Summary: | ASTERISK-06589: "stale nonce" with hardware voip gate | ||
Reporter: | alein (alein) | Labels: | |
Date Opened: | 2006-03-21 06:06:43.000-0600 | Date Closed: | 2006-03-21 11:13:39.000-0600 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_agent |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | I have a hardware gate from PSTN to SIP (NSG-800/Gate-3804). This gate has 4 FXO ports, each port has it's own name and password to authenticate with SIP-proxy. I put these names into my sip.conf. And problems start here: when only one of the FXO ports has name and password everything works OK. But if two or more ports have name and password, such dialogue occurs between the gate and Asterisk: <-- SIP read from 1.2.3.4:5060: REGISTER sip:1.2.3.3 SIP/2.0 From: <sip:user1@a.b.com>;tag=c38aaa27-13c4-0-145-2e1b To: <sip:user1@a.b.com> Call-ID: c38aaa27-13c4-0-11d-4ecc CSeq: 1 REGISTER Via: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-0-145-bb8 Max-Forwards: 70 User-Agent: FXO_GW Contact: <sip:user1@1.2.3.4:5060> Expires: 3600 Content-Length:0 --- (11 headers 0 lines)--- Using latest REGISTER request as basis request Sending to 1.2.3.4 : 5060 (non-NAT) Transmitting (no NAT) to 1.2.3.4:5060: SIP/2.0 100 Trying v: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-0-145-bb8;received=1.2.3.4 f: <sip:user1@a.b.com>;tag=c38aaa27-13c4-0-145-2e1b t: <sip:user1@a.b.com> i: c38aaa27-13c4-0-11d-4ecc CSeq: 1 REGISTER User-Agent: SoftSwitch Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY m: <sip:user1@1.2.3.3> l: 0 --- Transmitting (no NAT) to 1.2.3.4:5060: SIP/2.0 401 Unauthorized v: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-0-145-bb8;received=1.2.3.4 f: <sip:user1@a.b.com>;tag=c38aaa27-13c4-0-145-2e1b t: <sip:user1@a.b.com>;tag=as2a947766 i: c38aaa27-13c4-0-11d-4ecc CSeq: 1 REGISTER User-Agent: SoftSwitch Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY m: <sip:user1@1.2.3.3> WWW-Authenticate: Digest realm="a.b.com", nonce="0196347d" l: 0 --- Scheduling destruction of call 'c38aaa27-13c4-0-11d-4ecc' in 15000 ms <-- SIP read from 1.2.3.4:5060: REGISTER sip:1.2.3.3 SIP/2.0 From: <sip:user2@a.b.com>;tag=c38aaa27-13c4-1-75d-10f7 To: <sip:user2@a.b.com> Call-ID: c38aaa27-13c4-0-11d-4ecc CSeq: 2 REGISTER Via: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-1-75d-2b64 Max-Forwards: 70 User-Agent: FXO_GW Contact: <sip:user2@1.2.3.4:5060> Expires: 3600 Content-Length:0 --- (11 headers 0 lines)--- Using latest REGISTER request as basis request Sending to 1.2.3.4 : 5060 (non-NAT) Transmitting (no NAT) to 1.2.3.4:5060: SIP/2.0 100 Trying v: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-1-75d-2b64;received=1.2.3.4 f: <sip:user2@a.b.com>;tag=c38aaa27-13c4-1-75d-10f7 t: <sip:user2@a.b.com> i: c38aaa27-13c4-0-11d-4ecc CSeq: 2 REGISTER User-Agent: SoftSwitch Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY m: <sip:user2@1.2.3.3> l: 0 --- Transmitting (no NAT) to 1.2.3.4:5060: SIP/2.0 401 Unauthorized v: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-1-75d-2b64;received=1.2.3.4 f: <sip:user2@a.b.com>;tag=c38aaa27-13c4-1-75d-10f7 t: <sip:user2@a.b.com>;tag=as2a947766 i: c38aaa27-13c4-0-11d-4ecc CSeq: 2 REGISTER User-Agent: SoftSwitch Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY m: <sip:user2@1.2.3.3> WWW-Authenticate: Digest realm="a.b.com", nonce="610e82ad" l: 0 <-- SIP read from 1.2.3.4:5060: REGISTER sip:1.2.3.3 SIP/2.0 From: <sip:user2@a.b.com>;tag=c38aaa27-13c4-1-75d-10f7 To: <sip:user2@a.b.com> Call-ID: c38aaa27-13c4-0-11d-4ecc CSeq: 2 REGISTER Via: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-1-75d-2b64 Max-Forwards: 70 User-Agent: FXO_GW Contact: <sip:user2@1.2.3.4:5060> Expires: 3600 Content-Length:0 <-- SIP read from 1.2.3.4:5060: