<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Hi,<br>
you have to add, at leas, 1 entry (empty rule, if you don't need
inbound rules) in your INBOUND PEERING RULES, otherwise the calls
will be rejected with 403.<br>
<br>
Daniel<br>
<br>
<br>
<br>
</tt>On 01/10/2018 10:58 AM, pushakk wrote:<br>
<blockquote type="cite"
cite="mid:c29e9c9a-5057-aff2-a0c7-a606f9039699@limbo.deathwing.net">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<p>Hello everyone,</p>
<p>I'm testing SPCE with two diferents MGW devs (CISCO and DIGIUM
EPIGY). <br>
</p>
<p><br>
</p>
<p> T1 ---------------- GW (Cisco or epygi)
---------------- spce -------------------------- asterisk</p>
<p><br>
</p>
<p>Cisco 10.0.1.13<br>
epygi 10.0.1.21</p>
<p>spce 10.0.1.25<br>
asterisk 10.0.1.20<br>
</p>
<p>I have configured a peering test group with two peering servers
and I can enable or disable each one in convenience. I have
configured an outbound peering rule and an inbound peergin rule
matching 'To domain: 10.0.1.25' (it's working with epygi so i
don't think it could be the problem on CISCO). </p>
<p>With epigy, I can register my spce against a sip_tunnel epygi
configuration using the register in
/etc/ngcp-config/templates/etc/ngcp-sems/etc/reg_agent.conf.tt2.
Once registered, I can both receive and make calls without any
problem. <br>
</p>
<p>However with CISCO I can't find the way to register the peer.
Even so, I can make outbound calls but the inbound calls are
being rejected by spce with 403 Forbidden error message. Is it
mandatory to register against the peer server? In the spce doc
don't talk anything about that.<br>
</p>
<p>The log in lb and proxy are</p>
<p>First in lb the invite arrive and it is redirect to proxy</p>
<p>Jan 10 02:16:21 sip lb[26841]: NOTICE: <script>: New
request on lb - M=INVITE R=<a class="moz-txt-link-freetext"
href="sip:951******@10.0.1.25:5060" moz-do-not-send="true">sip:951******@10.0.1.25:5060</a>
F=<a class="moz-txt-link-freetext"
href="sip:620******@10.0.1.13" moz-do-not-send="true">sip:620******@10.0.1.13</a>
T=<a class="moz-txt-link-freetext"
href="sip:951******@10.0.1.25" moz-do-not-send="true">sip:951******@10.0.1.25</a>
IP=udp:10.0.1.13:58574 <a class="moz-txt-link-abbreviated"
href="mailto:ID=F54750FA-F4DA11E7-836FD6B1-F6498286@10.0.1.13"
moz-do-not-send="true">ID=F54750FA-F4DA11E7-836FD6B1-F6498286@10.0.1.13</a>
UA='Cisco-SIPGateway/IOS-12.x'<br>
</p>
<p>Jan 10 02:16:21 sip lb[26841]: NOTICE: <script>: <b>Relaying
request, du='<a class="moz-txt-link-freetext"
href="sip:127.0.0.1:5062" moz-do-not-send="true">sip:127.0.0.1:5062</a>'</b>,
fs='udp:127.0.0.1:5060' - R=<a class="moz-txt-link-freetext"
href="sip:95******@10.0.1.25:5060" moz-do-not-send="true">sip:95******@10.0.1.25:5060</a>
<a class="moz-txt-link-abbreviated"
href="mailto:ID=F54750FA-F4DA11E7-836FD6B1-F6498286@10.0.1.13"
moz-do-not-send="true">ID=F54750FA-F4DA11E7-836FD6B1-F6498286@10.0.1.13</a>
UA='Cisco-SIPGateway/IOS-12.x'</p>
<p>In proxy I have the error </p>
<p>Jan 10 09:44:31 sip proxy[21316]: NOTICE: <script>: Call
from PSTN - R=<a class="moz-txt-link-freetext"
