SIP Authentication failue on incoming calls

Asterisk Asterisk SIP
1

Hello community,

I try to set up an asterisk instance (16.1.1 on openSUSE leap 15.0) on an internet server to just automatically answer and record calls for one number. My setup looks like this:

sip.conf

[general]
srvlookup=no
bindaddr=::
port = 5060
language=de
register => 004961513844623:<password>@ipv6.sip.easybell.de:5064/004961513844623
allowguest=no
alwaysauthreject=yes
callcounter=yes
context=sip-incoming
disallow=all
allow=ulaw
allow=alaw

[friends_internal](!)
qualify=yes
; host=dynamic
canreinvite=no
context=home

[101](friends_internal)
type=friend
secret=secret

[102](friends_internal)
type=friend
secret=secret

[004961513844623]
type=peer
defaultuser=004961513844623
fromuser=004961513844623
secret=<password>
host=ipv6.sip.easybell.de
fromdomain=sip.easybell.de
insecure=port,invite
caninvite=no
canreinvite=no

extensions.conf

[globals]
phone1=SIP/101
phone2=SIP/102
callduration=30

[home]
exten => 101,1,Dial(SIP/101)
exten => 102,1,Dial(SIP/102)

exten => _X.,1,Set(CALLERID(num)=004961513844623)
exten => _X.,2,Set(CALLERID(name)=4961513844623)

exten => _X.,n,Dial(SIP/${EXTEN}@004961513844623)
exten => _X.,n,Hangup

[sip-incoming]
exten => 4961513844623,1,NoOp(Incoming call on DDI 1)
exten => 4961513844623,n,Ringing
exten => 4961513844623,n,Wait(1)
; exten => 4961513844623,n,Dial(SIP/101,20)
exten => 4961513844623,n,VoiceMail(101,u)
exten => 4961513844623,n,Hangup
;

I copied the stuff from a help page. I know there is a lot of stuff that is not strictly necessary for my use case. My current problem is that a call from outside renders an error:

[Feb 20 16:34:24] NOTICE[3124][C-00000006] chan_sip.c: Failed to authenticate device <sip:06151497528@sip.easybell.de>;tag=25817CE6-5C6D73800002814A-9E38A700
[Feb 20 16:34:49] WARNING[3124] chan_sip.c: Retransmission timeout reached on transmission 1927631082-1712852659-2078803632 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions

Additionally there are connection tries with the numbers 1001 and 1008 seemingly originating from my IPv4 address that fail too. I didn’t have set up those numbers.

[Feb 21 09:01:31] NOTICE[31028][C-00000001] chan_sip.c: Failed to authenticate device <sip:1001@85.10.198.232>;tag=96402308

So where do they come from?

I would very much appreciate a clue.

Thanks,

Burkhard

2

The most likely cause of the first one is that the ITSP uses multiple addresses and and the request did not come from the IP address that Asterisk resolved during startup.

The second one sounds like the normal telephone fraud attack to which all exposed SIP UAS’ are subject.

3

I’m rather a newbie in asterisk. So dont’t wonder.

My sip provider indeed uses different host addresses: sip.easybell.de for IPv4 and ipv6.sip.easybell.de for IPv6. I tried the same setup with bindaddr=0.0.0.0 instead of bindaddr=:: and sip.easybell.de instead of ipv6.sip.easybell.de with the same results.

Should I and can I set up two peers with only the fromdomain and host different? How can I name them? Two peers with the same name are not possible are they? How do I setup mixed IPv4/IPv6?

Maybe it has something to do with the line just in front of the authentication failure:

[Feb 21 09:41:46] ERROR[6539][C-00000001] rtp_engine.c: No RTP engine was found. Do you have one loaded?

How do I do that? I use the default asterisk.conf and modules.conf. Do I need RTP anyway in this setup?

Ah, OK!

Thanks,

Burkhard

P.S: I have to cripple the text because I get the error from the forum software:
“Sorry, new users can only put 2 links in a post.” Really? But where are they?

4

The links will have been auto-detected for SIP URIs, etc. I don’t know how you prevent that happening.

5

I simply qoted every single part of the domain italic like _sip_._ easybell _._de_. :smile:

But what about RTP? Do I need it? How to enable?

6

I don’t think the RTP error will cause an authentication failure, but you need to look for errors being logged when Asterisk is starting, and/or try reloading the relevant modules form the CLI.

The structure of the RTP code has changed since I had a lot of involvement with it, so I’m not familiar with which modules are needed.

7

The res_rtp_asterisk.so module is what does RTP these days.