Summary: | ASTERISK-10261: [post 1.4] SIP change at r77616 (rizzo) causes all outbound calls to fail authentication with 403 Forbidden | ||
Reporter: | Fred Meyer (mensaiq) | Labels: | |
Date Opened: | 2007-09-09 15:22:35 | Date Closed: | 2007-11-19 12:58:34.000-0600 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) SIPCap | |
Description: | Before r77616, outgoing calls properly send a second INVITE in response to a 401 Unauthorized response to the initial INVITE. Both INVITE headers contain the same IP address in Via:. After r77616, the second INVITE's Via: header has a real IP address in it, the first contains the internal IP. This difference causes the provider (Broadvoice) to return a 403 Forbidden in response to the second INVITE. ****** ADDITIONAL INFORMATION ****** Verified at r82029 by commenting out the call to check_via_response() at line 13555 in chan_sip.c | ||
Comments: | By: Olle Johansson (oej) 2007-11-06 01:28:10.000-0600 Please always add a SIP DEBUG output, not a wireshark/ethereal capture (it's in the bug guidelines). SIP DEBUG tells us much more about what's going on inside Asterisk. Thanks. By: Fred Meyer (mensaiq) 2007-11-10 15:58:28.000-0600 So what part of the file I sent even looks like a wireshark/ethereal capture? This is as much of a DEBUG that Asterisk produces. Captured with SIP SET DEBUG ON and CORE SET DEBUG 99. If you want anything else, I will gladly attach it. By: Olle Johansson (oej) 2007-11-15 06:16:55.000-0600 Yes, that's a bad patch to have mandatory. Some communication badly enough rely on not sending a public IP/Port, since NAT's may change that. NAT's are very evil. We need to implement an option for this, so we can set it on a peer/user level. Sorry, I missed this patch earlier. Thanks for reporting this bug. By: Olle Johansson (oej) 2007-11-19 12:58:34.000-0600 Ok, temporarily disabled rizzo's new NAT handling code. It does need a configuration option to be enabled again. Also needs more testing. |