QUESTION SIP Digest Authentication Endpoint / Trunk

[Quaine Day]

Hello Guys,
I have a Dialogic HMP Enghouse Interactive Console trying to place outbound calls through Incredible Server.

At the moment we are able to place calls from HMP to an internal extension using example calling script. sip:[email protected]:5060

2126 is an internal extension and the endpoint for that device is 192.168.37.2

As well I can dial from extension 2126 to HMP on extension 3000 and get a response.

I can also call the CP from outside using inbound DID.

The problem we are facing now is trying to place a call using the SIP registar @192.168.37.1
So when using a calling script sip:[email protected]:5060 I get the 401 Unauthorized

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 172.16.81.162:5060;rport=5060;received=172.16.81.162;branch=z9hG4bK-151f7-5282d29-61281ea3-769a808
Call-ID: 76b3350-a25110ac-13c4-65014-151e4-4223ef2a-151e4
From: <sip:[email protected]>;tag=76a6768-a25110ac-13c4-65014-151e4-383dc4f0-151e4
To: <sip:[email protected]>;tag=z9hG4bK-151f7-5282d29-61281ea3-769a808
CSeq: 1 INVITE
WWW-Authenticate: Digest realm="asterisk",nonce="1461880367/93cd882a5ac7375cef8c68460b70da73",opaque="0485a646594bbeee",algorithm=md5,qop="auth"
Server: FPBX-12.0.74(13.7.2)
Content-Length: 0

Enghouse support advised to add the device as a trunk. By adding this device as a trunk and not an endpoint how does it place a call to other extensions or outside lines?

So at this time I have both the device configured as an endpoint and tried to configure it as a trunk.

Here is the sip_additional.conf

[3000]
deny=0.0.0.0/0.0.0.0
secret=XXXXXXX
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=172.16.81.162
trustrpid=yes
mediaencryption=no
sendrpid=no
type=friend
nat=no
port=5060
qualify=yes
qualifyfreq=60
transport=udp,tcp,tls
avpf=no
force_avp=no
icesupport=no
encryption=no
callgroup=
pickupgroup=
dial=SIP/3000
permit=0.0.0.0/0.0.0.0
callerid=Enghouse CP <3000>
callcounter=yes
faxdetect=no
cc_monitor_policy=generic

[Dialogic_HMP]
host=172.16.81.162
defaultuser=3000
secret=XXXXXX
type=friend
insecure=port,invite
dissallow=all
allow=ulaw
context=from-trunk


Notice the endpoint is configured as host=172.16.81.162 (ip address of HMP server)

If I set this host=dynamic the endpoint is no longer reachable and I am unable to make calls to it.

The HMP uses SIP Digest Authentication and I have followed the guide sent from enghouse to register it but it is failing.

I am at a loss right now and would like to know if anybody has some pointers.

Thanks in advance
Quaine

 

[henry]

How (by whom) is the traffic routed between the two networks: 172.16.0.0/16 and 192.168.0.0/16, both private...?

 

[Quaine Day]

Hi Henry,
The networks are routed via IPSec VPN tunnel.

172.16.81.0/24 = (data center location A)
192.168.37.0/24 = (data center location B)

Over the weekend I have thought about a few things:

1. Can the endpoint (3000/Enghouse CP) place an outbound call as an unauthenticated endpoint?
2. Do I really have the Enghouse CP endpoint configured correctly to register to IPBX13?

Here is the info I have gotten from Enghouse about registering the device.

1) Click on the “SIP Digest Authentication” and set the following values:

a. Realm: “accessline” <-- assumed this is just the server IP address

b. Identity: “sip:”+ {SIP TRUNK ID} +”@X.X.X.X” <- IP address of Registrar

c. Username: {SIP TRUNK ID}

d. Password: {Password}

So I enter the following:
realm: 192.168.37.1
Identity: sip:[email protected]
Username: 3000
Password: secret

So those are the details it asks for on the SIP Digest Authentication, then it goes further into configuring the user details for the SIP Digest Authentication.

I can provide further details if you feel its necessary.

Thanks in advance.

 

[henry]

I have never used the equipment you list, have no idea...
I asked about the IPs since they both are non-routable, so direct calls between them would be hard...

 

[Quaine Day]

Just for fun, I have deployed PBX in datacenter A
I am still unable to register the device to new PBX 172.16.81.26
When trying to place call from the Enghouse Endpoint without it actually being registered here is what I am seeing.

