is normally bad security practice. canreinvite is definitely deprecated, and may have been withdrawn by version 12. insecure=port is rarely needed. remotesecret is a better way of solving the problem that insecure=invite normally addresses. Best practice is to use type=peer. nat=yes is being deprecated, although I believe there are still cases that are not covered by the individual sub options (the reason is almost certainly to encourage people to use only the sub-options that they actually need, most of which are not for your use of NAT).

The other thing that will probably help is to ensure that the reverse lookup on your domain name doesn’t result in the loopback address.