Incoming calls - authentication error

system · June 22, 2012, 8:56am

Running Asterisk 1.6.2.5-0ubuntu1

I’ve just added a new SIP provider. Outgoing calls are fine, but incoming calls fail with a 403 Forbidden error.

This is a SIP debug log showing the error occurring:

<--- SIP read from UDP:83.111.111.16:5060 --->
INVITE sip:s@192.168.1.7 SIP/2.0
Via: SIP/2.0/UDP 83.111.111.16:5060;branch=z9hG4bK6ibgqe00908htno0o741.1
From: <sip:01234111111@218.222.222.46>;tag=13452148002463ac
To: <sip:441234222333@83.111.111.17>
Max-Forwards: 15
Call-ID: 323297591-1064@SVIGateway
CSeq: 1 INVITE
Contact: <sip:01234111111@83.111.111.16:5060;transport=udp>
Content-Type: application/sdp
Content-Length: 253

v=0
o=- 1340353093 1340353093 IN IP4 83.111.111.16
s=-
c=IN IP4 83.111.111.16
t=0 0
m=audio 55564 RTP/AVP 8 0 101
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sqn: 0
a=cdsc: 1 image udptl t38

<------------->
--- (10 headers 12 lines) ---
  == Using SIP RTP CoS mark 5
Sending to 83.111.111.16 : 5060 (no NAT)
Using INVITE request as basis request - 323297591-1064@SVIGateway
[Jun 22 09:18:13] NOTICE[9498]: chan_sip.c:19961 handle_request_invite: Failed to authenticate device <sip:01234111111@218.222.222.46>;tag=13452148002463ac

<--- Reliably Transmitting (no NAT) to 83.111.111.16:5060 --->
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 83.111.111.16:5060;branch=z9hG4bK6ibgqe00908htno0o741.1;received=83.111.111.16
From: <sip:01234111111@218.222.222.46>;tag=13452148002463ac
To: <sip:441234222333@83.111.111.17>;tag=as5a3767bc
Call-ID: 323297591-1064@SVIGateway
CSeq: 1 INVITE
Server: Asterisk PBX 1.6.2.5-0ubuntu1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces, timer
Content-Length: 0

The relevant sections of sip.conf:

[code]register => 441234222333@providertsp.net:Password@provider

[provider]
type=friend
host=83.111.111.16
outboundproxy=mproxy3.providertsp.net
username=441234222333
secret=Password
fromuser=441234222333
fromdomain=providertsp.net
dtmfmode=rfc2833
nat=no
trustrpid=no ;we send it with SIPAddHeader in the dialplan
sendrpid=no
insecure=invite,port
qualify=yes
allow=alaw
context=incoming-provider
externip=83.111.111.46
[/code]

In the snippets above,
83.111.111.46 - our IP address (same provider as the SIP trunks)
83.111.111.16 - the host we register to
217.222.222.46 - the host’s SIP proxy
01234111111 - the number from which I am making the test call
441234222333 - our number with this provider

I assume the authentication error is caused by the calls coming from the host’s SIP proxy rather than the host we’re registered to; would that make sense?

If so, how can I allow incoming calls from this host?

Thanks in advance.

valer77 · June 24, 2012, 3:07pm

Try activating verbose in the console and see if there are any messages that explain the failure.

system · June 25, 2012, 8:35am

This appears in the middle of the sip debug log: NOTICE[9498]: chan_sip.c:19961 handle_request_invite: Failed to authenticate device sip:01234111111@217.222.222.46;tag=13452148002463ac

I’ve solved the problem by adding a section for 217.222.222.46 to sip.conf,

Topic		Replies	Views
Authentication behavior on incoming calls Asterisk SIP	9	48	September 11, 2024
Incoming call problems Asterisk Support	0	156	February 5, 2008
[solved] Asterisk as SIP UA / issues with outgoing calls Asterisk Support	1	602	June 2, 2009
[Resolved] SIP INVITE authentication failure Asterisk Support	4	2932	May 13, 2012
Fail2Ban and unauthorized invites Asterisk Support	18	5488	March 13, 2019

Incoming calls - authentication error

Related topics