PV1PVME`c@fQQOzSIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 172.16.81.162:5060;branch=z9hG4bK-66412-18f6e783-62610f5e-7028270;received=172.16.81.162
From: <sip:[email protected]>;tag=7037220-a25110ac-13c4-65014-66411-1e6a5745-66411
To: <sip:[email protected]>;tag=as6f669bbd
Call-ID: 7046ec8-a25110ac-13c4-65014-66411-3656d37-66411
CSeq: 1 INVITE
Server: FPBX-13.0.109(13.7.1)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="5c578f1c"
Content-Length: 0

PVMPV1EQQACK sip:[email protected];transport=UDP SIP/2.0
From: <sip:[email protected]>;tag=7037220-a25110ac-13c4-65014-66411-1e6a5745-66411
To: <sip:[email protected]>;tag=as6f669bbd
Call-ID: 7046ec8-a25110ac-13c4-65014-66411-3656d37-66411
CSeq: 1 ACK
Via: SIP/2.0/UDP 172.16.81.162:5060;branch=z9hG4bK-66412-18f6e783-62610f5e-7028270
Max-Forwards: 70
Contact: 3000<sip:[email protected];transport=UDP>
Allow-Events: refer
Content-Length: 0

PV1PVME`/@QQ\OPTIONS sip:172.16.81.162 SIP/2.0
Via: SIP/2.0/UDP 172.16.81.26:5060;branch=z9hG4bK00e6e3dd
Max-Forwards: 70
From: "Unknown" <sip:[email protected]>;tag=as45b23d73
To: <sip:172.16.81.162>
Contact: <sip:[email protected]:5060>
Call-ID: [email protected]:5060
CSeq: 102 OPTIONS
User-Agent: FPBX-13.0.109(13.7.1)
Date: Mon, 02 May 2016 18:11:50 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0

PVMPV1EL"QQ8&SIP/2.0 200 OK
From: "Unknown"<sip:[email protected]>;tag=as45b23d73
To: <sip:172.16.81.162>;tag=7037060-a25110ac-13c4-65014-66424-517b74dc-66424
Call-ID: [email protected]:5060
CSeq: 102 OPTIONS
Via: SIP/2.0/UDP 172.16.81.26:5060;branch=z9hG4bK00e6e3dd
Supported: replaces
Accept-encoding:
Accept-language: en
Accept: application/sdp
Allow: INVITE, CANCEL, ACK, BYE, OPTIONS, INFO, REFER, NOTIFY
Content-Type: application/sdp
Content-Length: 322

v=0
o=Dialogic_SIP_CCLIB 0 58 IN IP4 172.16.81.162
s=Dialogic_SIP_CCLIB
i=session information
c=IN IP4 172.16.81.162
t=0 0
m=audio 49152 RTP/AVP 0 8 4 1 2 18 101
a=rtpmap:4 G723/8000
a=fmtp:4 bitrate=5.3; annexa=yes
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=yes
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15


Is it possible to register a SIP Digest Authentication endpoint to FreePBX?
Or does this device need to be set up as a trunk?

How would I set up this device as a trunk if this is what is required?

I am also confused about how the HMP will place a call if it is just a trunk connected to the FreePBX system.

Thanks in advance.

 

[Quaine Day]

Hello Guys,

I was able to get the Dialogic HMP Enghouse Interactive Syntellect Console registered as an endpoint. We are successful placing and making outbound calls now.

Steps required, in domain environment where I had proper forward lookup zone.

1. Create host A record for PBX system e.g. ipbx13 / this step is important because the CP will use this Host A record as the realm ID
2. Settings > Asterisk SIP Settings > Chan SIP > Other SIP Settings: realm = ipbx13 <-- Set this to the Host A record you created
3. Create SIP Extension, do not enable voicemail because the CP would not be able to respond to notify messages.

These next steps involve configuring the Enghouse Interactive CP:

Within the Syntellect Console, drill down to the Dialogic Boards Driver > Boards > HMP (IP)

1. Configure SIP Digest Authentication:
   a. Realm: “ipbx13”
   b. Identity: sip:{extension#}@X.X.X.X <- IP address of Registrar (PBX System)
   c. Username: {extension#}
   d. Password: {extension password}
2. Drill down on Registration to SIP and then add a domain by right clicking on the right hand side of the screen and then choose Add from the menu.
   a. Realm/Domain: ipbx13
   b. Registration interval: 60 <- This keeps the link alive by re-registering once per minute
   c. Accept other defaults for hops and register users
3. Drill down on SIP and then the real/domain that you just created and then click on Users. From there, right click on the right hand side of the screen and “Add” a user using the following parms:
   a. Address: {extension#}@X.X.X.X < - Registrar’s IP Address (PBX System)
   b. Contact: {extension#}@{your ECS IP Address} (Enghouse Server)
   c. Register: Yes

Once you have all these values set, you should be able to restart your CP Engine and accept phone calls.
If you are creating scripts to place calls make sure the calling party is set to sip:{extension#}@X.X.X.X <- IP address of Registrar (PBX System)


I hope this information may help others as this is not officially supported by Enghouse Interactive and there is very little information connecting Dialogic HMP to Asterisk system.

Incredible PBX rocks!!!!