ASTERISK-29004: SIP/2.0 488 Not Acceptable Here when configured with PJSIP/TLS

[Home]

Summary: ASTERISK-29004: SIP/2.0 488 Not Acceptable Here when configured with PJSIP/TLS

Reporter: Jack Brain (razormouse) Labels:

Date Opened: 2020-07-22 08:18:15 Date Closed: 2020-07-22 08:18:18

Priority: Major Regression? No

Status: Closed/Complete Components: pjproject/pjsip

Versions: 17.6.0 Frequency of
Occurrence

Related
Issues:

Environment: Operating System: Kali GNU/Linux Rolling Kernel: Linux 4.4.0-186-generic Architecture: x86-64 Asterisk: 17.6.0 Attachments:

Description: - We have build Asterisk 17.6.0 and PJSIP from the source on a VPS
- We configured TLS, generated client and server certificate
- Registered the Blink client for testing, success
- While making a call from Blink_1 to Blink_2 or vice-versa, it fails with an error

{code}
<--- Received SIP request (1021 bytes) from TLS:43.249.37.23:54700 --->
INVITE sip:2222@94.140.114.51 SIP/2.0
Via: SIP/2.0/TLS 192.168.75.143:49485;rport;branch=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c;alias
Max-Forwards: 70
From: "1111" <sip:1111@94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222@94.140.114.51>
Contact: <sip:80631759@192.168.75.143:49453;transport=tls>
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
CSeq: 16687 INVITE
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: replaces, norefersub, gruu
User-Agent: Blink 3.2.0 (Windows)
Content-Type: application/sdp
Content-Length: 429

v=0
o=- 3804383127 3804383127 IN IP4 192.168.75.143
s=Blink 3.2.0 (Windows)
t=0 0
m=audio 50048 RTP/AVP 113 9 0 8 101
c=IN IP4 192.168.75.143
a=rtcp:50049
a=rtpmap:113 opus/48000/2
a=fmtp:113 useinbandfec=1
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=zrtp-hash:1.10 6171448735d90ecf08cf6a7fefedf5369e0c4b0825c13d3b30741d5182bdff7f
a=sendrecv

<--- Transmitting SIP response (566 bytes) to TLS:43.249.37.23:54700 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 192.168.75.143:49485;rport=54700;received=43.249.37.23;branch=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c;alias
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
From: "1111" <sip:1111@94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222@94.140.114.51>;tag=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c
CSeq: 16687 INVITE
WWW-Authenticate: Digest realm="asterisk",nonce="1595419528/95038c7ada5d1c4091cb7649c149cd06",opaque="5a2d21b867e7b7d7",algorithm=md5,qop="auth"
Server: Asterisk PBX 17.6.0
Content-Length: 0

<--- Received SIP request (423 bytes) from TLS:43.249.37.23:54700 --->
ACK sip:2222@94.140.114.51 SIP/2.0
Via: SIP/2.0/TLS 192.168.75.143:49485;rport;branch=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c;alias
Max-Forwards: 70
From: "1111" <sip:1111@94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222@94.140.114.51>;tag=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
CSeq: 16687 ACK
User-Agent: Blink 3.2.0 (Windows)
Content-Length: 0

<--- Received SIP request (1314 bytes) from TLS:43.249.37.23:54700 --->
INVITE sip:2222@94.140.114.51 SIP/2.0
Via: SIP/2.0/TLS 192.168.75.143:49485;rport;branch=z9hG4bKPjbf7e99f726d74c4ebbbb508d7033dea9;alias
Max-Forwards: 70
From: "1111" <sip:1111@94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222@94.140.114.51>
Contact: <sip:80631759@192.168.75.143:49453;transport=tls>
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
CSeq: 16688 INVITE
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: replaces, norefersub, gruu
User-Agent: Blink 3.2.0 (Windows)
Authorization: Digest username="1111", realm="asterisk", nonce="1595419528/95038c7ada5d1c4091cb7649c149cd06", uri="sip:2222@94.140.114.51", response="7b6971ff7f3d73d8cb888640056d6e3e", algorithm=md5, cnonce="5bacef95a6f243e19c4cfc0b41ebb5c9", opaque="5a2d21b867e7b7d7", qop=auth, nc=00000001
Content-Type: application/sdp
Content-Length: 429

v=0
o=- 3804383127 3804383127 IN IP4 192.168.75.143
s=Blink 3.2.0 (Windows)
t=0 0
m=audio 50048 RTP/AVP 113 9 0 8 101
c=IN IP4 192.168.75.143
a=rtcp:50049
a=rtpmap:113 opus/48000/2
a=fmtp:113 useinbandfec=1
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=zrtp-hash:1.10 6171448735d90ecf08cf6a7fefedf5369e0c4b0825c13d3b30741d5182bdff7f
a=sendrecv

