News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

SIP registration problems - please help!

Started by ichigo, March 14, 2012, 06:35:54 PM

Previous topic - Next topic

ichigo

Hi,
I am trying to set up my OBi100 to work with my ITSP in Japan. However, I keep getting a "Register Failed: 401 Unauthorized" error. Here's what I have tried so far:
I used the obitalk portal to do the configuration.

1. Tried the simple setup by using the "Generic Service Provider" option and filling in the "ITSP Proxy Server", "Auth User Name" and "Auth Password" fields.
That got me a "403 Forbidden" error.

2. Next, I tried the OBi Expert config (I had enabled auto provisioning earlier) and changed the following:
Service Providers > ITSP Profile B General > Name: asahi-net
Service Providers > ITSP Profile B SIP > ProxyServer: voip02.nc.asahi-net.or.jp
Voice Service > SP2 Service > Enable: <checked>
Voice Service > SP2 Service > X_ServProvProfile:B
Voice Service > SP2 Service > X_RingProfile:B
Voice Service > SP2 Service > X_CodecProfile:B
AuthUserName > {User ID provided by ITSP}
AuthPassword > {password provided by ITSP}
URI > 050xxxxxxxx@asahi-net.or.jp
where 050xxxxxxxx is the phone number provided by the ITSP

Note that if I swap the UserName with the phone number OR just put only the phone number in the URI field OR leave the URI field blank, etc - I keep getting 403 Forbidden error.
Its only with the combo described above, that I get the "Register Failed: 401 Unauthorized (server=210.227.109.205:5060; retry in 26s)"

Just to check, I tried putting in the same details in X-lite or ExpressTalk on my computer, and it registers and I can ring the IP softphone from another phone.

Not sure what I am missing with OBi. When replying, please consider that I am not a tech person, but I can find my way around IT :)

Cheers!

Stewart

一護さん (or is it 苺さん?),

Please describe your successful settings in X-Lite and I'll try to provide the corresponding ones for the OBi.

User ID: (User ID provided by ITSP, phone number from ITSP, or something else)?
Domain: (asahi-net.or.jp, voip02.nc.asahi-net.or.jp, or something else)?
Password: (I assume that's the password provided by ITSP)
Display name: (your name, blank, something else)? (OBi may have a problem with kana or kanji in this field.)
Authorization name: (User ID provided by ITSP, blank, or something else)?
Also, any settings in the Domain Proxy box.

ichigo

ha! Probably the strawberry is better :)

I will check the X-Lite settings and let you know once I am back home.
Don't think kana/kanji is a problem, since I don't use it. Besides, I am using a Mac with a US keyboard and US character map (I didn't activate any Japanese setting on my Mac).
And Stewart, thanks for your quick reply!

ichigo

Hi Stewart... I've attached screenshots for the X-Lite settings that got it to register properly. Password is provided by the ITSP.
Thanks for your help!

Stewart

Try the following (keeping other settings as you had described):

ITSP Profile B -> SIP -> ProxyServer: asahi-net.or.jp
ITSP Profile B -> SIP -> OutboundProxy: voip02.nc.asahi-net.or.jp
Voice Services -> SP2 Service -> AuthUserName: User ID from ITSP
Voice Services -> SP2 Service -> URI: 050xxxxxxxx@asahi-net.or.jp

If you still get a 401:  Confirm that password is correct, e.g. by pasting into both X-Lite and device.  If that's not it, we can use Wireshark and SIP Debug to compare what is being sent in both cases.

If you still get a 403, note that some providers disallow multiple registrations with the same credentials.  Make sure that X-Lite (and any other VoIP apps or devices) have been shut down (not just minimized).  Otherwise, we should look at the response with SIP Debug -- there may be a clue in the text following the 403, or in e.g. a Warning header.

ichigo

Tried changing the settings for ProxyServer and OutboundProxy and by pasting the password into both X-Lite and the OBi. Still getting a 401.

I have downloaded and installed Wireshark. How do I use i?
I have now enabled
Voice Services -> SP2 Service -> X_SipDebugOption:Log All Messages
on the device
But how do I configure Device Admin >Syslog?
The OBi is connected to an Apple Time Capsule, which is wirelessly connected to another Airport Express which gets the internet/vdsl modem connection. (the outlet is in an odd place, hence this setup). My computer is on the same wireless network, but to log the OBi, do I connect the computer to the Time Capsule by ethernet or do I connect the OBi to the computer? Or is there a simpler way?

Stewart

Conceivably, one of the Apple devices has a SIP ALG that is causing trouble.  Possibly, changing SP2 Service -> X_UserAgentPort from 5061 to 5070 will help.

Otherwise, I'm not familiar with the Time Capsule, but if it is acting as a simple bridge, the syslog packets should be able to reach your computer with no topology changes.

In the OBi, set Syslog -> Server to the private IP address (probably 192.168.x.x) of the computer running Wireshark.  Start a capture and confirm that syslog packets appear.  To make it easier to see SIP, select one of the packets, right-click and choose Decode As, choose destination (514) as SIP.