REGISTER sip:1.2.3.3 SIP/2.0 From: <sip:user1@a.b.com>;tag=c38aaa27-13c4-0-145-2e1b To: <sip:user1@a.b.com> Call-ID: c38aaa27-13c4-0-11d-4ecc CSeq: 5 REGISTER Via: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-6-1a0e-67da Max-Forwards: 70 User-Agent: FXO_GW Contact: <sip:user1@1.2.3.4:5060> Expires: 3600 Authorization: Digest username="user1", realm="a.b.com", nonce="0196347d", uri="sip:1.2.3.3", response="430905332bf9061876d54027c948730e", algorithm=MD5 Content-Length:0 --- (12 headers 0 lines)--- Using latest REGISTER request as basis request Sending to 1.2.3.4 : 5060 (non-NAT) Transmitting (no NAT) to 1.2.3.4:5060: SIP/2.0 100 Trying v: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-6-1a0e-67da;received=1.2.3.4 f: <sip:user1@a.b.com>;tag=c38aaa27-13c4-0-145-2e1b t: <sip:user1@a.b.com> i: c38aaa27-13c4-0-11d-4ecc CSeq: 5 REGISTER User-Agent: SoftSwitch Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY m: <sip:user1@1.2.3.3> l: 0 --- Mar 21 14:19:30 NOTICE[3618]: chan_sip.c:6278 check_auth: stale nonce received from '<sip:user1@a.b.com>' Transmitting (no NAT) to 1.2.3.4:5060: SIP/2.0 401 Unauthorized v: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-6-1a0e-67da;received=1.2.3.4 f: <sip:user1@a.b.com>;tag=c38aaa27-13c4-0-145-2e1b t: <sip:user1@a.b.com>;tag=as2a947766 i: c38aaa27-13c4-0-11d-4ecc CSeq: 5 REGISTER User-Agent: SoftSwitch Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY m: <sip:user1@1.2.3.3> WWW-Authenticate: Digest realm="a.b.com", nonce="16a0b9c2", stale=true l: 0 --- Scheduling destruction of call 'c38aaa27-13c4-0-11d-4ecc' in 15000 ms <-- SIP read from 1.2.3.4:5060: REGISTER sip:1.2.3.3 SIP/2.0 From: <sip:user2@a.b.com>;tag=c38aaa27-13c4-1-75d-10f7 To: <sip:user2@a.b.com> Call-ID: c38aaa27-13c4-0-11d-4ecc CSeq: 6 REGISTER Via: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-6-1a86-52e8 Max-Forwards: 70 User-Agent: FXO_GW Contact: <sip:user2@1.2.3.4:5060> Expires: 3600 Authorization: Digest username="user2", realm="a.b.com", nonce="610e82ad", uri="sip:1.2.3.3", response="83f58cf3f77730403bd99c936ce0d068", algorithm=MD5 Content-Length:0 --- (12 headers 0 lines)--- Using latest REGISTER request as basis request Sending to 1.2.3.4 : 5060 (non-NAT) Transmitting (no NAT) to 1.2.3.4:5060: SIP/2.0 100 Trying v: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-6-1a86-52e8;received=1.2.3.4 f: <sip:user2@a.b.com>;tag=c38aaa27-13c4-1-75d-10f7 t: <sip:user2@a.b.com> i: c38aaa27-13c4-0-11d-4ecc CSeq: 6 REGISTER User-Agent: SoftSwitch Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY m: <sip:user2@1.2.3.3> l: 0 --- Mar 21 14:19:30 NOTICE[3618]: chan_sip.c:6278 check_auth: stale nonce received from '<sip:user2@a.b.com>' Transmitting (no NAT) to 1.2.3.4:5060: SIP/2.0 401 Unauthorized v: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK-6-1a86-52e8;received=1.2.3.4 f: <sip:user2@a.b.com>;tag=c38aaa27-13c4-1-75d-10f7 t: <sip:user2@a.b.com>;tag=as2a947766 i: c38aaa27-13c4-0-11d-4ecc CSeq: 6 REGISTER User-Agent: SoftSwitch Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY m: <sip:user2@1.2.3.3> WWW-Authenticate: Digest realm="a.b.com", nonce="1e73f76a", stale=true l: 0 | ||
Comments: | By: Joshua C. Colp (jcolp) 2006-03-21 10:40:40.000-0600 The SIP stack on this device is acting in an interesting way... it's using the same call ID for every REGISTER, which is causing chan_sip to overwrite the nonce value. In a sane world the SIP stack would use a different call ID for each REGISTER. I suggest talking to the manufacturer and telling them to clean up their act a bit. By: Russell Bryant (russell) 2006-03-21 11:13:27.000-0600 I'm closing this out since it has been determined that the problem is due to a broken implementation in the gateway. |