Summary: | ASTERISK-16983: Peer (type=peer) matching is wrong when several peers use one IP:port | ||
Reporter: | Grigoriy Puzankin (boroda) | Labels: | |
Date Opened: | 2010-11-19 04:55:05.000-0600 | Date Closed: | 2011-06-07 14:05:28 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | I have D-Link DVG-2032 FXS SIP gateway. All ports are set to register as separate users. For example, port 1 as user 100, 2 - 101, etc. D-Link uses one udp port (5060) for all registrations. If I set type=friend then asterisk matches correct peer. I also tried to toggle match_auth_username - it makes no difference. ****** ADDITIONAL INFORMATION ****** Registration works fine. But when making call from 101-131 user Asterisk produces the following output: [Nov 18 22:23:44] WARNING[3306]: chan_sip.c:12808 check_auth: username mismatch, have <100>, digest has <121> [Nov 18 22:23:44] NOTICE[3306]: chan_sip.c:20144 handle_request_invite: Failed to authenticate device "121" <sip:121@10.78.3.236>;tag=a1ace834-687308 It also happens in Asterisk 1.8.0: [Nov 19 17:02:20] WARNING[4200]: chan_sip.c:13392 check_auth: username mismatch, have <100>, digest has <121> [Nov 19 17:02:20] NOTICE[4200]: chan_sip.c:21187 handle_request_invite: Failed to authenticate device "121" <sip:121@10.78.3.236>;tag=9866d817-754429 [Nov 19 17:02:26] WARNING[4200]: chan_sip.c:3383 retrans_pkt: Retransmission timeout reached on transmission D1B9-1B7F-46754429425673726C30-289@SipHost for seqno 315 (Critical Response) -- See doc/sip-retransmit.txt. Packet timed out after 6400ms with no response However, there's no 100 in INVITE/auth request. | ||
Comments: | By: Leif Madsen (lmadsen) 2010-12-06 13:58:17.000-0600 I believe this is the way matching is done when you set it to type=peer. As you have found out I believe you need to use type=friend. By: Leif Madsen (lmadsen) 2010-12-06 14:03:36.000-0600 Confirmed. This is just how it works. <jsmith> OK... are they trying to auth based on username and password? Obviously they must be... <leifmadsen> <russellb> type=peer _only_ matches on IP:port <leifmadsen> <russellb> there is no additional matching being done <leifmadsen> <russellb> it's going to match the first one it finds <jsmith> Therefore, they should be matching on a user (or the user portion of a friend) and not on a peer <leifmadsen> jsmith: thanks! <jsmith> If you match on a peer, you're only going to match on IP and port <leifmadsen> exactly <jsmith> Great minds think alike! By: Tim Osman (obeliks) 2012-03-24 01:31:07.105-0500 I think asterisk should be a little bit smarter in this case. Why restrict matching to the first IP/port ? It should scan the list of all peers with matching IP/ports. |