For X-Lite, you should be able to see the SIP traffic directly.

ichigo

I will try out your suggestions once I am back home.

You can consider Time Capsule to be just an Airport Extreme Base Station plus a disk, for simplicity. Its been set up to extend the network of the main wireless base station - not sure if that is the same as a "bridge".

I was just thinking... since the OBi has been configured, why don't I just connect it directly to the phone co's modem, temporarily disconnecting the Apple devices, and see if it works? If it does, then you are probably right with the SIP ALG problems on Apple devices. You think this course of action might help to identify the issue?

Stewart

Testing with a direct connection to the modem is a good idea.  Does the Airport Express get a public IP address on the WAN side?  If not, the modem is likely also configured as a router (but it's still worth trying the test).  Is the Airport Express set up to do PPPoE (or some other PPP protocol) to the modem?  If so, you won't be able to connect the OBi directly, as it does not support such protocols.

In any case, confirm that the direct modem connection is working, by calling the echo test **9 222 222 222.  Do you have another service on SP1?  Does it work properly?  When connected directly to the modem, if you have another path to the Internet (smartphone, neighbor's Wi-Fi, etc.), try to see if the OBi is showing the same error.


ichigo

#9
Ah! Thanks for pointing out. The Airport Express is set up to do a PPPoE to the modem and that is how it gets the public IP address on the WAN side (i think?). Hmmm...tricky to connect the OBi directly in that case.
I have google voice set up on SP1 and it connects flawlessly. Does that rule out the SIP ALG problem or could it still be manifested for SP2?
Also, for Device Admin >Syslog> Level... what do I set it at? Should I leave it at the default 7?

Stewart

Assuming that changing X_UserAgentPort didn't help:

A SIP ALG problem would be unlikely to impact either GV or OBiTalk, as they are very different protocols.  If you have one, trying another brand of router would be a useful quick test.  Or, if you have a second Ethernet NIC for your Mac, e.g. a USB-to-Ethernet dongle, you could set up PPPoE on the Mac, connected directly to the modem, sharing the Internet connection to the other Ethernet port, where you'd connect the OBi (if the NIC is not auto MDI/MDX, you'd need a crossover cable, hub or switch in the path.

If you just want to proceed with the Wireshark analysis, don't worry about Syslog Level.  It doesn't affect SIP Debug at all; it only controls what internal OBi events get logged.  The default setting (7) logs everything available, which can't hurt and might prove useful.

Yet a third approach would be to test the OBi with another SIP provider, e.g. a free Callcentric account.  If that also fails, it will be easier to debug, because many users here are familiar with it.  If Callcentric works ok, we can look at what's different between the two providers.

RevKev

I would try connecting the OBi directly to the AE and bypass the Time Capsule and see if that makes any difference.

ichigo

#12
Yes, you're correct Stewart: changing X-UserAgentPort did not help.

I didn't want to go out in the rain to buy a USB-to-Ethernet dongle or another brand of router, and I was a bit overwhelmed by Wireshark - so I decided to try option 3. Callcentric registered without any hiccups at all and I was able to receive and make calls. I cross-checked the OBi's Call History page to make sure that the calls were indeed routed through SP2 (Callcentric). So now do you think we can leave the SIP ALG issue behind us?

I think I will now have to look at Wireshark again and get those logs for you to analyze :)

@RevKev: the AirportExpress only has a WAN port - so I cannot connect the OBi to it directly.

Stewart

In case it's difficult to get the ASAHI Net service to work properly, could another provider be a good alternative?  ASAHI rates to Japan landlines and mobiles are quite high.  Are you using it primarly to call free 050 numbers?

Is your existing 050 number important to you?  If so, can it be ported to another provider?  If not, would a geographic, e.g. 03 number be acceptable?

Does ASAHI include call forwarding?  If so, are there any free forwarding destinations (SIP URI, iNum, etc.)?  If so, that would provide a workaround for incoming, until the problem can be fixed.

ichigo

Asahi is my ISP and they are the cheapest with English language support. I do call 050 numbers, but I need a local Japan number for people to call, and this seems to be a cheap option. My current 050 number is not terribly important for me. 03 numbers are traditional telephone numbers here as far as I know.

I don't think Asahi includes call forwarding, but I can wait a while till the problem is fixed.

Stewart

At this point, I don't know whether this might be an ALG problem -- it's still possible that e.g. field length or header order might be making the difference.  With luck, the Wireshark traces will show what's happening.

If you are using ASAHI Net just for incoming and for calling free 050 numbers, the cost is only a few yen, so I hope we can make it work -- anything else would cost more, or have significant limitations.  For example, an Anveo Tokyo DID (Value plan) is $6.45/mo.  A free solution that would work only for specific contacts is Rebtel, set up to ring a free Callcentric (or other) iNum.  A caller who is not a contact could still reach you, but it would require two-stage dialing.  For example, if you call a SIPBroker access number such as 06-45604000, and at the prompt enter *4621777xxxxxxx (use the last 7 digits of your Callcentric number), your OBi phone should ring.

ichigo

Yes, the other options are either more complicated or costlier - usually both. So I would be relieved if this worked! I sent you a PM with a few more details. Let me know if you need anything else.

