Linux

為什麼所有軟電話在收到來自 Asterisk 的 401 未授權後都無法進行身份驗證?

  • March 26, 2015

當我嘗試從CSipSimple連接到 Asterisk 伺服器時,通過 Cisco router,在同一網路上,Asterisk 日誌顯示嘗試的連接:

<------------->
[Mar 23 20:01:34] VERBOSE[4067] chan_sip.c: [Mar 23 20:01:34] --- (8 headers 0 lines) ---
[Mar 23 20:01:34] NOTICE[4067] chan_sip.c: Outbound Registration: Expiry for nat5.babytel.ca is 55 sec (Scheduling reregistration in 40 s)
[Mar 23 20:01:34] VERBOSE[4067] chan_sip.c: [Mar 23 20:01:34] Really destroying SIP dialog '5e070a0021f200c72308ddad6fe2521c@192.168.0.99' Method: REGISTER
[Mar 23 20:02:01] VERBOSE[20423] manager.c: [Mar 23 20:02:01]   == Manager 'sendcron' logged on from 127.0.0.1
[Mar 23 20:02:01] VERBOSE[20423] manager.c: [Mar 23 20:02:01]   == Manager 'sendcron' logged off from 127.0.0.1
[Mar 23 20:02:06] VERBOSE[20436] manager.c: [Mar 23 20:02:06]   == Manager 'sendcron' logged on from 127.0.0.1
[Mar 23 20:02:06] VERBOSE[20436] manager.c: [Mar 23 20:02:06]   == Manager 'sendcron' logged off from 127.0.0.1
[Mar 23 20:02:10] VERBOSE[4067] chan_sip.c: [Mar 23 20:02:10]
<--- SIP read from UDP:192.168.0.15:39462 --->
REGISTER sip:192.168.0.99 SIP/2.0
v: SIP/2.0/UDP 99.99.99.99:39462;rport;branch=z9hG4bKPjiUEFUHN08Wvs9xG2Q9tzRMOxFYJ323dO
Route: <sip:192.168.0.99;transport=udp;lr>
Max-Forwards: 70
f: <sip:201@192.168.0.99>;tag=HVPwJ.kg.9MW6PypcpObrVPGC3l3B-Uh
t: <sip:201@192.168.0.99>
i: QIsF0rZ0wYvzKC9S2P0rWhnYGsQ9FQbI
CSeq: 56288 REGISTER
User-Agent: CSipSimple_v1-16/r2457
m: <sip:201@99.99.99.99:39462;ob>;+sip.ice
Expires: 900
Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
l: 0

<------------->
[Mar 23 20:02:10] VERBOSE[4067] chan_sip.c: [Mar 23 20:02:10] --- (13 headers 0 lines) ---
[Mar 23 20:02:10] VERBOSE[4067] chan_sip.c: [Mar 23 20:02:10] Sending to 192.168.0.15:39462 (NAT)
[Mar 23 20:02:10] VERBOSE[4067] chan_sip.c: [Mar 23 20:02:10]
<--- Transmitting (NAT) to 192.168.0.15:39462 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 99.99.99.99:39462;branch=z9hG4bKPjiUEFUHN08Wvs9xG2Q9tzRMOxFYJ323dO;received=192.168.0.15;rport=39462
From: <sip:201@192.168.0.99>;tag=HVPwJ.kg.9MW6PypcpObrVPGC3l3B-Uh
To: <sip:201@192.168.0.99>;tag=as0986faf4
Call-ID: QIsF0rZ0wYvzKC9S2P0rWhnYGsQ9FQbI
CSeq: 56288 REGISTER
Server: Asterisk PBX 1.8.29.0-vici
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="10600450"
Content-Length: 0

CSipSimple 本身無法連接到本地 Asterisk 伺服器。

因為Jitsi 顯示了類似的錯誤,所以它似乎不是特定於客戶端的。因為 Mac 上的 Jitsi 和 Android 手機上的 CSipSimple 都可以發出語音呼叫,在我看來,這肯定會消除路由器上的防火牆作為原因。

與此同時,我已禁用伺服器上的防火牆以消除潛在問題,誠然,這可能不是必需的。

當 Asterisk 回复401 Unauthorized我如何知道為什麼連接是未經授權的?

完整日誌太大,無法在此處發布。雖然sip set debug on沒有提供任何輸出,但該命令的輸出是here,儘管那是使用 Jitsi。

401 Unauthorized 不是錯誤:是身份驗證機制在 SIP 上的工作方式(請參閱答案)

該行:

[Mar 23 20:02:10] NOTICE[4067] chan_sip.c: Registration from '<sip:201@192.168.0.99>' failed for '192.168.0.15:39462' - Wrong password

似乎很清楚:您的 SIP 客戶端中的密碼錯誤,並且身份驗證不成功。sip.conf 中的 SIP 密碼,通過對等定義 (201) 中的“secret”參數。

引用自:https://serverfault.com/questions/677767