Making calls | 407 Proxy Authentication Required Issues


#1

New Asterisk user in need of some help:

I have the following setup:

X-Lite1
X-Lite2 <–> SBC <–> Asterisk

And this is within an internal LAN in the office.

I am able to register but not able to make a call. When attempting to make calls, I get a 407 Proxy Authentication Required, a second INVITE with the proper authentication info is sent, but I never get a 200OK back from the ASTERISK, instead a second 407 Proxy Authentication Required…

X-Lite == 10.x.x.x
SBC Un-trusted == x.x.x.5
SBC Trusted == x.x.x.151
ASTERISK == x.x.x.74

<-- SIP read from x.x.x.151:5060:
REGISTER sip:x.x.x.74:5060 SIP/2.0
v:SIP/2.0/UDP x.x.x.151:5060;branch=z9hG4bK761ec80b02c32f2aa88adeb1c03e099e-0
f:ARMIN sip:+15065441205@x.x.x.151:5060;tag=d257665bbe1dcf68e572724300e0fa9d
t:ARMIN sip:+15065441205@x.x.x.74:5060
m:sip:6E43695465-171c3ae705a02ee12b89b38de0f85202@x.x.x.151:5060
i:5797111ad2a53ff350bb9775bd128dff-43f601f1@x.x.x.151
CSeq:25705 REGISTER
Expires:1800
Max-Forwards:70
User-Agent: X-Lite release 1105x
l:0

— (11 headers 0 lines)—
Using latest REGISTER request as basis request
Sending to x.x.x.151 : 5060 (non-NAT)
Transmitting (NAT) to x.x.x.151:5060:
SIP/2.0 100 Trying
v: SIP/2.0/UDP x.x.x.151:5060;branch=z9hG4bK761ec80b02c32f2aa88adeb1c03e099e-0;received=x.x.x.151
f: ARMIN sip:+15065441205@x.x.x.151:5060;tag=d257665bbe1dcf68e572724300e0fa9d
t: ARMIN sip:+15065441205@x.x.x.74:5060
i: 5797111ad2a53ff350bb9775bd128dff-43f601f1@x.x.x.151
CSeq: 25705 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Max-Forwards: 70
m: sip:+15065441205@x.x.x.74
l: 0


Transmitting (NAT) to x.x.x.151:5060:
SIP/2.0 401 Unauthorized
v: SIP/2.0/UDP x.x.x.151:5060;branch=z9hG4bK761ec80b02c32f2aa88adeb1c03e099e-0;received=x.x.x.151
f: ARMIN sip:+15065441205@x.x.x.151:5060;tag=d257665bbe1dcf68e572724300e0fa9d
t: ARMIN sip:+15065441205@x.x.x.74:5060;tag=as6d4b4848
i: 5797111ad2a53ff350bb9775bd128dff-43f601f1@x.x.x.151
CSeq: 25705 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
ax-Forwards: 70
m: sip:+15065441205@x.x.x.74
WWW-Authenticate: Digest realm=“x.x.x.5”, nonce="260f927b"
l: 0


Scheduling destruction of call '5797111ad2a53ff350bb9775bd128dff-43f601f1@x.x.x.151’ in 15000 ms
dllcs*CLI>
<-- SIP read from x.x.x.151:5060:
REGISTER sip:x.x.x.74:5060 SIP/2.0
v:SIP/2.0/UDP x.x.x.151:5060;branch=z9hG4bKa52ecda07dce9a37b4325bf44cc3e35b-0
f:ARMIN sip:+15065441205@x.x.x.151:5060;tag=d257665bbe1dcf68e572724300e0fa9d
t:ARMIN sip:+15065441205@x.x.x.74:5060
m:sip:6E43695465-171c3ae705a02ee12b89b38de0f85202@x.x.x.151:5060
i:5797111ad2a53ff350bb9775bd128dff-43f601f1@x.x.x.151
CSeq:25706 REGISTER
Expires:1800
Authorization: Digest username="+15065441205",realm=“x.x.x.5”,nonce=“260f927b”,response=“cea1c7cb35414e1b2b3bb393c12b23b2”,uri="sip:x.x.x.5"
Max-Forwards:70
User-Agent: X-Lite release 1105x
l:0

— (12 headers 0 lines)—
Using latest REGISTER request as basis request
Sending to x.x.x.151 : 5060 (NAT)
Transmitting (NAT) to x.x.x.151:5060:
SIP/2.0 100 Trying
v: SIP/2.0/UDP x.x.x.151:5060;branch=z9hG4bKa52ecda07dce9a37b4325bf44cc3e35b-0;received=x.x.x.151
f: ARMIN sip:+15065441205@x.x.x.151:5060;tag=d257665bbe1dcf68e572724300e0fa9d
t: ARMIN sip:+15065441205@x.x.x.74:5060
i: 5797111ad2a53ff350bb9775bd128dff-43f601f1@x.x.x.151
CSeq: 25706 REGISTER
User-Agent: Asterisk PBX
llow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Max-Forwards: 70
m: sip:+15065441205@x.x.x.74
l: 0


