123
返回列表 發帖
角色

Rank: 2
1# 跳轉到 » 倒序看帖
打印
tT
發表於 2012-9-29 00:05 | 只看該作者

CM Phone不能在Asterisk注册成功的原因是(切底解决!!!)

本帖最後由 角色 於 2012-10-2 02:01 編輯

********************************************
注册不成功主要是在sip.conf没有加上
[general]
pedantic=yes

********************************************
下面是一般的Authorized问题时候怎样出。

CM Phone 的UAS出的nonce是特别长,一般是8位,但是它超过30。
  1. On 8/15/07, Stanisław Pitucha <stanis at zimbra-1.gradwell.net> wrote:
  2. >
  3. > ----- "Rizwan Hisham" <rizwanhasham at gmail.com> wrote:
  4. > > WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
  5. > nonce="584760da"
  6. >
  7. > > Authorization: Digest username="bernart48", realm="asterisk",
  8. > algorithm=MD5, uri="sip:bernart48 at 64.182.161.2:9060", nonce="584760da",
  9. > response="948d3923bf2df47eca17c572713af2c7", opaque=""
  10. >
  11. > > What i dont know, and would very much like to know, is what is the
  12. > > purpose of this parameter in sip packets?
  13. >
  14. > It's kind of challenge algorithm. What you see in "response" is not
  15. > MD5(password), but MD5('password', 'realm', ..., 'nonce'). Nonce is
  16. > generated by server so that you don't get the same hash for for every
  17. > authorization by that user. It prevents someone who can see only one way
  18. > communication from breaking your sip session + makes breaking hash a little
  19. > bit harder.
  20. > Nonce should be unique per authorization.
  21. > If nonce wasn't used you could reuse the same response in next connection
  22. > even if you don't know the real password.
  23. >
複製代碼
收藏 分享

角色

Rank: 2
2#
發表於 2012-9-29 00:37 | 只看該作者
本帖最後由 角色 於 2012-9-30 15:13 編輯

有关Authentication问题:

http://www.voip-info.org/wiki/view/SIP+Authentication

https://who.rocq.inria.fr/Philip ... authentication.html

TOP

角色

Rank: 2
3#
發表於 2012-9-29 00:44 | 只看該作者
本帖最後由 角色 於 2012-9-29 01:02 編輯

这个从我的Asterisk (在QNAP TS-269 Pro)的sip debug log: 看看CM Phone出的nonce的length=32 digits。一般是8 digits。
  1. <--- SIP read from UDP:202.0.179.3:5060 --->
  2. SIP/2.0 401 Unauthorized
  3. From: <sip:8523501xxxx5@202.0.179.3>;tag=as1d30f914
  4. To: <sip:8523501xxxx@202.0.179.3>;tag=7685ea46
  5. CSeq: 628 REGISTER
  6. Call-ID: 03999dfe3514ec8d7bb820032708fbae@192.168.1.6
  7. Via: SIP/2.0/UDP 116.49.xx.yyy:5228;branch=z9hG4bK2485b13a;rport=5228
  8. WWW-Authenticate: Digest realm="huawei",
  9. nonce="1b697d879c05f32a839a0088d90b0e53",domain="sip:huawei.com",
  10. stale=false,algorithm=MD5
  11. Content-Length: 0


  14. <------------->
  15. --- (10 headers 0 lines) ---
  16. Responding to challenge, registration to domain/host name 202.0.179.3
  17. REGISTER 11 headers, 0 lines
  18. Reliably Transmitting (NAT) to 202.0.179.3:5060:
  19. REGISTER sip:202.0.179.3 SIP/2.0
  20. Via: SIP/2.0/UDP 16.49.xx.yyy:5228;branch=z9hG4bK6352ed19;rport
  21. Max-Forwards: 70
  22. From: <sip:8523501xxxx@202.0.179.3>;tag=as019d952a
  23. To: <sip:8523501xxxx@202.0.179.3>
  24. Call-ID: 03999dfe3514ec8d7bb820032708fbae@192.168.1.6
  25. CSeq: 629 REGISTER
  26. User-Agent: Asterisk PBX
  27. Authorization: Digest username="8523501xxxx", realm="huawei", algorithm=MD5, uri="sip:202.0.179.3", nonce="", response="ceb646f297e29094bb0eea79318c8ed8"
  28. Expires: 120
  29. Contact: <sip:8523501xxxx5@116.49.xx.yyy:5228>
  30. Content-Length: 0
複製代碼

TOP

bubblestar

Rank: 1
4#
發表於 2012-9-29 14:06 | 只看該作者
有沒有解決辦法?

TOP

ckleea

Rank: 1
5#
發表於 2012-9-29 17:25 | 只看該作者
Have a look of mine
  1. CSeq: 105 REGISTER
  2. User-Agent: sipagent
  3. Authorization: Digest username="852350XXXXX", realm="huawei", algorithm=MD5, uri="sip:sip:huawei.com", nonce="5c4c4ec728864317b77f2a2f304f8cae", response="2674769296882a3b205a794f07c532de"
  4. Expires: 120
複製代碼

TOP

ckleea

Rank: 1
6#
發表於 2012-9-29 17:28 | 只看該作者
Please try my setting in your asterisk server
  1. [cmphone]
  2. type=peer
  3. host=202.0.179.3
  4. port=5060
  5. fromdomain=huawei.com
  6. fromuser=852350XXXXX
  7. realm=huawei
  8. secret=password
  9. username=852350XXXXX
  10. insecure=port,invite
  11. context=from-cmphone
  12. authname=852350XXXXX
  13. dtmfmode=auto
  14. canreinvite=no
  15. qualify=no
複製代碼

TOP

ckleea

Rank: 1
7#
發表於 2012-9-29 17:30 | 只看該作者
Your log shows the line
uri="sip:202.0.179.3"

But mine is
uri="sip:sip:huawei.com"

Obviously different

huawei.com has ip of 119.145.14.118 which is not cmphone ip

TOP

角色

Rank: 2
8#
發表於 2012-9-29 21:28 | 只看該作者
我按照你的settings,在我的TS-119 NAS看看,但是结果都是一样。

TOP

角色

Rank: 2
9#
發表於 2012-9-30 16:04 | 只看該作者
本帖最後由 角色 於 2012-10-1 17:40 編輯

就下面的信息把注册搞定:

https://issues.asterisk.org/jira/browse/ASTERISK-12743

http://www.asteriskguru.com/natut.php

TOP

ckleea

Rank: 1
10#
發表於 2012-9-30 16:10 | 只看該作者
We put pedantic =yes in [General]

TOP

ckleea

Rank: 1
11#
發表於 2012-9-30 16:18 | 只看該作者
With time and proper network connection at home, I manage to get IP01 at London, UK registered and dial in and out

TOP

bubblestar

Rank: 1
12#
發表於 2012-9-30 16:32 | 只看該作者
Yes, please put pedantic = yes in sip.conf [General]

TOP

角色

Rank: 2
13#
發表於 2012-9-30 17:03 | 只看該作者
如果要注册成功,我们要在Asterisk-GUI里是有得选的,请看下图:

0043.png

TOP

bubblestar

Rank: 1
14#
發表於 2012-9-30 17:23 | 只看該作者
回復 13# 角色


   
你的sip GUI 有少許參數跟我的不同。

sip.png

TOP

bubblestar

Rank: 1
15#
發表於 2012-9-30 17:27 | 只看該作者
For security sake, please uncheck "Allow guest calls".

TOP

123
返回列表