Forbidden - wrong password on authentication

Asterisk Asterisk Support
#1

Hello,

i don’t understand why i get this error on Cento OS 6 with asterisk 1.8 :

Here is my sip.conf :

[code][general]
nat=yes
registertimeout=20
context=incoming
allowoverlap=no
bindport=5060
bindaddr=0.0.0.0
srvlookup=yes
language=fr
dtmfmode=auto
qualify=yes
subscribecontext=from-sip
register =>003397233xxxx:xxxx@sip.ovh.fr

; The SIP provider
[VoIPProvider]
canreinvite=no
username=003397233xxxx
fromuser=003397233xxxx
secret=xxxxxx
context=incoming
type=friend
fromdomain=sip.ovh.fr
host=sip.ovh.fr
dtmfmode=rfc2833
disallow=all
allow=alaw
allow=ulaw
nat=yes
insecure=very
[/code]

I know my login pass are good because i loged on X-Lite with the same parameters, and it s working.

Can you help me ?

Best regards

#2

Maybe you need to add the context to the register-string like

register =>003397233xxxx:xxxx@sip.ovh.fr/003397233xxxx

But I don’t know the sip-protocol that well to answer why it is giving wrong password as an error

#3

The best people to ask is ovh.fr. Assuming they are providing business type SIP access, they should have the correct configuration information.

Without knowledge of their requirements, I would have to suggest that the second xxxx is wrong.

Note that this configuration will fail when you get an actual inbound call, as insecure=very has been replaced by its component parts. Also note that you normally only need one of those and you normally don’t need nat at all.

If you are actually behind NAT, you should have externaddr, externip or stunaddr.

#4

On the configuration of the sip trunk, add this parameter:
remotesecret=your-sip-account-pass

and then reload your sip conf, (sip reload).

#5

thanks for your answers !

I tried what you told me :

  • add the context to the register-string -> but i still have an error
  • add externip -> but i still have an error
  • add remotesecret=your-sip-account-pass -> but i still have an error

i realy don’t understand what happened.

Do i have to configure CentOS firewall ?
How can i know if the port 5060 is opened ?
any ideas ?

thanks!

#6

You don’t appear to have firewall problems. Otherwise you would not have received the error. Everything points to a wrong password.

Again, if the account is intended for commercial use, the ITSP should have an Asterisk configuration. If they don’t, choose one that does. If the account is a intended for a single IP phone, consider getting an account that is intended for PABX use.

Turning on sip debugging may give some clues, but I think the basic problem is that you haven’t met the ITSP’s requirements.

#7

remotesecret seems to be new for 1.8. It looks like it is a better alternative to insecure, so one probably doesn’t need insecure at all. However, if you use it, you should not specify secret in a case that previously needed insecure.

Specifying insecure=very on 1.8 is equivalent to setting insecure=no, so inbound calls will fail if you have secret set and the normal situation where the ITSP doesn’t authenticate itself to you applies.

#8

Ok, you find the problem

i had to set my server IP, in OVH customer manager, for security reason.

It s a new security rule :unamused:

Sorry for disturbing you and thanks a lot !

++