Transmitting (NAT) to x.x.x.151:5060:
SIP/2.0 200 OK
v: SIP/2.0/UDP x.x.x.151:5060;branch=z9hG4bKa52ecda07dce9a37b4325bf44cc3e35b-0;received=x.x.x.151
f: ARMIN sip:+15065441205@x.x.x.151:5060;tag=d257665bbe1dcf68e572724300e0fa9d
t: ARMIN sip:+15065441205@x.x.x.74:5060;tag=as6d4b4848
i: 5797111ad2a53ff350bb9775bd128dff-43f601f1@x.x.x.151
CSeq: 25706 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Max-Forwards: 70
Expires: 1800
m: sip:6E43695465-171c3ae705a02ee12b89b38de0f85202@x.x.x.151:5060;expires=1800
Date: Fri, 17 Feb 2006 18:19:34 GMT
l: 0


Scheduling destruction of call '5797111ad2a53ff350bb9775bd128dff-43f601f1@x.x.x.151’ in 15000 ms
dllcs*CLI>

<-- SIP read from x.x.x.151:5060:
INVITE sip:+15065441209@x.x.x.74:5060 SIP/2.0
v:SIP/2.0/UDP x.x.x.151:5060;branch=z9hG4bK8653a328ed0f97585dda53a4942b78e4-0
f:ARMIN sip:+15065441205@x.x.x.151:5060;tag=ec224c661d9b5d80be7ec0300d65bcc4
t:sip:+15065441209@x.x.x.74:5060
m:sip:0-0ab5612113c474793299@x.x.x.151:5060;transport=udp
i:b3ae65d5fae7de7819c9f4678413d0b4-43f60123@x.x.x.151
CSeq:57194 INVITE
Max-Forwards:70
c:application/sdp
User-Agent: X-Lite release 1105x
l:313

v=0
o=+15065441205 4200 420000 IN IP4 x.x.x.225
s=X-Lite
c=IN IP4 x.x.x.225
t=0 0
m=audio 9282 RTP/AVP 0 8 3 98 97 101
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:3 gsm/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:97 speex/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv

— (11 headers 14 lines)—
Using INVITE request as basis request - b3ae65d5fae7de7819c9f4678413d0b4-43f60123@x.x.x.151
Sending to x.x.x.151 : 5060 (non-NAT)
Reliably Transmitting (NAT) to x.x.x.151:5060:
SIP/2.0 407 Proxy Authentication Required
v: SIP/2.0/UDP x.x.x.151:5060;branch=z9hG4bK8653a328ed0f97585dda53a4942b78e4-0;received=x.x.x.151
f: ARMIN sip:+15065441205@x.x.x.151:5060;tag=ec224c661d9b5d80be7ec0300d65bcc4
t: sip:+15065441209@x.x.x.74:5060;tag=as35de5cc9
i: b3ae65d5fae7de7819c9f4678413d0b4-43f60123@x.x.x.151
CSeq: 57194 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Max-Forwards: 70
m: sip:+15065441209@x.x.x.74
Proxy-Authenticate: Digest realm=“x.x.x.5”, nonce="0e62ff1f"
l: 0


Scheduling destruction of call 'b3ae65d5fae7de7819c9f4678413d0b4-43f60123@x.x.x.151’ in 15000 ms
Found user '+15065441205’
dllcs*CLI>
<-- SIP read from x.x.x.151:5060:
ACK sip:+15065441209@x.x.x.74:5060 SIP/2.0
v:SIP/2.0/UDP x.x.x.151:5060;branch=z9hG4bK8653a328ed0f97585dda53a4942b78e4-0
f:ARMIN sip:+15065441205@x.x.x.151:5060;tag=ec224c661d9b5d80be7ec0300d65bcc4
t:sip:+15065441209@x.x.x.74:5060;tag=as35de5cc9
m:sip:0-0ab5612113c474793299@x.x.x.151:5060;transport=udp
i:b3ae65d5fae7de7819c9f4678413d0b4-43f60123@x.x.x.151
CSeq:57194 ACK
Max-Forwards:70
User-Agent: X-Lite release 1105x
l:0

