Linux
為什麼所有軟電話在收到來自 Asterisk 的 401 未授權後都無法進行身份驗證?
當我嘗試從CSipSimple連接到 Asterisk 伺服器時,通過 Cisco router,在同一網路上,Asterisk 日誌顯示嘗試的連接:
<-------------> [Mar 23 20:01:34] VERBOSE[4067] chan_sip.c: [Mar 23 20:01:34] --- (8 headers 0 lines) --- [Mar 23 20:01:34] NOTICE[4067] chan_sip.c: Outbound Registration: Expiry for nat5.babytel.ca is 55 sec (Scheduling reregistration in 40 s) [Mar 23 20:01:34] VERBOSE[4067] chan_sip.c: [Mar 23 20:01:34] Really destroying SIP dialog '5e070a0021f200c72308ddad6fe2521c@192.168.0.99' Method: REGISTER [Mar 23 20:02:01] VERBOSE[20423] manager.c: [Mar 23 20:02:01] == Manager 'sendcron' logged on from 127.0.0.1 [Mar 23 20:02:01] VERBOSE[20423] manager.c: [Mar 23 20:02:01] == Manager 'sendcron' logged off from 127.0.0.1 [Mar 23 20:02:06] VERBOSE[20436] manager.c: [Mar 23 20:02:06] == Manager 'sendcron' logged on from 127.0.0.1 [Mar 23 20:02:06] VERBOSE[20436] manager.c: [Mar 23 20:02:06] == Manager 'sendcron' logged off from 127.0.0.1 [Mar 23 20:02:10] VERBOSE[4067] chan_sip.c: [Mar 23 20:02:10] <--- SIP read from UDP:192.168.0.15:39462 ---> REGISTER sip:192.168.0.99 SIP/2.0 v: SIP/2.0/UDP 99.99.99.99:39462;rport;branch=z9hG4bKPjiUEFUHN08Wvs9xG2Q9tzRMOxFYJ323dO Route: <sip:192.168.0.99;transport=udp;lr> Max-Forwards: 70 f: <sip:201@192.168.0.99>;tag=HVPwJ.kg.9MW6PypcpObrVPGC3l3B-Uh t: <sip:201@192.168.0.99> i: QIsF0rZ0wYvzKC9S2P0rWhnYGsQ9FQbI CSeq: 56288 REGISTER User-Agent: CSipSimple_v1-16/r2457 m: <sip:201@99.99.99.99:39462;ob>;+sip.ice Expires: 900 Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS l: 0 <-------------> [Mar 23 20:02:10] VERBOSE[4067] chan_sip.c: [Mar 23 20:02:10] --- (13 headers 0 lines) --- [Mar 23 20:02:10] VERBOSE[4067] chan_sip.c: [Mar 23 20:02:10] Sending to 192.168.0.15:39462 (NAT) [Mar 23 20:02:10] VERBOSE[4067] chan_sip.c: [Mar 23 20:02:10] <--- Transmitting (NAT) to 192.168.0.15:39462 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 99.99.99.99:39462;branch=z9hG4bKPjiUEFUHN08Wvs9xG2Q9tzRMOxFYJ323dO;received=192.168.0.15;rport=39462 From: <sip:201@192.168.0.99>;tag=HVPwJ.kg.9MW6PypcpObrVPGC3l3B-Uh To: <sip:201@192.168.0.99>;tag=as0986faf4 Call-ID: QIsF0rZ0wYvzKC9S2P0rWhnYGsQ9FQbI CSeq: 56288 REGISTER Server: Asterisk PBX 1.8.29.0-vici Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="10600450" Content-Length: 0
CSipSimple 本身無法連接到本地 Asterisk 伺服器。
因為Jitsi 顯示了類似的錯誤,所以它似乎不是特定於客戶端的。因為 Mac 上的 Jitsi 和 Android 手機上的 CSipSimple 都可以發出語音呼叫,在我看來,這肯定會消除路由器上的防火牆作為原因。
與此同時,我已禁用伺服器上的防火牆以消除潛在問題,誠然,這可能不是必需的。
當 Asterisk 回复
401 Unauthorized
我如何知道為什麼連接是未經授權的?完整日誌太大,無法在此處發布。雖然
sip set debug on
沒有提供任何輸出,但該命令的輸出是here,儘管那是使用 Jitsi。
401 Unauthorized 不是錯誤:是身份驗證機制在 SIP 上的工作方式(請參閱此答案)
該行:
[Mar 23 20:02:10] NOTICE[4067] chan_sip.c: Registration from '<sip:201@192.168.0.99>' failed for '192.168.0.15:39462' - Wrong password
似乎很清楚:您的 SIP 客戶端中的密碼錯誤,並且身份驗證不成功。sip.conf 中的 SIP 密碼,通過對等定義 (201) 中的“secret”參數。