| Summary: | ASTERISK-10832: When my gateway gets a new ip address, sip can not be re-registered (wrong "nonce"?) | ||
| Reporter: | Michael Wyraz (micwy) | Labels: | |
| Date Opened: | 2007-11-20 01:14:17.000-0600 | Date Closed: | 2007-11-26 04:39:47.000-0600 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_sip/Registration |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | I'm running asterisk on a local server. The internet gateway gets a new ip every night. after that, all external sip registrations remains in the state "request send". I tried to debug sip: SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 88.74.139.30:16322;received=88.74.155.83;branch=z9hG4bK6e283905;rport=10036 From: <sip:03XXXXXXX@0341.sip.arcor.de>;tag=as3c85d392 To: <sip:034XXXXXXX@0341.sip.arcor.de>;tag=SDm61ed99- Call-ID: 0ecf687b44aa9b3777ffed0967026ef5@88.74.139.30 CSeq: 1284 REGISTER Server: SSW/0.0.0 WWW-Authenticate: Digest realm="arcor.de",nonce="47428568f7222c281c2cf7505b622ed4f37325a4",algorithm=MD5 Contact: <sip:.iIiIiI.52521118.@82.82.16.8> Content-Length: 0 --- (10 headers 0 lines) --- Nov 20 08:08:23 NOTICE[15125]: chan_sip.c:5431 sip_reg_timeout: -- Registration for '03XXXXXXX@0341.sip.arcor.de' timed out, trying again (Attempt ASTERISK-519) REGISTER 13 headers, 0 lines Reliably Transmitting (no NAT) to 212.144.96.102:5060: REGISTER sip:0341.sip.arcor.de SIP/2.0 Via: SIP/2.0/UDP 192.168.100.2:5060;branch=z9hG4bK78e7369a;rport From: <sip:03XXXXXXX@0341.sip.arcor.de>;tag=as5c0adb73 To: <sip:03XXXXXXX@0341.sip.arcor.de> Call-ID: 0ecf687b44aa9b3777ffed0967026ef5@192.168.100.2 CSeq: 1285 REGISTER User-Agent: Asterisk PBX Max-Forwards: 70 Authorization: Digest username="03XXXXXXX", realm="arcor.de", algorithm=MD5, uri="sip:0341.sip.arcor.de", nonce="474259501d015b7c6917172b433db63e4b0d5eb7", response="89c243afdadcb84147e76e795eacf174", opaque="" Expires: 120 Contact: <sip:03XXXXXXX@192.168.100.2> Event: registration Content-Length: 0 --- Destroying call '0ecf687b44aa9b3777ffed0967026ef5@192.168.100.2' isdn-gw1*CLI> <-- SIP read from 212.144.96.102:5060: SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 88.74.139.30:16322;received=88.74.155.83;branch=z9hG4bK78e7369a;rport=10036 From: <sip:03XXXXXXX@0341.sip.arcor.de>;tag=as5c0adb73 To: <sip:03XXXXXXX@0341.sip.arcor.de>;tag=SDm61ed99-2b8de099 Call-ID: 0ecf687b44aa9b3777ffed0967026ef5@88.74.139.30 CSeq: 1285 REGISTER Server: SSW/0.0.0 WWW-Authenticate: Digest realm="arcor.de",nonce="47428568f7222c281c2cf7505b622ed4f37325a4",algorithm=MD5 Contact: <sip:.iIiIiI.52521118.@82.82.16.8> Content-Length: 0 --- (10 headers 0 lines) --- Retransmitting #1 (no NAT) to 212.144.96.102:5060: REGISTER sip:0341.sip.arcor.de SIP/2.0 Via: SIP/2.0/UDP 192.168.100.2:5060;branch=z9hG4bK78e7369a;rport From: <sip:03XXXXXXX@0341.sip.arcor.de>;tag=as5c0adb73 To: <sip:03XXXXXXX@0341.sip.arcor.de> Call-ID: 0ecf687b44aa9b3777ffed0967026ef5@192.168.100.2 CSeq: 1285 REGISTER User-Agent: Asterisk PBX Max-Forwards: 70 Authorization: Digest username="03XXXXXXX", realm="arcor.de", algorithm=MD5, uri="sip:0341.sip.arcor.de", nonce="474259501d015b7c6917172b433db63e4b0d5eb7", response="89c243afdadcb84147e76e795eacf174", opaque="" Expires: 120 Contact: <sip:03XXXXXXX@192.168.100.2> Event: registration Content-Length: 0 As you can see, the parameter "nonce" which is sent by the server is totally ignored by asterisk. Is always uses the same "nonce" in it's response. When i do a "reload", asterisk re-registers fine. The requests have the same "nonce" as the server contains in it's "unauthorized" responses. ****** ADDITIONAL INFORMATION ****** I'm running asterisk 1.4.11+bristuff and 1.2.13 (without bristuff) and can reproduce this on both. | ||
| Comments: | By: Olle Johansson (oej) 2007-11-20 01:32:43.000-0600 The response has a different call-id, so it doesn't really match the request and therefore the registration fails. The server should *not* change the call-id because the IP has changed, that is a bug in the server. By: Michael Wyraz (micwy) 2007-11-20 03:20:53.000-0600 The problem is that this occurs with all our SIP providers. So it seems to be a "common" bug :-( Currently my workaround is to run "reload" on asterisk every day. Maybe an option would be to add a sip parameter to asterisk which re-registers a sip registration if the registration fails a given number of times. By: Olle Johansson (oej) 2007-11-20 04:22:15.000-0600 There's a configuration option for that in sip.conf for registration attempts. This issue is a bug from their side - does it really look the same from other providers? Do you have a weird device changing call-id's in your network? By: Michael Wyraz (micwy) 2007-11-22 00:49:20.000-0600 It's the same with the