[HELP] Wrong password after some register

Asterisk Asterisk Support
1

Hello,

I have a strange issue with my VOIP Provider.

This service work fine with provider app (On Smartphone for example) I have compared SIP data with the app and asterisk and it’s the same.

I can make a call before the bug.

The issue :
I log to my VOIP Provider with asterisk it’s work fine but after some time (10mn) on the next registration I get a “Wrong password” message.

After that it’s impossible to make a call (I get a forbidden message).

I have tried to modify the expiry time / min expiry max expiry ect but same issue.

The only way for get registry is stop and restart asterisk , a sip reload didn’t solve this issue.

My register configuration :

[general] 
externalhost=me.homeip.net
defaultexpirey=3600
context=default
srvlookup=yes
port=5060
transport=udp
allow=all
dtmfmode=rfc2833
language=fr
useragent = Linphone (eXosip2/3.6.0)
qualify=yes
realm=Talk

register => XXXXXX@voip.myvoipprovider.com:MYPASSWORD@voip.myvoipprovider.com:5060~3600

The SIP debug output :

[code][Sep 16 10:39:54] NOTICE[4465]: chan_sip.c:13113 sip_reregister: – Re-registration for XXXXXX@voip.myvoipprovider.com
> doing dnsmgr_lookup for 'voip.myvoipprovider.com
REGISTER 10 headers, 0 lines
Reliably Transmitting (NAT) to 38.103.29.26:5060:
REGISTER sip:voip.myvoipprovider.com SIP/2.0
Via: SIP/2.0/UDP 192.168.5.19:5060;branch=z9hG4bK55fe7291;rport
Max-Forwards: 70
From: sip:XXXXXX@voip.myvoipprovider.com;tag=as4d10694b
To: sip:XXXXXX@voip.myvoipprovider.com
Call-ID: 052d1c376bf887d80b7358057ff295fe@127.0.1.1
CSeq: 102 REGISTER
User-Agent: Linphone (eXosip2/3.6.0)
Expires: 3600
Contact: sip:s@192.168.5.19:5060
Content-Length: 0

<— SIP read from UDP:38.103.29.26:5060 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.5.19:5060;received=192.168.5.19;branch=z9hG4bK55fe7291;rport=5060
From: sip:XXXXXX@voip.myvoipprovider.com;tag=as4d10694b
To: sip:XXXXXX@voip.myvoipprovider.com;tag=f5eaaea5fd6993ecac60164b5923a525-5b41
Call-ID: 052d1c376bf887d80b7358057ff295fe@127.0.1.1
CSeq: 102 REGISTER
WWW-Authenticate: Digest realm=“voip.myvoipprovider.com”, nonce=“5236c40200003be007399f3708a58adc71536513dfe83ec1”, qop="auth"
Server: OpenSIPS (1.8.3-notls (x86_64/linux))
Content-Length: 0

<------------->
— (9 headers 0 lines) —
Responding to challenge, registration to domain/host name voip.myvoipprovider.com
> doing dnsmgr_lookup for 'voip.myvoipprovider.com
REGISTER 11 headers, 0 lines
Reliably Transmitting (NAT) to 38.103.29.26:5060:
REGISTER sip:voip.myvoipprovider.com SIP/2.0
Via: SIP/2.0/UDP 192.168.5.19:5060;branch=z9hG4bK6abb6db5;rport
Max-Forwards: 70
From: sip:XXXXXX@voip.myvoipprovider.com;tag=as71705638
To: sip:XXXXXX@voip.myvoipprovider.com
Call-ID: 052d1c376bf887d80b7358057ff295fe@127.0.1.1
CSeq: 103 REGISTER
User-Agent: Linphone (eXosip2/3.6.0)
Authorization: Digest username=“XXXXXX”, realm=“voip.myvoipprovider.com”, algorithm=MD5, uri=“sip:voip.myvoipprovider.com”, nonce=“5236c40200003be007399f3708a58adc71536513dfe83ec1”, response=“8651ca1cc47af49fc03ace38cf2c18d8”, qop=auth, cnonce=“3f13d718”, nc=00000001
Expires: 3600
Contact: sip:s@192.168.5.19:5060
Content-Length: 0

<— SIP read from UDP:38.103.29.26:5060 —>
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.5.19:5060;received=192.168.5.19;branch=z9hG4bK6abb6db5;rport=5060
From: sip:XXXXXX@voip.myvoipprovider.com;tag=as71705638
To: sip:XXXXXX@voip.myvoipprovider.com;tag=f5eaaea5fd6993ecac60164b5923a525-4974
Call-ID: 052d1c376bf887d80b7358057ff295fe@127.0.1.1
CSeq: 103 REGISTER
Contact: sip:s@192.168.5.19:5060;expires=600
Server: OpenSIPS (1.8.3-notls (x86_64/linux))
Content-Length: 0

