[Users] strange behaviour from clients

nick nick at mobilia.it
Wed Jun 6 16:03:34 CEST 2007


I've got a new openser config I'm testing with a secondary server (1.1.1 
on Centos5), but I'm having a few problems getting some clients, X-lite 
3.0 and an ATA from draytek, who are unable to register with the server.

Watching with ngrep on the server and wireshark locally I see the server 
and the client communicating, the client sends a register to the server, 
the server says 401 Unauthorized and generates a realm and nonce, but 
instead of going on with the next step in the register process (adding 
one to the Cseq and generating a nonce of its own) the client just 
doesn't seem to notice that the 401 was sent (could they possibly be 
expecting a 407?) they just keep trying with the first step in the process.

Is this an error in my config (sending a 401 instead of something else) 
or a deficiency in the client ( I have a few grandstream phones which 
work perfectly)...

Here's a few lines from the ngrep output...


U X.X.X.30:5061 -> X.X.X.17:5061
REGISTER sip:logycs.it SIP/2.0.
Via: SIP/2.0/UDP X.X.X.30:5061;branch=z9hG4bK-Rgr-15494;rport.
From: Test User <sip:testuser at logycs.it>;tag=dio-18539.
To: <sip:testuser at logycs.it>.
Call-ID: lpB-27408 at X.X.X.30.
CSeq: 100 REGISTER.
Contact: <sip:testuser at X.X.X.30:5061>.
Max-Forwards: 70.
Expires: 600.
User-Agent: DrayTek UA-1.2.1 Vigor2100V series.
Content-Length: 0.
.

#
U X.X.X.17:5061 -> X.X.X.30:5061
SIP/2.0 100 Trying.
Via: SIP/2.0/UDP X.X.X.30:5061;branch=z9hG4bK-Rgr-15494;rport=5061.
From: Test User <sip:testuser at logycs.it>;tag=dio-18539.
To: <sip:testuser at logycs.it>.
Call-ID: lpB-27408 at X.X.X.30.
CSeq: 100 REGISTER.
Mobilia SIP Server.
Content-Length: 0.
Warning: 392 X.X.X.17:5061 "Noisy feedback tells:  pid=11509 
req_src_ip=X.X.X.30 req_src_port=5061 in_uri=sip:logycs.it 
out_uri=sip:logycs.it via_cnt==1".
.

#
U X.X.X.17:5061 -> X.X.X.30:5061
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP X.X.X.30:5061;branch=z9hG4bK-Rgr-15494;rport=5061.
From: Test User <sip:testuser at logycs.it>;tag=dio-18539.
To: <sip:testuser at logycs.it>;tag=e39f848b5629fc672733e67aefa3e192.f4af.
Call-ID: lpB-27408 at X.X.X.30.
CSeq: 100 REGISTER.
WWW-Authenticate: Digest realm="logycs.it", 
nonce="4666de896a20a47ce567604e015d96a9f7b93027".
Mobilia SIP Server.
Content-Length: 0.
Warning: 392 X.X.X.17:5061 "Noisy feedback tells:  pid=11509 
req_src_ip=X.X.X.30 req_src_port=5061 in_uri=sip:logycs.it 
out_uri=sip:logycs.it via_cnt==1".


The ATA is .30 and has a public IP, as does the Server (.17)


I personally can't see any errors in terms of where the replies are 
being sent, but I may be overlooking something quite obvious.

The useful parts of my openser.cfg (I have use domain as 1 in auth, 
auth_db, etc, but the registration isn't even getting that far yet).

listen = udp:X.X.X.17:5061
mpath = "/usr/lib/openser/modules"
alias = siptest.logycs.it
children = 8
debug = 6
fork = yes
disable_tcp = no
log_facility = LOG_LOCAL6
log_stderror = no
tcp_children = 4
mhomed = no
server_header = "Mobilia SIP Server"
server_signature = yes
sock_mode = 0600
user_agent_header = "Mobilia SIP Server"
reply_to_via = no
sip_warning = yes
check_via = yes
dns = no
rev_dns = no
syn_branch = yes
disable_core_dump = yes
dns_try_ipv6 = no
dns_use_search_list = yes


route[0]
{
    xlog("L_INFO", "New request - M=$rm RURI=$ru F=$fu T=$tu IP=$si 
ID=$ci\n");
     force_rport();
      if(msg:len > max_len)
        {
	 xlog("L_INFO", "Message too big - M=$rm RURI=$ru F=$fu T=$tu IP=$si 
ID=$ci\n");
	 sl_send_reply("513", "Message Too Big");
	 exit;
	}
      if (!mf_process_maxfwd_header("10"))
        {
	 xlog("L_INFO", "Too many hops - M=$rm RURI=$ru F=$fu T=$tu IP=$si 
ID=$ci\n");
	 sl_send_reply("483", "Too Many Hops");
	 exit;
	}
   if(!is_method("REGISTER"))
      {
       if(nat_uac_test("3"))
         {
    	 record_route(";nat=yes");
    	 }
       else
    	{
    	 record_route();
    	 }
	}
    if(loose_route())
      {
       if(!has_totag())
	{
          xlog("L_INFO", "Initial loose-routing rejected - M=$rm 
RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
          sl_send_reply("403", "Initial Loose-Routing Rejected");
          exit;
          }
       if(nat_uac_test("19") || search("^Route:.*;nat=yes"))
	   {
	fix_nated_contact();
	if(!search("^Content-Length:[ ]*0"))
           {
            fix_nated_sdp("3");
            setflag(6);
           }
         }
       if(is_method("BYE"))
         {
	   setflag(24); # account failed transactions
	   setflag(25); # account successful transactions
	    }
        # mark as loose-routed for acc
	   setflag(26);
	   route(1);
        }
    if(is_method("REGISTER"))
      {
       route(2);
       }
       setflag(24); # account failed transactions
       setflag(25); # account successful transactions
    if(is_method("INVITE"))
      {
       route(3);
       }
    if(is_method("CANCEL") || is_method("ACK"))
      {
       route(4);
       }

  route(5);
}


route[2]
  {
  sl_send_reply("100", "Trying");
if(!www_authorize("", "subscriber"))
   {
	xlog("L_INFO", "Register authentication failed - M=$rm RURI=$ru F=$fu 
T=$tu IP=$si ID=$ci\n");
	www_challenge("", "0");
	exit;
    }
if(!check_to())
   {
	xlog("L_INFO", "Spoofed To-URI detected - M=$rm RURI=$ru F=$fu T=$tu 
IP=$si ID=$ci\n");
	sl_send_reply("403", "Spoofed To-URI Detected");
	exit;
    }
   consume_credentials();
if(!search("^Contact:[ ]*\*") && nat_uac_test("19"))
   {
    	fix_nated_register();
	setflag(6);
    }
if(!save("location"))
   {
	xlog("L_ERR", "Saving contact failed - M=$rm RURI=$ru F=$fu T=$tu 
IP=$si ID=$ci\n");
	sl_reply_error();
    }
  xlog("L_INFO", "Registration successful - M=$rm RURI=$ru F=$fu T=$tu 
IP=$si ID=$ci\n");
  exit;
}




More information about the Users mailing list