Sip Registration Problems (Please help out)

hello guys,

I have had much headaches to get a new Asterisk installation working i.e. getting sip clients to register with my server but they cant seem to register. I have Asterisk running on a dedicated server with Fedora core 5 on it and iptables running it as well ( i enabled port 5004 -5082) and ports 8000-20000 for rtp.The Sip server has a public ip address as well with clients behind a nat router. Also I have included my sip config files along this message with sip debug messages from the console.

Sip.conf

[general]

port = 5060 ; Port to bind to (SIP is 5060)
bindaddr = 0.0.0.0 ; Address to bind to (all addresses on machine)
disallow=all
allow=ulaw
allow=alaw
nat=1
srvlookup=yes

; If you need to answer unauthenticated calls, you should change this
; next line to ‘from-trunk’, rather than ‘from-sip-external’.
; You’ll know this is happening if when you call in you get a message
; saying "The number you have dialed is not in service. Please check the
; number and try again."
context = from-sip-external ; Send unknown SIP callers to this context
callerid = Unknown
tos=0x68

; #, in this configuration file, is NOT A COMMENT. This is exactly
; how it should be.
#include sip_nat.conf
#include sip_custom.conf
#include sip_additional.conf

sip_additional.conf

[2002]
username=2002
type=friend
secret=xxx
record_out=Adhoc
record_in=Adhoc
qualify=no
port=5060
nat=yes
mailbox=2002@device
host=dynamic
dtmfmode=rfc2833
context=from-internal
canreinvite=no
callerid=“Jimi Kay” <2002>

[2000]
username=2000
type=friend
secret=xxx
record_out=Adhoc
record_in=Adhoc
qualify=yes
port=5060
nat=yes
mailbox=2000@device
host=dynamic
dtmfmode=rfc2833
context=from-internal
canreinvite=no
fromuser=2000
callerid=“Jim” <2000>

Here are my debug messages…

Scheduling destruction of call ‘672044f023dab4f817ebafaf1ea7adf1@192.168.0.2’ in 15000 ms
Destroying call '6f59d04a26ec486e17f9a6c43ca5ff33@192.168.0.2’
server88-208-208-231*CLI>
<-- SIP read from 82.34.17.4:5060:
REGISTER sip:88.208.208.230 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.2:5060;branch=z9hG4bKa0f6faf781ad57601a697652c41c4f59
From: sip:2000@88.208.208.230;tag=020f0fa8
To: sip:2000@88.208.208.230
Contact: sip:2000@192.168.0.2:5060
Call-ID: 29a26b000426c1862a7325b60bb8c4ab@192.168.0.2
CSeq: 22923 REGISTER
Max-Forwards: 70
Expires: 3600
User-Agent: CMI CM5K
Content-Length: 0

— (11 headers 0 lines)—
Using latest REGISTER request as basis request
Sending to 192.168.0.2 : 5060 (NAT)
Transmitting (NAT) to 82.34.17.4:5060:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.0.2:5060;branch=z9hG4bKa0f6faf781ad57601a697652c41c4f59;received=82.34.17.4
From: sip:2000@88.208.208.230;tag=020f0fa8
To: sip:2000@88.208.208.230
Call-ID: 29a26b000426c1862a7325b60bb8c4ab@192.168.0.2
CSeq: 22923 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Contact: sip:2000@88.208.208.231
Content-Length: 0

Transmitting (NAT) to 82.34.17.4:5060:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.0.2:5060;branch=z9hG4bKa0f6faf781ad57601a697652c41c4f59;received=82.34.17.4
From: sip:2000@88.208.208.230;tag=020f0fa8
To: sip:2000@88.208.208.230;tag=as40fa37cb
Call-ID: 29a26b000426c1862a7325b60bb8c4ab@192.168.0.2
CSeq: 22923 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Contact: sip:2000@88.208.208.231
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="16c5c999"
Content-Length: 0

Scheduling destruction of call ‘29a26b000426c1862a7325b60bb8c4ab@192.168.0.2’ in 15000 ms
server88-208-208-231*CLI>
<-- SIP read from 82.34.17.4:5060:
REGISTER sip:88.208.208.230 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.2:5060;branch=z9hG4bKa0f6faf781ad57601a697652c41c4f59
From: sip:2000@88.208.208.230;tag=020f0fa8
To: sip:2000@88.208.208.230
Contact: sip:2000@192.168.0.2:5060
Call-ID: 29a26b000426c1862a7325b60bb8c4ab@192.168.0.2
CSeq: 22923 REGISTER
Max-Forwards: 70
Expires: 3600
User-Agent: CMI CM5K
Content-Length: 0

— (11 headers 0 lines)—
Using latest REGISTER request as basis request
Sending to 192.168.0.2 : 5060 (NAT)
Transmitting (NAT) to 82.34.17.4:5060:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.0.2:5060;branch=z9hG4bKa0f6faf781ad57601a697652c41c4f59;received=82.34.17.4
From: sip:2000@88.208.208.230;tag=020f0fa8
To: sip:2000@88.208.208.230
Call-ID: 29a26b000426c1862a7325b60bb8c4ab@192.168.0.2
CSeq: 22923 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Contact: sip:2000@88.208.208.231
Content-Length: 0