<------------->
— (11 headers 0 lines) —
Scheduling destruction of SIP dialog ‘052d1c376bf887d80b7358057ff295fe@127.0.1.1’ in 32000 ms (Method: REGISTER)
[Sep 16 10:39:55] NOTICE[4465]: chan_sip.c:20836 handle_response_register: Outbound Registration: Expiry for voip.myvoipprovider.com is 600 sec (Scheduling reregistration in 585 s)
Really destroying SIP dialog ‘052d1c376bf887d80b7358057ff295fe@127.0.1.1’ Method: REGISTER
[Sep 16 10:49:40] NOTICE[4465]: chan_sip.c:13113 sip_reregister: – Re-registration for XXXXXX@voip.myvoipprovider.com
> doing dnsmgr_lookup for 'voip.myvoipprovider.com
REGISTER 11 headers, 0 lines
Reliably Transmitting (NAT) to 38.103.29.26:5060:
REGISTER sip:voip.myvoipprovider.com SIP/2.0
Via: SIP/2.0/UDP 192.168.5.19:5060;branch=z9hG4bK584691da;rport
Max-Forwards: 70
From: sip:XXXXXX@voip.myvoipprovider.com;tag=as296e679e
To: sip:XXXXXX@voip.myvoipprovider.com
Call-ID: 052d1c376bf887d80b7358057ff295fe@127.0.1.1
CSeq: 104 REGISTER
User-Agent: Linphone (eXosip2/3.6.0)
Authorization: Digest username=“XXXXXX”, realm=“voip.myvoipprovider.com”, algorithm=MD5, uri=“sip:voip.myvoipprovider.com”, nonce=“5236c40200003be007399f3708a58adc71536513dfe83ec1”, response=“cae399a017b139a00167e99c455b9e81”, qop=auth, cnonce=“018d11c6”, nc=00000002
Expires: 3600
Contact: sip:s@192.168.5.19:5060
Content-Length: 0

<— SIP read from UDP:38.103.29.26:5060 —>
SIP/2.0 403 403 Forbidden
Via: SIP/2.0/UDP 192.168.5.19:5060;received=192.168.5.19;branch=z9hG4bK584691da;rport=5060
From: sip:XXXXXX@voip.myvoipprovider.com;tag=as296e679e
To: sip:XXXXXX@voip.myvoipprovider.com;tag=6dedfa2df1b3058d6765e950ddf871e6.40ee
Call-ID: 052d1c376bf887d80b7358057ff295fe@127.0.1.1
CSeq: 104 REGISTER
Server: OpenSIPS (1.8.3-notls (x86_64/linux))
Content-Length: 0

<------------->
— (8 headers 0 lines) —
[Sep 16 10:49:40] WARNING[4465]: chan_sip.c:20720 handle_response_register: Forbidden - wrong password on authentication for REGISTER for ‘XXXXXX’ to 'voip.myvoipprovider.com
Really destroying SIP dialog ‘052d1c376bf887d80b7358057ff295fe@127.0.1.1’ Method: REGISTER
Executing last minute cleanups
== Destroying musiconhold processes
Asterisk cleanly ending (0).
root@debian7:~#
[/code]

Someone can help me ?

I didn’t know why I get a Forbidden and after a restart of asterisk it work for 10mn again.

2

Looks like it is responding badly to a stale nonce. It should send 401 with the updated nonce.

3

what can i do for this ?

4

I’m fairly sure this has to be fixed at the remote end.

5

On remote end the provider doesn’t want modify anything.

is there an another way ?

6

Find a programmer and get them to modify the Asterisk source code.

In any case, this is going to need more analysis than I have time to give here.

7

Ok,

Thanks for your help.

I have also this issue with an another service of the same provider.

8

This bug report issues.asterisk.org/jira/browse/ASTERISK-17138 just popped up again (because a change in the responsible person), and is probably describing the same basic issue at the ITSP end to the one you are seeing. Note that the ITSP involved here accepts that Asterisk is operating within what the SIP standards permit, even though they suggest a change in the way that Asterisk handles the situation.

9

Hi

Good to know but, even if I make a SIP reload I still unregistred with “Wrong authentification message”

If I have all understand it’s only for retry a registration after the forbidden message.