[Spce-user] inbound peer forbidden
Daniel Grotti
dgrotti at sipwise.com
Wed Jan 10 05:20:48 EST 2018
Hi,
you have to add, at leas, 1 entry (empty rule, if you don't need inbound
rules) in your INBOUND PEERING RULES, otherwise the calls will be
rejected with 403.
Daniel
On 01/10/2018 10:58 AM, pushakk wrote:
>
> Hello everyone,
>
> I'm testing SPCE with two diferents MGW devs (CISCO and DIGIUM EPIGY).
>
>
> T1 ---------------- GW (Cisco or epygi) ---------------- spce
> -------------------------- asterisk
>
>
> Cisco 10.0.1.13
> epygi 10.0.1.21
>
> spce 10.0.1.25
> asterisk 10.0.1.20
>
> I have configured a peering test group with two peering servers and I
> can enable or disable each one in convenience. I have configured an
> outbound peering rule and an inbound peergin rule matching 'To domain:
> 10.0.1.25' (it's working with epygi so i don't think it could be the
> problem on CISCO).
>
> With epigy, I can register my spce against a sip_tunnel epygi
> configuration using the register in
> /etc/ngcp-config/templates/etc/ngcp-sems/etc/reg_agent.conf.tt2. Once
> registered, I can both receive and make calls without any problem.
>
> However with CISCO I can't find the way to register the peer. Even so,
> I can make outbound calls but the inbound calls are being rejected by
> spce with 403 Forbidden error message. Is it mandatory to register
> against the peer server? In the spce doc don't talk anything about that.
>
> The log in lb and proxy are
>
> First in lb the invite arrive and it is redirect to proxy
>
> Jan 10 02:16:21 sip lb[26841]: NOTICE: <script>: New request on lb -
> M=INVITE R=sip:951******@10.0.1.25:5060 F=sip:620******@10.0.1.13
> T=sip:951******@10.0.1.25 IP=udp:10.0.1.13:58574
> ID=F54750FA-F4DA11E7-836FD6B1-F6498286 at 10.0.1.13
> UA='Cisco-SIPGateway/IOS-12.x'
>
> Jan 10 02:16:21 sip lb[26841]: NOTICE: <script>: *Relaying request,
> du='sip:127.0.0.1:5062'*, fs='udp:127.0.0.1:5060' -
> R=sip:95******@10.0.1.25:5060
> ID=F54750FA-F4DA11E7-836FD6B1-F6498286 at 10.0.1.13
> UA='Cisco-SIPGateway/IOS-12.x'
>
> In proxy I have the error
>
> Jan 10 09:44:31 sip proxy[21316]: NOTICE: <script>: Call from PSTN -
> R=sip:951******@10.0.1.25:5060
> ID=90A0BD28-F51911E7-85C1D6B1-F6498286 at 10.0.1.13
> UA='Cisco-SIPGateway/IOS-12.x'
>
> Jan 10 09:44:31 sip proxy[21316]: NOTICE: <script>: *No matching
> inbound peer rule in any peering group, rejecting call* -
> R=sip:951******@10.0.1.25:5060
> ID=90A0BD28-F51911E7-85C1D6B1-F6498286 at 10.0.1.13
> UA='Cisco-SIPGateway/IOS-12.x'
>
> And finally the lb return 403 Forbidden to Cisco
>
> Jan 10 02:16:22 sip lb[26862]: NOTICE: <script>: Reply from Inbound -
> S=100 - Trying M=INVITE IP=udp:127.0.0.1:5062
> ID=F58C4827-F4DA11E7-8376D6B1-F6498286 at 10.0.1.13 UA='<null>'
>
> Jan 10 02:16:22 sip lb[26862]: NOTICE: <script>: Sending reply,
> fs='udp:10.0.1.25:5060' -
> ID=F58C4827-F4DA11E7-8376D6B1-F6498286 at 10.0.1.13 UA='<null>'
>
> Jan 10 02:16:22 sip lb[26858]: NOTICE: <script>: Reply from Inbound -
> *S=403 - Forbidden* M=INVITE IP=udp:127.0.0.1:5062
> ID=F58C4827-F4DA11E7-8376D6B1-F6498286 at 10.0.1.13 UA='<null>'
>
> I have readed a few times the spce doc about peering but it is poor. I
> don't know if the "no matching inbound peer rule" is causing the 403
> forbidden or if the forbidden is causing the "not matching inbound
> peer rule".
