Page 1 of 1

Forbidden response when using CPA sip

PostPosted: Wed Mar 14, 2012 12:58 pm
by KeithHBW
[Mar 14 09:40:11] NOTICE[3684]: chan_sip.c:15495 handle_request_invite: Failed to authenticate user "Keith"<sip:8007@192.168.100.4>;tag=e91f7c47

[Mar 14 10:39:51] NOTICE[2868]: chan_sip.c:13822 handle_response_peerpoke: Peer '8007' is now Reachable. (23ms / 2000ms)
[Mar 14 10:40:10] WARNING[2868]: chan_sip.c:13482 handle_response_invite: Received response: "Forbidden" from '"Keith" <sip:8007@192.168.100.4>;tag=as7980de3c'

So I have correctly setup a SIP connection between gateway and dialer. As you can see it handles me logging into xlite just fine. If I dial my non-cpa sip trunk via 91########## it works fine. If I use my cpa trunk via 81########## I get the warning/notice you see above. My cpa sip stuff looks like the following:
On dialer:
[siptrunk-cpd]
type=peer
disallow=all
allow=ulaw
allow=alaw
context=trunkinbound
host=192.168.100.6
outboundproxy=192.168.100.7 <--CPA server, without this setting it works, with it does not.
port=5060
requirecalltoken=no
qualify=yes
insecure=port,invite


TRUNKCPD=SIP/siptrunk-cpd
exten => _81NXXNXXXXXX,1,AGI(agi://127.0.0.1:4577/call_log)
exten => _81NXXNXXXXXX,2,Dial(${TRUNKCPD}/9${EXTEN:1},,To)
exten => _81NXXNXXXXXX,3,Hangup

On gateway:
[siptrunk]
disallow=all
allow=ulaw
context=default
host=192.168.100.4
type=peer
requirecalltoken=no
insecure=port,invite

TRUNKXYZ=DAHDI/g1
; dial a long distance outbound number
; This 'o' Dial flag is VERY important for VICIDIAL on outbound calls
;exten => _91NXXNXXXXXX,1,AGI(agi://127.0.0.1:4577/call_log)
exten => _91NXXNXXXXXX,1,Dial(${TRUNKXYZ}/${EXTEN:1},,To)
exten => _91NXXNXXXXXX,2,Hangup

Any ideas?

UPDATE:
Its the CPA server that is rejecting the calls. I found this in cpa-stats.csv:
1331749464-478328-28949-12,2012-03-14,,,915038831636,Reject,11:24:24.540,,11:24:24.603,,,Reject


Edit - more information from cpa server:
2012-03-14 12:53:20:762 [772] INFO - netborder.sip.message :
<<<<<<<<<<<<<<<<<<<<<<<< SENDING SIP REQUEST via V4 0.0.0.0:5060/UDP to V4 192.168.100.6:5060/UDP

INVITE sip:91##########@192.168.100.6:5060;cpd=on SIP/2.0
Via: SIP/2.0/UDP 192.168.100.7:5060;branch=z9hG4bK-d99999-da7d693f02235d7a-1---d99999-;rport
Max-Forwards: 70
Contact: <sip:NetBorder@192.168.100.7:5060>
To: <sip:91##########@192.168.100.6:5060;cpd=on>;cpd=on
From: "Keith"<sip:8007@192.168.100.4>;tag=f952f772
Call-ID: MDM5ZGE3MWU2NDliNWZjZDQ3NTBlZTNjMjIzMTgyYjg.
CSeq: 1 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, INFO
Content-Type: application/sdp
Content-Length: 233
Remote-Party-ID: "Keith" <sip:8007@192.168.100.4>;privacy=off;screen=no

v=0
o=- 1331754800 1331754800 IN IP4 192.168.100.7
s=Netborder Media Session
c=IN IP4 192.168.100.7
t=0 0
m=audio 19000 RTP/AVP 0 8 101
a=recvonly
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:101 telephone-event/8000

2012-03-14 12:53:20:762 [3200] INFO - netborder.sip.message :
>>>>>>>>>>>>>>>>>>>>>>>> RECEIVED SIP RESPONSE from V4 192.168.100.6:5060/UDP

SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 192.168.100.7:5060;branch=z9hG4bK-d99999-da7d693f02235d7a-1---d99999-;received=192.168.100.7;rport=5060
To: <sip:91##########@192.168.100.6:5060;cpd=on>;tag=as7e2e3e1b;cpd=on
From: "Keith"<sip:8007@192.168.100.4>;tag=f952f772
Call-ID: MDM5ZGE3MWU2NDliNWZjZDQ3NTBlZTNjMjIzMTgyYjg.
CSeq: 1 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
User-Agent: Asterisk PBX
Content-Length: 0


2012-03-14 12:53:20:794 [272] INFO - netborder.cpa.CpaCall.pyc : Rejecting caller cpa
2012-03-14 12:53:20:825 [772] INFO - netborder.sip.message :
<<<<<<<<<<<<<<<<<<<<<<<< SENDING SIP RESPONSE via V4 0.0.0.0:5060/UDP to V4 192.168.100.4:5060/UDP

SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 192.168.100.4:5060;branch=z9hG4bK7381dd7f;rport=5060
To: <sip:91##########@192.168.100.6:5060;cpd=on>;tag=634ec67c
From: "Keith"<sip:8007@192.168.100.4>;tag=as47c99936
Call-ID: 67edc8ba16b01aba277190177d5565b0@192.168.100.4
CSeq: 102 INVITE
Content-Length: 0
CPD-Result: Reject
X-Netborder-Detailed-CPD-Result-v2-0: Reject
X-Netborder-Call-ID: 1331754800-669354-29058-0


Update 2: According to this its not the cpa... Its the gateway that is rejecting the sip connection.

Anyone got some ideas?

PostPosted: Wed Mar 14, 2012 10:35 pm
by sinisterdeath
Ive been having pretty much the same issue as you but i get back a 401 unauthorized error.

There is probably one small detail that we are missing that will make it work. Finding it seems to be the problem but.

2012-03-15 13:53:52:940 [456] INFO - netborder.sip.message :
>>>>>>>>>>>>>>>>>>>>>>>> RECEIVED SIP RESPONSE from V4 202.43.66.3:5060/UDP

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.50:5060;branch=z9hG4bK-d99999-3c2de15b6865193a-1---d99999-;received=203.206.228.211;rport=5060
To: <sip:0449588318@sip.bablio.com:5060;cpd=on>;tag=as5feb99e0;cpd=on
From: "8001"<sip:09533586@sip.bablio.com>;tag=c360b646
Call-ID: YmFiMmNiNDM3MjdiOTBjZDQ3OTVkYmFjNDk0NDEwMjI.
CSeq: 1 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Server: Asterisk PBX 1.6.2.20
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="58a4eef7"
Content-Length: 0

PostPosted: Thu Mar 15, 2012 10:30 am
by KeithHBW
So I figured it out after reading through all that debug stuff...

I added this to my sip gateway:
[siptrunk-cpd]
disallow=all
allow=ulaw
context=default
host=192.168.100.7 <--- cpa server
type=peer
requirecalltoken=no
insecure=port,invite

PostPosted: Thu Mar 15, 2012 4:40 pm
by sinisterdeath
With your host set as the cpa how does your call end up reaching the main sip connection which your non cpa would get to (192.168.100.4)

Re: Forbidden response when using CPA sip

PostPosted: Sun Jun 10, 2012 3:50 pm
by jucha
Hi, i have the same issue.

How do you resolve it?

PSTN <--> Asterisk 1.8 Box <--> SIP TRUNK <--> Vicibox Box.

Thank you

Re: Forbidden response when using CPA sip

PostPosted: Thu Jun 21, 2012 8:55 am
by mcargile
Asterisk is kind of stupid in how it handles proxies. It does not check to see if traffic from that proxy originated from a server that is allowed to send it calls. As such you need to make an entry on the gateway for the cpd server as well as an entry for the dialer.

Re: Forbidden response when using CPA sip

PostPosted: Thu Jul 05, 2012 11:13 am
by jucha
Hi.

You refers to static route???