Transmitting (NAT) to 82.34.17.4:5060:
SIP/2.0 401 Unauthorized>
Via: SIP/2.0/UDP 192.168.0.2:5060;branch=z9hG4bKa0f6faf781ad57601a697652c41c4f59;received=82.34.17.4
From: sip:2000@88.208.208.230;tag=020f0fa8
To: sip:2000@88.208.208.230;tag=as40fa37cb
Call-ID: 29a26b000426c1862a7325b60bb8c4ab@192.168.0.2
CSeq: 22923 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Contact: sip:2000@88.208.208.231
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="16c5c999"
Content-Length: 0

Scheduling destruction of call ‘29a26b000426c1862a7325b60bb8c4ab@192.168.0.2’ in 15000 ms
Destroying call '672044f023dab4f817ebafaf1ea7adf1@192.168.0.2’
server88-208-208-231*CLI> si
<-- SIP read from 82.34.17.4:5060:
REGISTER sip:88.208.208.230 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.2:5060;branch=z9hG4bKa0f6faf781ad57601a697652c41c4f59
From: sip:2000@88.208.208.230;tag=020f0fa8
To: sip:2000@88.208.208.230
Contact: sip:2000@192.168.0.2:5060
Call-ID: 29a26b000426c1862a7325b60bb8c4ab@192.168.0.2
CSeq: 22923 REGISTER
Max-Forwards: 70
Expires: 3600
User-Agent: CMI CM5K
Content-Length: 0

— (11 headers 0 lines)—
Using latest REGISTER request as basis request
Sending to 192.168.0.2 : 5060 (NAT)
Transmitting (NAT) to 82.34.17.4:5060:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.0.2:5060;branch=z9hG4bKa0f6faf781ad57601a697652c41c4f59;received=82.34.17.4
From: sip:2000@88.208.208.230;tag=020f0fa8
To: sip:2000@88.208.208.230
Call-ID: 29a26b000426c1862a7325b60bb8c4ab@192.168.0.2
CSeq: 22923 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Contact: sip:2000@88.208.208.231
Content-Length: 0

Transmitting (NAT) to 82.34.17.4:5060:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.0.2:5060;branch=z9hG4bKa0f6faf781ad57601a697652c41c4f59;received=82.34.17.4
From: sip:2000@88.208.208.230;tag=020f0fa8
To: sip:2000@88.208.208.230;tag=as40fa37cb
Call-ID: 29a26b000426c1862a7325b60bb8c4ab@192.168.0.2
CSeq: 22923 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Contact: sip:2000@88.208.208.231
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="16c5c999"
Content-Length: 0

Scheduling destruction of call ‘29a26b000426c1862a7325b60bb8c4ab@192.168.0.2’ in 15000 ms
server88-208-208-231*CLI> sip no
<-- SIP read from 82.34.17.4:5060:
REGISTER sip:88.208.208.230 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.2:5060;branch=z9hG4bKa0f6faf781ad57601a697652c41c4f59
From: sip:2000@88.208.208.230;tag=020f0fa8
To: sip:2000@88.208.208.230
Contact: sip:2000@192.168.0.2:5060
Call-ID: 29a26b000426c1862a7325b60bb8c4ab@192.168.0.2
CSeq: 22923 REGISTER
Max-Forwards: 70
Expires: 3600
User-Agent: CMI CM5K
Content-Length: 0

— (11 headers 0 lines)—ip no
Using latest REGISTER request as basis request
Sending to 192.168.0.2 : 5060 (NAT)
Transmitting (NAT) to 82.34.17.4:5060:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.0.2:5060;branch=z9hG4bKa0f6faf781ad57601a697652c41c4f59;received=82.34.17.4
From: sip:2000@88.208.208.230;tag=020f0fa8
To: sip:2000@88.208.208.230
Call-ID: 29a26b000426c1862a7325b60bb8c4ab@192.168.0.2
CSeq: 22923 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Contact: sip:2000@88.208.208.231
Content-Length: 0

Transmitting (NAT) to 82.34.17.4:5060:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.0.2:5060;branch=z9hG4bKa0f6faf781ad57601a697652c41c4f59;received=82.34.17.4
From: sip:2000@88.208.208.230;tag=020f0fa8
To: sip:2000@88.208.208.230;tag=as40fa37cb
Call-ID: 29a26b000426c1862a7325b60bb8c4ab@192.168.0.2
CSeq: 22923 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Contact: sip:2000@88.208.208.231
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="16c5c999"
Content-Length: 0

Scheduling destruction of call ‘29a26b000426c1862a7325b60bb8c4ab@192.168.0.2’ in 15000 ms

Any kind assistance will be appreciated.

Regards.

what clients are they?

Also where are these wierd port ranges coming from (the number of ports people forward for sip seems to increase steadily…)
you need UDP port 5060, and the range of UDP ports defined in rtp.conf (you only need a hundred ports or so). You don’t need any of the other 5000 series.

in your debug, what happens is this:
they register. asterisk responds trying, then unauthorized.
what should then happen is the client uses the digest info from the unauthorized message to register again with a md5’d password, which * will accept.

but yeah, look at why the client is not authenticating.

you can stop the iptables first, then try again. if it works , something wrong with your iptables script

either
(1) comment out secret=xxx in sections 2000 and 2002
or
(2) setup correct secret in those sections and your device