== Setting global variable 'SIPDOMAIN' to '94.140.114.51'
<--- Transmitting SIP response (368 bytes) to TLS:43.249.37.23:54700 --->
SIP/2.0 100 Trying
Via: SIP/2.0/TLS 192.168.75.143:49485;rport=54700;received=43.249.37.23;branch=z9hG4bKPjbf7e99f726d74c4ebbbb508d7033dea9;alias
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
From: "1111" <sip:1111@94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222@94.140.114.51>
CSeq: 16688 INVITE
Server: Asterisk PBX 17.6.0
Content-Length: 0

<--- Transmitting SIP response (422 bytes) to TLS:43.249.37.23:54700 --->
SIP/2.0 488 Not Acceptable Here
Via: SIP/2.0/TLS 192.168.75.143:49485;rport=54700;received=43.249.37.23;branch=z9hG4bKPjbf7e99f726d74c4ebbbb508d7033dea9;alias
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
From: "1111" <sip:1111@94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222@94.140.114.51>;tag=a7cdfce3-d8be-42b1-b0db-47e437493be3
CSeq: 16688 INVITE
Server: Asterisk PBX 17.6.0
Content-Length: 0

<--- Received SIP request (418 bytes) from TLS:43.249.37.23:54700 --->
ACK sip:2222@94.140.114.51 SIP/2.0
Via: SIP/2.0/TLS 192.168.75.143:49485;rport;branch=z9hG4bKPjbf7e99f726d74c4ebbbb508d7033dea9;alias
Max-Forwards: 70
From: "1111" <sip:1111@94.140.114.51>;tag=54c6492c375e44bf8a3599fe8047016f
To: <sip:2222@94.140.114.51>;tag=a7cdfce3-d8be-42b1-b0db-47e437493be3
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
CSeq: 16688 ACK
User-Agent: Blink 3.2.0 (Windows)
Content-Length: 0
{code}

- pjsip.conf:

{code}
[default]
type=transport
protocol=tls
bind=94.140.114.51:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
method=tlsv1

[1111]
type=aor
max_contacts=1
remove_existing=yes

[1111]
type=auth
auth_type=userpass
username=1111
password=1111

[1111]
type=endpoint
aors=1111
auth=1111
context=default
disallow=all
allow=GSM
allow=ulaw
allow=g726
allow=g729
allow=speex
allow=g722
allow=iLBC
dtmf_mode=rfc4733
media_encryption=sdes

[2222]
type=aor
max_contacts=1
remove_existing=yes

[2222]
type=auth
auth_type=userpass
username=2222
password=2222

[2222]
type=endpoint
aors=2222
auth=2222
context=default
disallow=all
allow=GSM
allow=ulaw
allow=g726
allow=g729
allow=speex
allow=g722
allow=iLBC
dtmf_mode=rfc4733
media_encryption=sdes

[3333]
type=aor
max_contacts=1
remove_existing=yes

[3333]
type=auth
auth_type=userpass
username=3333
password=3333

[3333]
type=endpoint
aors=3333
auth=3333
context=default
disallow=all
allow=gsm
allow=ulaw
allow=g726
allow=g729
dtmf_mode=rfc4733
media_encryption=sdes
{code}

- extensions.conf

{code}
[general]
static=yes
writeprotect=no
priorityjumping=no
autofallthrough=yes
clearglobalvars=no

;[local]
;exten=>1111,1,Dial(PJSIP/1111,20)
;exten=>2222,1,Dial(PJSIP/2222,20)
;exten=>3333,1,Dial(PJSIP/3333,20)

[default]
exten => 1111,1,Dial(PJSIP/1111,20)
exten => 2222,1,Dial(PJSIP/2222,20)
exten => 3333,1,Dial(PJSIP/3333,20)
{code}

Comments: By: Asterisk Team (asteriskteam) 2020-07-22 08:18:18.030-0500

We appreciate the difficulties you are facing, however information request type issues would be better served in a different forum.

The Asterisk community provides support over IRC, mailing lists, and forums as described at http://asterisk.org/community. The Asterisk issue tracker is used specifically to track issues concerning bugs and documentation errors.

If this issue is actually a bug please use the Bug issue type instead.

Please see the Asterisk Issue Guidelines [1] for instruction on the intended use of the Asterisk issue tracker.

Thanks!

[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines
By: Asterisk Team (asteriskteam) 2020-07-22 08:18:18.701-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur.