support Administrator
Joined: January 26 2005 Location: United States Posts: 1666
|
Posted: June 19 2006 at 12:28pm | IP Logged
|
|
|
LanScape Customers:
We have identified an issue concerning INVITE authentication retries using v5.11 of the VOIP Media Engine and version v1.2.7.1 or later of Asterisk PBX.
Problem description:
Applications built using the VOIP Media Engine v5.11 that communicate with Asterisk v1.2.7.1 or later may not authenticate properly when initiating a call through Asterisks. Registration authentication functions normally but INVITE authentication may not.
Reason:
When sending an INVITE request to Asterisk, Asterisk will attempt to authenticate the user specified in the request. If no (or expired) authentication information is present in the INVITE request, Asterisk will fail the request by responding with a "SIP/2.0 407 Proxy Authentication Required" SIP response.
The VOIP Media Engine will then automatically retry the INVITE using configured authentication information based on the challenge received from Asterisk. However, the VOIP Media Engine sends an updated INVITE request using a new "Call-Id:" header. Due to how Asterisks handles it's INVITE authentication, it will never allow the INVITE to be authenticated using a new call ID. For further details of how Asterisk handles INVITE authentication, please see Asterisk source code module chan_sip.c. Specifically procedures: handle_request() and check_user().
Resolution:
This issue has been resolved and will be released in v5.12 of the VOIP Media Engine that will be released by the end of June 2006.
Customers using v5.11 trial images of the VOIP Media Engine can request a new v5.12 trial when it becomes available. Until then, perform all Asterisk VOIP testing with authentication disabled.
Customers having v5.10 of the VOIP Media can upgrade to v5.12. Please see upgrade pricing in our online store.
Customers having v5.11 of the VOIP Media will be upgraded for free when v5.12 is released. Contact LanScape support for upgrade information.
For users not wishing to upgrade, you will have to debug and patch the Asterisk chan_sip.c module yourself to remove this behavior in Asterisk.
Support
|