>
> The traffic betwen Cisco GW and spce:
>
> U 10.0.1.13:52734 -> 10.0.1.25:5060
> INVITE sip:951******@10.0.1.25:5060 SIP/2.0..Via: SIP/2.0/UDP
> 10.0.1.13:5060;branch=z9hG4bKB76177B..From: <sip:951******@10.0.1.13>;tag
> =1E6E2EA8-1F07..To: <sip:951******@10.0.1.25>..Date: Wed, 10 Jan
> 2018 09:48:50 GMT..Call-ID: 4BD97EEF-F52211E7-86FCD6B1-F6498286 at 10.0.1
> .13..Supported:
> 100rel,timer,resource-priority,replaces,sdp-anat..Min-SE:
> 1800..Cisco-Guid: 1272505031-4112650727-2225602586-380178028
> 8..User-Agent: Cisco-SIPGateway/IOS-12.x..Allow: INVITE, OPTIONS,
> BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGI
> STER..CSeq: 101 INVITE..Max-Forwards: 70..Timestamp:
> 1515577730..Contact: <sip:951******@10.0.1.13:5060>..Expires:
> 180..Allow-Events: t
> elephone-event..Supported: precondition..Content-Type:
> multipart/mixed;boundary=uniqueBoundary..Mime-Version:
> 1.0..Content-Length: 778.
> ...--uniqueBoundary..Content-Type:
> application/sdp..Content-Disposition:
> session;handling=required....v=0..o=CiscoSystemsSIP-GW-UserAge
> nt 2348 2527 IN IP4 10.0.1.13..s=SIP Call..c=IN IP4 10.0.1.13..t=0
> 0..a=rtr..m=audio 18014 RTP/AVP 8 19..c=IN IP4 10.0.1.13..a=rtpmap:8
> PCMA/8000..a=rtpmap:19
> CN/8000..a=ptime:20....--uniqueBoundary..Content-Type:
> application/x-q931..Content-Disposition: signal;handling
> =optional..Content-Length:
> 47........................l.!.951******p..951******....--uniqueBoundary..Content-Type:
> application/gtd..Cont
> ent-Disposition:
> signal;handling=optional....IAM,..PRN,isdn*,,NET5*,..USI,rate,c,3,c,1..USI,lay1,alaw..TMR,02..CPN,00,,1,9
> #
> U 10.0.1.13 -> 10.0.1.25 +60 at 1480:119
> 51771525..CGN,04,,1,y,4,951******..CPC,09..FCI,,,,,,,y,..GCI,4bd8e2c7f52211e784a8001ae29a9040......--uniqueBoundary--..
> #
> U 10.0.1.25:5060 -> 10.0.1.13:52734
> SIP/2.0 100 Trying..Via: SIP/2.0/UDP
> 10.0.1.13:5060;rport=52734;branch=z9hG4bKB76177B..From:
> <sip:951******@10.0.1.13>;tag=1E6E2EA8-1F0
> 7..To: <sip:951******@10.0.1.25>..Call-ID:
> 4BD97EEF-F52211E7-86FCD6B1-F6498286 at 10.0.1.13..CSeq: 101
> INVITE..Server: Sipwise NGCP Proxy
> 5.X..Content-Length: 0....
> #
> U 10.0.1.25:5060 -> 10.0.1.13:52734
> SIP/2.0 *403 Forbidden*..Via: SIP/2.0/UDP
> 10.0.1.13:5060;rport=52734;branch=z9hG4bKB76177B..From:
> <sip:951******@10.0.1.13>;tag=1E6E2EA8-
> 1F07..To:
> <sip:951******@10.0.1.25>;tag=1d24a28a0bded6c40d31e6db8aab9ac6.a227..Call-ID:
> 4BD97EEF-F52211E7-86FCD6B1-F6498286 at 10.0.1.13..
> CSeq: 101 INVITE..Server: Sipwise NGCP Proxy 5.X..Content-Length: 0....
>
> It is an 403 error directly, no auth challenge for the invite 407 is
> sent previously.
>
> Thank you very much.
>
>
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20180110/64858c74/attachment-0001.html>
More information about the Spce-user
mailing list