href="sip:951******@10.0.1.25:5060" moz-do-not-send="true">sip:951******@10.0.1.25:5060</a>
<a class="moz-txt-link-abbreviated"
href="mailto:ID=90A0BD28-F51911E7-85C1D6B1-F6498286@10.0.1.13"
moz-do-not-send="true">ID=90A0BD28-F51911E7-85C1D6B1-F6498286@10.0.1.13</a>
UA='Cisco-SIPGateway/IOS-12.x'
<br>
</p>
<p>Jan 10 09:44:31 sip proxy[21316]: NOTICE: <script>: <b>No
matching inbound peer rule in any peering group, rejecting
call</b> - R=<a class="moz-txt-link-freetext"
href="sip:951******@10.0.1.25:5060" moz-do-not-send="true">sip:951******@10.0.1.25:5060</a>
<a class="moz-txt-link-abbreviated"
href="mailto:ID=90A0BD28-F51911E7-85C1D6B1-F6498286@10.0.1.13"
moz-do-not-send="true">ID=90A0BD28-F51911E7-85C1D6B1-F6498286@10.0.1.13</a>
UA='Cisco-SIPGateway/IOS-12.x' <br>
</p>
<p>And finally the lb return 403 Forbidden to Cisco</p>
<p>Jan 10 02:16:22 sip lb[26862]: NOTICE: <script>: Reply
from Inbound - S=100 - Trying M=INVITE IP=udp:127.0.0.1:5062 <a
class="moz-txt-link-abbreviated"
href="mailto:ID=F58C4827-F4DA11E7-8376D6B1-F6498286@10.0.1.13"
moz-do-not-send="true">ID=F58C4827-F4DA11E7-8376D6B1-F6498286@10.0.1.13</a>
UA='<null>'<br>
</p>
<p>Jan 10 02:16:22 sip lb[26862]: NOTICE: <script>: Sending
reply, fs='udp:10.0.1.25:5060' - <a
class="moz-txt-link-abbreviated"
href="mailto:ID=F58C4827-F4DA11E7-8376D6B1-F6498286@10.0.1.13"
moz-do-not-send="true">ID=F58C4827-F4DA11E7-8376D6B1-F6498286@10.0.1.13</a>
UA='<null>'<br>
</p>
<p>Jan 10 02:16:22 sip lb[26858]: NOTICE: <script>: Reply
from Inbound - <b>S=403 - Forbidden</b> M=INVITE
IP=udp:127.0.0.1:5062 <a class="moz-txt-link-abbreviated"
href="mailto:ID=F58C4827-F4DA11E7-8376D6B1-F6498286@10.0.1.13"
moz-do-not-send="true">ID=F58C4827-F4DA11E7-8376D6B1-F6498286@10.0.1.13</a>
UA='<null>'</p>
<p>I have readed a few times the spce doc about peering but it is
poor. I don't know if the "no matching inbound peer rule" is
causing the 403 forbidden or if the forbidden is causing the
"not matching inbound peer rule". <br>
</p>
<p>The traffic betwen Cisco GW and spce:</p>
<p>U 10.0.1.13:52734 -> 10.0.1.25:5060<br>
INVITE <a class="moz-txt-link-freetext"
href="sip:951******@10.0.1.25:5060" moz-do-not-send="true">sip:951******@10.0.1.25:5060</a>
SIP/2.0..Via: SIP/2.0/UDP
10.0.1.13:5060;branch=z9hG4bKB76177B..From: <a
class="moz-txt-link-rfc2396E" href="sip:951******@10.0.1.13"
moz-do-not-send="true"><sip:951******@10.0.1.13></a>;tag<br>
=1E6E2EA8-1F07..To: <a class="moz-txt-link-rfc2396E"
href="sip:951******@10.0.1.25" moz-do-not-send="true"><sip:951******@10.0.1.25></a>..Date:
Wed, 10 Jan 2018 09:48:50 GMT..Call-ID: <a
class="moz-txt-link-abbreviated"
href="mailto:4BD97EEF-F52211E7-86FCD6B1-F6498286@10.0.1"
moz-do-not-send="true">4BD97EEF-F52211E7-86FCD6B1-F6498286@10.0.1</a><br>
.13..Supported:
100rel,timer,resource-priority,replaces,sdp-anat..Min-SE:
1800..Cisco-Guid: 1272505031-4112650727-2225602586-380178028<br>
8..User-Agent: Cisco-SIPGateway/IOS-12.x..Allow: INVITE,
OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE,
NOTIFY, INFO, REGI<br>
