Issue registering in grandstream

isthari · November 14, 2023, 10:47am

I have an grandstream PBX in the cloud
I need to register asterisk in that PBX to make calls

Some times the registration is ok, sometimes is not working

This is the configuration

[USER]
type=registration
transport=transport-udp-nat
outbound_auth=USER
server_uri=sip:USER@GRANDSTREAM.COM:7160
client_uri=sip:USER@GRANDSTREAM.COM
retry_interval=60
expiration=120
contact_user=3021
max_retries=0

[USER]
type=auth
auth_type=userpass
password=PASSWORD
username=USER

[USER]
type=aor
contact=sip:GRANDSTREAM.COM

[USER]
type=endpoint
transport=transport-udp-nat
context=USER
disallow=all
allow=opus
outbound_auth=USER
aors=USER
from_user=USER
direct_media=no

Sometimes asterisk sends the first REGISTER, grandstream answers with 401 unauthorized and the nonce, but asterisk does not send the new register with the password
This is the full capture

REGISTER sip:USER@GRANDSTREAM.COM:7160 SIP/2.0
Via: SIP/2.0/UDP ASTERISK-IP:5060;rport;branch=z9hG4bKPj31545c4c-3176-407b-9b49-ab98c4922025
From: <sip:USER@GRANDSTREAM.COM>;tag=2ca783ba-bfb5-4032-b0f8-8c44cf001ca9
To: <sip:USER@GRANDSTREAM.COM>
Call-ID: b482ecfd-dfe1-4864-95f5-15a31efd765c
CSeq: 30348 REGISTER
Contact: <sip:USER@ASTERISK-IP:5060>
Expires: 120
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, REFER, MESSAGE
Max-Forwards: 70
User-Agent: Asterisk PBX 16.2.1~dfsg-2ubuntu1
Content-Length:  0


SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP ASTERISK-IP:5060;rport=5060;received=ASTERISK-IP;branch=z9hG4bKPj31545c4c-3176-407b-9b49-ab98c4922025
Call-ID: b482ecfd-dfe1-4864-95f5-15a31efd765c
From: <sip:USER@GRANDSTREAM.COM>;tag=2ca783ba-bfb5-4032-b0f8-8c44cf001ca9
To: <sip:USER@GRANDSTREAM.COM>;tag=z9hG4bKPj31545c4c-3176-407b-9b49-ab98c4922025
CSeq: 30348 REGISTER
WWW-Authenticate: Digest realm="grandstream",nonce="1699960608/39a8e7a335e68a33c888d6ae31beb479",opaque="48e793d541b1e193",algorithm=md5,qop="auth"
Server: Grandstream UCM6302V1.2C 1.0.15.10
Content-Length:  0

david551 · November 14, 2023, 1:26pm

What does Asterisk log when it receives the 401 response?

isthari · November 14, 2023, 7:23pm

File /var/log/asterisk/full has nothing, only

res_pjsip_outbound_registration.c:977 handle_registration_response: Maximum retries reached when attempting outbound registration to 'sip:USER@GRANDSTREAM.COM:7160' with client 'sip:USER@GRANDSTREAM.COM', stopping registration attempt

david551 · November 14, 2023, 7:55pm

Where did you capture the 401 response?

isthari · November 15, 2023, 9:56am

I’ve capture the data with tcpdump

If I execute
pjsip set logger on

After enable logging, I only have the outbound REGISTER in the log, but I cannot see the 401 message in the asterisk log

david551 · November 15, 2023, 2:29pm

Either the port number is wrong in the destination of the 401, or its sender is being blocked by the Linux (iptables) firewall.

isthari · November 15, 2023, 4:07pm

Thank you very much !

Grandstream was sending NOTIFY and OPTIONS messages.
Fail2ban detects these messages and finally blocks the IP address

Solved adding the ip address to fail2ban whitelist

system · December 15, 2023, 4:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problems registering grandstream 2000 phone outside firewall Asterisk Support	0	215	February 26, 2009
SIP registration Asterisk Support	7	261	March 17, 2009
Can't Register Asterisk Support	9	382	October 28, 2009
Can not register SIP phones. What am I missing? Asterisk Support	3	368	February 1, 2008
Account not registered using TLS Asterisk Support	1	258	January 9, 2014

Issue registering in grandstream

Related topics