— (10 headers 0 lines)—
dllcs*CLI>
<-- SIP read from x.x.x.151:5060:
INVITE sip:+15065441209@x.x.x.74:5060 SIP/2.0
v:SIP/2.0/UDP x.x.x.151:5060;branch=z9hG4bK017f87dc53a69e5b78d6660eb4165464-0
f:ARMIN sip:+15065441205@x.x.x.151:5060;tag=7b73490a0a9f6f3649e17db555bd9b94
t:sip:+15065441209@x.x.x.74:5060
m:sip:0-0ab5612113c474793299@x.x.x.151:5060;transport=udp
i:792610e4f74e33a000ce7078648b7108-43f60123@x.x.x.151
CSeq:27564 INVITE
Proxy-Authorization:Digest username="+15065441205",realm=“x.x.x.5”,nonce=“0e62ff1f”,response=“e4b1b3f7a8052bcd44e24e7080f38a2e”,uri=“sip:+15065441209@x.x.x.5”
Max-Forwards:70
c:application/sdp
User-Agent: X-Lite release 1105x
l:313

v=0
o=+15065441205 4400 440000 IN IP4 x.x.x.225
s=X-Lite
c=IN IP4 x.x.x.225
t=0 0
m=audio 9284 RTP/AVP 0 8 3 98 97 101
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:3 gsm/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:97 speex/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv

— (12 headers 14 lines)—
Using INVITE request as basis request - 792610e4f74e33a000ce7078648b7108-43f60123@x.x.x.151
Sending to x.x.x.151 : 5060 (non-NAT)
Reliably Transmitting (NAT) to x.x.x.151:5060:
SIP/2.0 407 Proxy Authentication Required
v: SIP/2.0/UDP x.x.x.151:5060;branch=z9hG4bK017f87dc53a69e5b78d6660eb4165464-0;received=x.x.x.151
f: ARMIN sip:+15065441205@x.x.x.151:5060;tag=7b73490a0a9f6f3649e17db555bd9b94
t: sip:+15065441209@x.x.x.74:5060;tag=as029517b3
i: 792610e4f74e33a000ce7078648b7108-43f60123@x.x.x.151
CSeq: 27564 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Max-Forwards: 70
m: sip:+15065441209@x.x.x.74
Proxy-Authenticate: Digest realm=“x.x.x.5”, nonce="30bdeef4"
l: 0


Scheduling destruction of call '792610e4f74e33a000ce7078648b7108-43f60123@x.x.x.151’ in 15000 ms
Found user '+15065441205’
dllcs*CLI>
<-- SIP read from x.x.x.151:5060:
ACK sip:+15065441209@x.x.x.74:5060 SIP/2.0
v:SIP/2.0/UDP x.x.x.151:5060;branch=z9hG4bK017f87dc53a69e5b78d6660eb4165464-0
f:ARMIN sip:+15065441205@x.x.x.151:5060;tag=7b73490a0a9f6f3649e17db555bd9b94
t:sip:+15065441209@x.x.x.74:5060;tag=as029517b3
m:sip:0-0ab5612113c474793299@x.x.x.151:5060;transport=udp
i:792610e4f74e33a000ce7078648b7108-43f60123@x.x.x.151
CSeq:27564 ACK
Proxy-Authorization:Digest username="+15065441205",realm=“x.x.x.5”,nonce=“0e62ff1f”,response=“e4b1b3f7a8052bcd44e24e7080f38a2e”,uri="sip:+15065441209@x.x.x.5"
Max-Forwards:70
User-Agent: X-Lite release 1105x
l:0

— (11 headers 0 lines)—
Destroying call 'b3ae65d5fae7de7819c9f4678413d0b4-43f60123@x.x.x.151’
Destroying call '792610e4f74e33a000ce7078648b7108-43f60123@x.x.x.151’
dllcsCLI>
dllcs
CLI>

sip.conf

I have two entries such as below for each of the numbers

[+15065441209]
; Turn off silence suppression in X-Lite (“Transmit Silence”=YES)!
; Note that Xlite sends NAT keep-alive packets, so qualify=yes is not needed
type=friend
;regexten=1234 ; When they register, create extension 1234
callerid="TEST"
username=15065441209
secret=15065441209
qualify=no
bindport=5060
host=dynamic ; This device needs to register
nat=yes ; X-Lite is behind a NAT router
canreinvite=yes ; Typically set to NO if behind NAT
disallow=all
allow=gsm ; GSM consumes far less bandwidth than ulaw
allow=ulaw
allow=alaw
allow=h261
allow=h263
allow=h263p
context=internal
;mailbox=1234@default,1233@default ; Subscribe to status of multiple mailboxes


#2

I think the problem is that in the second INVITE request, after the 407. your UA send a new callID so Asterisk sends you another 407.
Maybe you have to use
insecure =invite
in sip.conf

C.