Jump to content
Vodia PBX forum
Manolo

Outbound Proxy

Recommended Posts

We are trying to register a SIP Trunk, which uses an Outbound proxy.

 

When we use a simple softphone directly configured with the provider (Zoiper), the trunk registers succesfully. (see attachment for settings). But when we try to register through the Snom PBX (version 2011-4.3.0.5021 (Win32)), we get the following errors: Registration fail , or, FORBIDDEN.

 

If we compare, the zoiper settings, with the sip trunk fields of the Snom One, we have the following questions:

 

Is the account in Snom, the same as the username in Zoiper?

 

Is the Domain field in Zoiper, the same as the Domain in Snom One?

 

Is the auth. Username in zoiper, the same as the username in Snom?

 

Is the proxy address in Snom, the same thing as the OUTBOUND PROXY in Zoiper?

 

Other SIP trunks in the Snom One do register and work fine (with other SIP providers), so the problem is not a firewall or some other internet related issue. The only problem is with this specific provider, but the strange thing is that Zoiper registers, but the Snom One doesnt.

 

Thanks,

Share this post


Link to post
Share on other sites

I would take a look at the SIP packets and compare From-headers and Authentication headers. Maybe there is a mistake in the authentication, e.g. user@domain instead of just user. Sometimes providers have a problem with UUID, so please turn it off.

Share this post


Link to post
Share on other sites

Does your configuration looks like this in the Vodia PBX?

 

 

Registrations
Display Name: "Name it "
Account: "Should be phone number"
Domain: "Should be the domain name"
Username: Should be phone number"
Password: "Password"
••••••••••
Password (repeat): "Password"
••••••••••
Proxy Address: "Should be the domain name"
Explicitly list addresses for inbound traffic: "Should be the domain name" or the IPV4
Preferred SIP port for trunk:

Share this post


Link to post
Share on other sites

HI,

 

As in the picture attached in the previous post, the configuration on the PBX is:

 

Account: +XXXX

Domain: domain_Name

Username: +XXXX@domain_Name

Password: ******

Proxy addres: "some IP"

 

The above are settings provided by our SIP provider and already configured in our PBX.

 

As you can see, the domain is not the same as the proxy, and the account is not the same as the Username. This is the first time that a SIP provider gives us diferent account and username, as different domain and proxy. All other trunks that we have functioning well, the proxy and domain are the same, and account and username are the same also....

 

We already tried to disable the uuid setting, but still doesnt register to the provider...What else could be the problem?

Share this post


Link to post
Share on other sites

Hello,

 

We finally have the logs compared between Zoiper (which does register to the SIP provider), and our Snom Server. The ONLY difference between the two logs is, that in the REGISTER (in the authorization part of the log), Zoiper sends this setting : qop=auth, but our pbx sends it this way: qop="auth".

 

So Zoiper sends the qop without the "", and our pbx send the REGISTER with ""... Does this make sense? Is there a way to configure our PBX so that it DOESN't send the ""?

 

Thanks!

Share this post


Link to post
Share on other sites

Yes, unfortunately that makes a difference. In the early days of SIP, there were implementations that were simply buggy, and this has lasted for years. RFC 3261 makes it clear that the quotes are necessary:

 

qop-options = "qop" EQUAL LDQUOT qop-value *("," qop-value) RDQUOT
The problem is if we take the quotes out, we break other SIP trunks and we are not RFC compliant any more. Most implementation over the past years accept both quoted and unquoted. Your service provider needs to update the software...

Share this post


Link to post
Share on other sites

Hi,

I am currently facing the same issue when registering against Broadsoft switch. Vodia PBX sends qop="auth" in Authorization field.

I remember having this issue few years ago as well.

If I look RFC3261 again then I understand that the right way is to send qop=auth without quotations in Authorization filed.

Quote

   An example of the Authorization header field is:

      Authorization: Digest username="bob",
              realm="biloxi.com",
              nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
              uri="sip:bob@biloxi.com",
              qop=auth,
              nc=00000001,
              cnonce="0a4f113b",
              response="6629fae49393a05397450978507c4ef1",
              opaque="5ccc069c403ebaf9f0171e9517f40e41"
Quote

Authorization     =  "Authorization" HCOLON credentials
credentials       =  ("Digest" LWS digest-response)
                     / other-response
digest-response   =  dig-resp *(COMMA dig-resp)
dig-resp          =  username / realm / nonce / digest-uri
                      / dresponse / algorithm / cnonce
                      / opaque / message-qop
                      / nonce-count / auth-param
username          =  "username" EQUAL username-value
username-value    =  quoted-string
digest-uri        =  "uri" EQUAL LDQUOT digest-uri-value RDQUOT
digest-uri-value  =  rquest-uri ; Equal to request-uri as specified
                     by HTTP/1.1
message-qop       =  "qop" EQUAL qop-value

In other  fields (WWW-Authenticate and Proxy-Authenticate) it should be with quotation marks.

So I think Vodia should change this behavior or add possibility to change it in case some developers have misunderstood the RFC.

 

Best regards
Madis Malv

Share this post


Link to post
Share on other sites

In the later versions (I would assume at least 61.0 has it) the qop gets quoted only if it contains a comma. So it would send qop=auth and qop="auth,auth-int". This should work with anything out there without the need to introduce a setting for this.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×