STER..CSeq: 101 INVITE..Max-Forwards: 70..Timestamp:
1515577730..Contact: <a class="moz-txt-link-rfc2396E"
href="sip:951******@10.0.1.13:5060" moz-do-not-send="true"><sip:951******@10.0.1.13:5060></a>..Expires:
180..Allow-Events: t<br>
elephone-event..Supported: precondition..Content-Type:
multipart/mixed;boundary=uniqueBoundary..Mime-Version:
1.0..Content-Length: 778.<br>
...--uniqueBoundary..Content-Type:
application/sdp..Content-Disposition:
session;handling=required....v=0..o=CiscoSystemsSIP-GW-UserAge<br>
nt 2348 2527 IN IP4 10.0.1.13..s=SIP Call..c=IN IP4
10.0.1.13..t=0 0..a=rtr..m=audio 18014 RTP/AVP 8 19..c=IN IP4
10.0.1.13..a=rtpmap:8<br>
PCMA/8000..a=rtpmap:19
CN/8000..a=ptime:20....--uniqueBoundary..Content-Type:
application/x-q931..Content-Disposition: signal;handling<br>
=optional..Content-Length:
47........................l.!.951******p..951******....--uniqueBoundary..Content-Type:
application/gtd..Cont<br>
ent-Disposition:
signal;handling=optional....IAM,..PRN,isdn*,,NET5*,..USI,rate,c,3,c,1..USI,lay1,alaw..TMR,02..CPN,00,,1,9<br>
#<br>
U 10.0.1.13 -> 10.0.1.25 +60@1480:119<br>
51771525..CGN,04,,1,y,4,951******..CPC,09..FCI,,,,,,,y,..GCI,4bd8e2c7f52211e784a8001ae29a9040......--uniqueBoundary--..<br>
#<br>
U 10.0.1.25:5060 -> 10.0.1.13:52734<br>
SIP/2.0 100 Trying..Via: SIP/2.0/UDP
10.0.1.13:5060;rport=52734;branch=z9hG4bKB76177B..From: <a
class="moz-txt-link-rfc2396E" href="sip:951******@10.0.1.13"
moz-do-not-send="true"><sip:951******@10.0.1.13></a>;tag=1E6E2EA8-1F0<br>
7..To: <a class="moz-txt-link-rfc2396E"
href="sip:951******@10.0.1.25" moz-do-not-send="true"><sip:951******@10.0.1.25></a>..Call-ID:
<a class="moz-txt-link-abbreviated"
href="mailto:4BD97EEF-F52211E7-86FCD6B1-F6498286@10.0.1.13..CSeq"
moz-do-not-send="true">4BD97EEF-F52211E7-86FCD6B1-F6498286@10.0.1.13..CSeq</a>:
101 INVITE..Server: Sipwise NGCP Proxy<br>
5.X..Content-Length: 0....<br>
#<br>
U 10.0.1.25:5060 -> 10.0.1.13:52734<br>
SIP/2.0 <b>403 Forbidden</b>..Via: SIP/2.0/UDP
10.0.1.13:5060;rport=52734;branch=z9hG4bKB76177B..From: <a
class="moz-txt-link-rfc2396E" href="sip:951******@10.0.1.13"
moz-do-not-send="true"><sip:951******@10.0.1.13></a>;tag=1E6E2EA8-<br>
1F07..To:
<a class="moz-txt-link-rfc2396E" href="sip:951******@10.0.1.25"
moz-do-not-send="true"><sip:951******@10.0.1.25></a>;tag=1d24a28a0bded6c40d31e6db8aab9ac6.a227..Call-ID:
<a class="moz-txt-link-abbreviated"
href="mailto:4BD97EEF-F52211E7-86FCD6B1-F6498286@10.0.1.13"
moz-do-not-send="true">4BD97EEF-F52211E7-86FCD6B1-F6498286@10.0.1.13</a>..<br>
CSeq: 101 INVITE..Server: Sipwise NGCP Proxy
5.X..Content-Length: 0....</p>
<p>It is an 403 error directly, no auth challenge for the invite
407 is sent previously.<br>
</p>
<p>Thank you very much.<br>
</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Spce-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Spce-user@lists.sipwise.com">Spce-user@lists.sipwise.com</a>
<a class="moz-txt-link-freetext" href="https://lists.sipwise.com/listinfo/spce-user">https://lists.sipwise.com/listinfo/spce-user</a>
</pre>
</blockquote>
<br>
</body>
</html>