other sip provider. Asterisk always has the same "nonce" and gets a lot of "Unauthorized". Setting "registerattempts" to a non-zero value is no solution because in this case asterisk does no re-register but sets the registry state to "failed". Here's the log of registering attempts to the other sip provider: REGISTER 13 headers, 0 lines Reliably Transmitting (no NAT) to 217.10.79.9:5060: REGISTER sip:sipgate.de SIP/2.0 Via: SIP/2.0/UDP 192.168.100.1:5060;branch=z9hG4bK0af186a9;rport From: <sip:21XXXXX@sipgate.de>;tag=as71a1bfdb To: <sip:21XXXXX@sipgate.de> Call-ID: 612d67da188d3f8305351bd90bf018fd@192.168.100.1 CSeq: 5635 REGISTER User-Agent: Asterisk PBX Max-Forwards: 70 Authorization: Digest username="21XXXXX", realm="sipgate.de", algorithm=MD5, uri="sip:sipgate.de", nonce="4743aebd7ee18bc001e0dc74151fe89232046310", response="350447c3fb7b20cd4927ece093a56c74", opaque="" Expires: 120 Contact: <sip:21XXXXX@192.168.100.1> Event: registration Content-Length: 0 --- Really destroying SIP dialog '612d67da188d3f8305351bd90bf018fd@192.168.100.1' Method: REGISTER asterisk*CLI> <--- SIP read from 217.10.79.9:5060 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 88.74.155.83:10035;received=88.74.133.109;branch=z9hG4bK0af186a9;rport=26406 From: <sip:21XXXXX@sipgate.de>;tag=as71a1bfdb To: <sip:21XXXXX@sipgate.de>;tag=fe1721141f05bd30d4b50c70da3ae228.d9d8 Call-ID: 612d67da188d3f8305351bd90bf018fd@88.74.155.83 CSeq: 5635 REGISTER WWW-Authenticate: Digest realm="sipgate.de", nonce="474526198bee4c73cbb5d660a4724da98eb79a5d" Content-Length: 0 <-------------> --- (8 headers 0 lines) --- Retransmitting #1 (no NAT) to 217.10.79.9:5060: REGISTER sip:sipgate.de SIP/2.0 Via: SIP/2.0/UDP 192.168.100.1:5060;branch=z9hG4bK0af186a9;rport From: <sip:21XXXXX@sipgate.de>;tag=as71a1bfdb To: <sip:21XXXXX@sipgate.de> Call-ID: 612d67da188d3f8305351bd90bf018fd@192.168.100.1 CSeq: 5635 REGISTER User-Agent: Asterisk PBX Max-Forwards: 70 Authorization: Digest username="21XXXXX", realm="sipgate.de", algorithm=MD5, uri="sip:sipgate.de", nonce="4743aebd7ee18bc001e0dc74151fe89232046310", response="350447c3fb7b20cd4927ece093a56c74", opaque="" Expires: 120 Contact: <sip:21XXXXX@192.168.100.1> Event: registration Content-Length: 0 --- asterisk*CLI> <--- SIP read from 217.10.79.9:5060 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 88.74.155.83:10035;received=88.74.133.109;branch=z9hG4bK0af186a9;rport=26406 From: <sip:21XXXXX@sipgate.de>;tag=as71a1bfdb To: <sip:21XXXXX@sipgate.de>;tag=fe1721141f05bd30d4b50c70da3ae228.d9d8 Call-ID: 612d67da188d3f8305351bd90bf018fd@88.74.155.83 CSeq: 5635 REGISTER WWW-Authenticate: Digest realm="sipgate.de", nonce="4745261a355497d322f0b7f20d244ed48baa6656" Content-Length: 0 By: Olle Johansson (oej) 2007-11-22 01:39:07.000-0600 This log has the same issue - something is changing the Call-ID, so the registration will not work with any proper SIP device, since the Call-ID is different on the replies. This is not a bug in Asterisk, Asterisk is doing what it can. You have something else in the network that messes everything up. By: Michael Wyraz (micwy) 2007-11-22 01:59:42.000-0600 That's the network: Asterisk<->router<->external SIP Provider Asterisk-Machines (192.168.100.1/192.168.100.2), both have different asterisk versions, both use external sip providers. Router, internal IP 192.168.100.254, external IP changes every night. The router is doing NAT. SIP-Provider (external, have fixed IPs). There's nothing between asterisk and the SIP provider that changes anythin in the sip protocol. I can reproduce the problem as soon as I disconnect the router to get a new IP: - first, the peers gets "unreachable" until the router has a new IP - then asterisks sends a lot of REGISTER requests. Each is responded with "FORBIDDEN" - when i do a "reload", it sends a single REGISTER request which succeeds By: Olle Johansson (oej) 2007-11-23 02:36:28.000-0600 Then your provider has a huge problem, since it's obvious from the logs that the call-id's doesn't match. Their server is *not* allowed to change call-id's. Sorry, this is not an Asterisk bug. Call your provider for assistance. By: Michael Wyraz (micwy) 2007-11-26 01:27:38.000-0600 (sorry for reopen - that was the only way to add another comment) I contacted sipgate and got assistance to solve this. The cause is the router (Zyxel 660hw) which seems to have a poorly documented feature called SIP-pass-through which rewrites ips in sip headers. There's no option to control or disable this feature, so I fear that I have to replace that router. Thank you for your help and sorry for wasting your time with this non-asterisk issue. By: Olle Johansson (oej) 2007-11-26 04:39:47.000-0600 Ok, thanks for the feedback. Good luck! /O | ||