Inbound calls fail to authenticate FROM header

Dario18 · January 19, 2021, 1:14pm

Hello,
Please can anyone help with this error with freePBX. the incoming calls receive this error.
Can chan_sip accept call with empty domain in FROM header? Can can this be enabled?

NOTICE[1031][C-00008c13]: chan_sip.c:19487 check_user_full: From address missing ‘sip:’, using it anyway
[2021-01-19 12:51:02] ERROR[1031][C-00008c13]: chan_sip.c:19497 check_user_full: Empty domain name in FROM header
[2021-01-19 12:51:02] NOTICE[1031][C-00008c13]: chan_sip.c:26602 handle_request_invite: Failed to authenticate device tel:555555555;noa=national;srvattri=national;tag=9oxn0kny

david551 · January 19, 2021, 1:29pm

We can’t help with FreePBX, but the problem here seems to be with the peer.

chan_sip does not support tel: URIs; support for them is not mandatory in SIP. I’m not sure if chan_pjsip does, but it might well not.

Also, this looks like it isn’t coming from a phone. In most cases, ITSPs and upstream PABXes don’t know how to authenticate themselves, so, when using the, only partially supported, chan_sip driver, you should use remotesecret, rather than secret in the configuration. I don’t know how to translate that into FreePBX screens, and without more details, I can’t be sure that it is the case. It is possible that FreePBX only supports the older, insecure=invite, method.

The details of authentication are different for the, recommended, chan_pjsip driver.

https://asteriskfaqs.org/2019/01/31/asterisk-users/tel-uri.html suggests that chan_pjsip has even less support for tel: URIs than chan_sip.

Dario18 · January 19, 2021, 1:44pm

Thanks david551 for the reply.
but they say in release note that asterisk support tel:URI.

channels/sip/include/sip.h, channels/chan_sip.c, CHANGES:
2014-04-12 02:27 +0000 [r412292] Matthew Jordan mjordan@digium.com

* channels/sip/reqresp_parser.c, CHANGES, channels/chan_sip.c:
  chan_sip: Support RFC-3966 TEL URIs in inbound INVITE requests
  This patch adds support for handling TEL URIs in inbound INVITE
  requests. This includes the Request URI and the From URI. The
  number specified in the Request URI will be the destination of
  the inbound channel in the dialplan. The phone-context specified
  in the Request URI will be stored in the TELPHONECONTEXT channel
  variable. Review: https://reviewboard.asterisk.org/r/3349
  ASTERISK-17179 #close Reported by: Geert Van Pamel Tested by:
  Geert Van Pamel patches:
  asterisk-12.0.0-chan_sip-RFC3966_patch.txt uploaded by Geert Van
  Pamel (License 6140)
  asterisk-12.0.0-reqresp_parser-RFC3966_patch.txt uploaded by
  Geert Van Pamel (License 6140)

freePBX has the same asterisk and I use insecure=very

the log says it is using it anyway but the problems seems the missing domain the the FROM header.

david551 · January 19, 2021, 1:59pm

Is the IP address from which the request comes the one that is set against the host parameter?

Which version of Asterisk are you actually using?

Also note that “very” is deprecated; you should use the specific sub-options for which you need to disable checks, normally “invite”, and only that.

Dario18 · January 19, 2021, 3:20pm

yes host has the ip( In my case fqdn) that the calls come in

asterisk version 16

yes i tried with invite also and doesn’t work

david551 · January 19, 2021, 3:45pm

I said IP for a reason. A FQDN can identify multiple IPs. If the configuration is resolved to one, but calls start coming from the other, there will not be a peer match on the caller.

Dario18 · January 19, 2021, 5:30pm

Yes also with IP and not working.

system · February 18, 2021, 4:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.