SIP Dialplan problem : in & out calls

system · May 3, 2011, 12:57pm

Hello,

I have an SIP provider (OVH, french number 03XXXXXXXX), two SIP users and few internal extensions, AND i need to :

The SIP users can make internal calls (> works)
The SIP users can make outgoing calls (> works) by the SIP provider
I want that calls to my SIP number (03XXXXXXXX) --> SIP/1000 (don’t work, always busy)

I get this error message :

[May 3 14:39:23] WARNING[1337]: chan_sip.c:13450 check_auth: username mismatch, have <forfait-ovh>, digest has <anonymous> [May 3 14:39:23] NOTICE[1337]: chan_sip.c:21256 handle_request_invite: Failed to authenticate device "07XXXXXXXX"

I don’t know what to do to resolve this problem. I tryed the SIP provider with X-Lite and the SIP number work good.

My sip.conf

[general]
context=forfait-ovh
bindport=5060
bindaddr=0.0.0.0
srvlookup=yes
register => 00333XXXXXXXX:PASSWORD@sip.ovh.net
						
[1000]
type=friend
defaultuser=1000
username=1000
secret=test
host=dynamic
callerid="ALEX" <1000>
context=default
language=fr
insecure=port
nat=yes
canreinvite=no
dtmfmode=auto
video=no
restrictcid=no
amaflags=default 

[1001]
... SAME AS 1000 ....

[forfait-ovh]
type=peer
host=sip.ovh.net
context=default
language=fr
insecure=very
defaultuser=00333XXXXXXXX
username=00333XXXXXXXX
fromuser=00333XXXXXXXX
fromdomain=sip.ovh.net
secret=PASSWORD
nat=yes
canreinvite=no
dtmfmode=auto
video=no
restrictcid=no
amaflags=default

My extensions.conf

[general]
static=yes
writeprotect=no
autofallthrough=yes
clearglobalvars=yes
priorityjumping=no

[default]
exten => 0033372390168,1,Dial(SIP/1000,20,tr)         ; don't work

exten => _ZXXX,1,Dial(SIP/${EXTEN},20,tr)			; Internal extensions (1000-9999)
exten => _0.,1,Dial(SIP/${EXTEN:1}@forfait-ovh) ;     ; outgoing calls (works, by pushing 0 to out)

Best regards,

david55 · May 3, 2011, 1:24pm

I don’t think Xlite is capable of authenticating the upstream system, which is probably why it ignores the badly configured authentication.

I don’t think Asterisk allows an inbound authentication user that doesn’t match the section name, so you still have to rename your section to [anonymous] or get the SIP provider to disable authentication, or use a sensible name.

system · May 3, 2011, 1:52pm

Thanks for response,

I don’t understand chat i Need to do : “so you still have to rename your section to [anonymous]” ?

Best regards,

david55 · May 3, 2011, 2:06pm

[forfait-ovh] type=peer host=sip.ovh.net context=default

becomes

[anonymous] type=peer host=sip.ovh.net context=default

becomes

etc.

Also note that

doesn’t seem to be helping you, as it looks like they try to authenticate at the first attempt.

david55 · May 3, 2011, 2:14pm

Which version are you using? There is no “insecure=very” for 1.6.1, not even as legacy support in the code. Maybe you are forcing them to try to authenticate when they are not really prepared to do so.

viewtopic.php?p=70908 suggests that very has been removed as an option.

system · May 3, 2011, 2:19pm

Outgoing calls works,
but ingoing calls (from world to asterisk) don’t work --> always budy.

I’ve see that the problem come from Asterisk and not x-lite : “Failed to authenticate device “Anonymous” sip:anonymous@anonymous.invalid;tag=30126-NQ-2a23ab05-206455063”

system · May 3, 2011, 2:21pm

I use Asterisk 1.8 alone

david55 · May 3, 2011, 2:23pm

insecure=very will definitely be ineffective then.

striker24x7 · May 3, 2011, 2:50pm

hi

use the following settings in your sip provider
insecure = very,port and
fromuser=yousipusername
fromdomain=yoursipprovideripaddress

system · May 4, 2011, 7:22am

I tryed to call my number 03XXXXXXXX from another 03 number (it is anonymous), the error is :

[May 4 09:09:42] WARNING[1153]: chan_sip.c:13450 check_auth: username mismatch, have <forfait-ovh>, digest has <anonymous> [May 4 09:09:42] NOTICE[1153]: chan_sip.c:21256 handle_request_invite: Failed to authenticate device "Anonymous" <sip:anonymous@anonymous.invalid>;tag=31519-JW-2aff8500-2e721f1a1

I tryed to do a call from my handy (07XXXXXXXX) :

[May 4 09:11:14] WARNING[1153]: chan_sip.c:13450 check_auth: username mismatch, have <forfait-ovh>, digest has <anonymous> [May 4 09:11:14] NOTICE[1153]: chan_sip.c:21256 handle_request_invite: Failed to authenticate device "07XXXXXXXX" <sip:07XXXXXXXX@sip.ovh.net;user=phone>;tag=27939-LF-2affdbe8-1c99f6091

system · May 4, 2011, 7:39am

It’s very strange, with this … this works :
i removed the “trunk” from sip.conf and just keeped “register”.
but with this i can only have one “trunk” …
sip.conf

context=forfait-ovh bindport=5060 bindaddr=0.0.0.0 srvlookup=yes register => 0033372390168:LqY4teGz@sip.ovh.net

extensions.conf

[forfait-ovh] ; nom du plan exten => s,1,Ringing(1) ; Attendre une seconde en faisant retentir la sonnerie du telephone de l'apellant exten => s,2,Answer ; Repond a l'appel exten => s,3,Playback(hello-world) exten => s,4,Hangup(16) ; La communication est termine

david55 · May 4, 2011, 10:36am

If it works, you have a security problem, and need to fix the setting of allowguest.

The reason it is working is that you have no secret defined for guests, so, although you don’t have “insecure” set, Asterisk cannot insist on the peer authenticating.

You need to go back to the original and use a valid setting for insecure. Settings which include “very”, including the one you were recently given, are not valid for the version of Asterisk that you are using. insecure=invite may well be sufficient.

You may also find you don’t need a secret in the peer entry, only in the register.