Stewart

In the Airport Express, try forwarding UDP port 5061 to the OBi.  Because of a number of factors, it appears that a contact header with a bad port number is being generated.  I am hoping that with the forwarding in place, the AE won't translate the source port on the REGISTER requests.

If no luck, please post captures in the OBi ASAHI case, with at least 5 SIP packets (initial REGISTER attempt, 401 response, REGISTER with Authorization, ??? response and ??? next request).

ichigo

Sorry, I had forgotten to mention that during my initial run-in with this problem, even before I made my first post in this forum, I had come across something on the web and had made the changes suggested. You can check out the post here:
http://forums.counterpath.com/viewtopic.php?f=1&t=3820
As suggested in that post, I forwarded UDP (and TCP) ports 5060-5061 to the OBi. I also disabled the X_UseRport option in Service Providers > ITSP Profile B > SIP (option not available in OBi Expert config - only when you login to the device directly).
Earlier (before the port forwarding and the rport setting), the OBi status kept showing "Waiting for server response". After the changes, I got the 401. If I enable rport and keep the port forwarding, I keep getting a 400 error.
Anyway, since the earlier logs I forwarded were with the ports forwarded already, here's the rest of the response to the REGISTER with Authorization and the next request:

Response to the REGISTER with Authorization
SIP/2.0 401 Unauthorized
Call-ID: 3ffdeaaa@192.168.0.3
l: 0
CSeq: 36720 REGISTER
From: <sip:050xxxxxxxx@asahi-net.or.jp>;tag=SP2246066421cf1cc74
To: <sip:050xxxxxxxx@asahi-net.or.jp>
v: SIP/2.0/UDP 192.168.0.3:5061;received=118.xx.xx.xx;branch=z9hG4bK-64466080
User-Agent: OBIHAI/OBi100-1.3.0.2690
Allow: ACK,BYE,CANCEL,INFO,INVITE,NOTIFY,OPTIONS,REFER
Supported: replaces
Date: Sat, 17 Mar 2012 06:38:10 GMT
WWW-Authenticate: Digest realm="ocn.ne.jp", domain="sip:210.227.109.205", nonce="1331964245", opaque="", stale=FALSE, algorithm=MD5

Next request
REGISTER sip:asahi-net.or.jp:5060 SIP/2.0
Call-ID: 3ffdeaaa@192.168.0.3
Content-Length: 0
CSeq: 36721 REGISTER
From: <sip:050xxxxxxxx@asahi-net.or.jp>;tag=SP2246066421cf1cc74
Max-Forwards: 70
To: <sip:050xxxxxxxx@asahi-net.or.jp>
Via: SIP/2.0/UDP 192.168.0.3:5061;branch=z9hG4bK-9bad5b4
Authorization: DIGEST algorithm=MD5,nonce="1331964245",opaque="",realm="ocn.ne.jp",response="fd261e8e81c87398d84af2d8322d346f",uri="sip:asahi-net.or.jp:5060",username="XXXXXXXX"
User-Agent: OBIHAI/OBi100-1.3.0.2690
Contact: <sip:050xxxxxxxx@118.xx.xx.xx:5061>;expires=60;+sip.instance="<urn:uuid:00000000-0000-0000-0000-9cadef1035b2>"
Allow: ACK,BYE,CANCEL,INFO,INVITE,NOTIFY,OPTIONS,REFER
Supported: replaces

Stewart

It appears that there are a combination of three constraints (any two of which would not be a problem).

1. The OBi insists on processing the Via received parameter, even when rport is turned off.
2. The AE insists on translating the source port number, even with the port forwarded.
3. ASAHI refuses to accept an rport parameter.

At this point, I have few suggestions remaining.  If you haven't yet tried this, test with X_UserAgentPort set to 5060, with port 5060 forwarded to the OBi.  (To avoid a conflict, you may need to change X_UserAgentPort for SP1 to something else, even though your SP1 is not SIP.)

A second possibility is connecting the Mac directly to the modem, setting up PPPoE on the Mac.  Then, set up sharing to share the PPP connection via Wi-Fi and configure the Time Capsule to connect to the Mac.

Possibly, you can "launder" the connection through a free PBXes account, though I don't know whether you'll have an rport issue there. (I'll give you suggested settings for the trunk, if you want to try.)

There might be another free PBX that you could relay through, but I'm not familiar with any.  Perhaps another member can chime in here.

You could almost certainly fix the problem by running e.g. FreeSWITCH on your Mac, but that would be a lot of work.

Can you take the OBi over to another site (friend, neighbor, work) and see whether a different router helps?