Problem wih incoming Calls using SIP URI

Hi all, new to this asterisk malarkey but I think I’m getting there.

I have managed to setup up a working asterisk system, behind a nat firewall. I have two users, and have managed to configure a sip trunk, incoming and outgoing using www.voiptalk.org

I simplified things a little, in order to get sip URI working. (I took out the sip trunk).

This pretty much left me with… (important bits picked out…)

== sip.conf ==

[general]
context=default
srvlookup=yes

[phone1]
type=friend
host=dynamic
context=users
secret=secret

[phone2]
type=friend
host=dynamic
context=users
secret=secret

== extensions.conf ==

[default]
exten => test,1,NoOp(Incoming call from unauthenticated SIP from ${CALLERID})
exten => test,2,Goto(incoming,s,1)

[incoming]
exten => s,1,Answer
exten => s,n,Goto(extensions,all,1)

[extensions]
exten => all,1,Dial(SIP/phone1&SIP/phone2)

That all seems fine to me - from looking at the examples I’ve seen etc.

So this is what happens in the packet trace…

[code]INVITE sip:test@mydomain.com SIP/2.0
Via: SIP/2.0/UDP 4.4.4.4:5060;branch=z9hG4bK416a8efe;rport
Max-Forwards: 69
From: “Test User” sip:testuser@4.4.4.4;tag=as1b65e9e6
To: sip:test@mydomain.com
Contact: sip:testuser@4.4.4.4:5060
Call-ID: 330b5e614a20ee462594364a72592df0@4.4.4.4
CSeq: 102 INVITE
User-Agent: Asterisk PBX 1.6.2.9
Date: Wed, 21 Jul 2010 09:44:45 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 283

v=0
o=root 1513486040 1513486040 IN IP4 4.4.4.4
s=Asterisk PBX 1.6.2.9
c=IN IP4 4.4.4.4
t=0 0
m=audio 16002 RTP/AVP 0 3 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:3 GSM/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv[/code]

and the response from the pbx is…

SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 4.4.4.4:5060;branch=z9hG4bK416a8efe;rport From: "Test User" <sip:testuser@4.4.4.4>;tag=as1b65e9e6 To: <sip:test@mydomain.com>;tag=as6c48917c Call-ID: 330b5e614a20ee462594364a72592df0@4.4.4.4 CSeq: 102 INVITE Server: Asterisk PBX 1.6.2.9 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="09db0c24" Content-Length: 0

Now - I understand that the response is basically asking for authorisation - but I’m confused as to why it would.

Any suggestions please ?

Thanks very much !

…Donkeh…

You’ve specified a secret but the phone hasn’t volunteered it. Asterisk is now requesting that the phone prove that it knows it.

David,

This is an incoming call, from some random remote third party who has just dialed "test@mydomain.com" on their voip phone.

This should have nothing to do with the two internal phones (and their associated secrets) - thats my understanding anyway ?

How would random remote third parties know my password ? Answer: they shouldnt !

In that case, the authorisation is doing its job.

How is an incoming sip call, anything to do with the password of my two sip phones, except that my dialplan means those two phone’s end up being called ?

Just to clarify - both phone1 and phone2 are internal to the asterisk machine.

The third party is calling from some unknown source on the internet, not from phone1 or phone2

You probably cannot tell the difference between being rejected for unknown user name and being rejected as a way of prompting for the password. Nothing indicates the intruder knew any password at all.

This looks like a perfectly simple defeated intrusion attempt. It would have helped if you had pointed out that it was an intruder in the original question.

You may want to investigate the allowguest option. Your system is behaving as though it is set to “no”, which is, normally, the safe value.

David,

An example here of what I want to achieve… voip-info.org/wiki/view/Aste … P+URI+Dial

The caller is not an intruder - it’s me trying to get this working.

I would like customers have the ability to dial "sales@mydomain.com" from their voip phones and be connected to a sales team for example.

Make sure allowguest is yes. There were recent moves to change the default to no, because, for most people, allowing calls from other than their PSTN gateway is a serious security threat. The only reason that it defaulted yes was to make it easier to demonstrate the software, without people hitting access control problems.

The default from the config file is…

;allowguest=no ; Allow or reject guest calls (default is yes)

I have tried setting this to yes - with no difference.