3 way authentication**NTF

Discussion in '3CX Phone System - General' started by voipshop1, Mar 19, 2011.

Thread Status:
Not open for further replies.
  1. voipshop1

    Joined:
    Jun 19, 2009
    Messages:
    21
    Likes Received:
    0
    Hi,

    telecom provider in my country for SIP trunking uses a 3 way authentication.

    Is that possibility included in ver 10 ?

    Best regards

    Nedja
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. igor.snezhko

    igor.snezhko Active Member

    Joined:
    Jan 7, 2008
    Messages:
    668
    Likes Received:
    7
    Re: 3 way authentication

    [​IMG]
     
  3. r2k

    r2k

    Joined:
    Jan 9, 2011
    Messages:
    23
    Likes Received:
    0
    Re: 3 way authentication

    Thanks for this feature!

    I've tried it with Swisscom Business Connect and was able to register. I was not able to receive calls. I also was not able to make outbound calls. I always got an Error 403: Forbidden.

    I've tried it only for a short time, I will try it later on and more specific.

    Best regards
    Marco
     
  4. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,129
    Likes Received:
    153
    Re: 3 way authentication

    YOu might need to adjust outbound parameters for this to work.

    If the registration succeeds, then all you need to do is analyze a wireshark capture and ask swiss com whats wrong and what they are expecting to see in the call flow.

    Well this is one advantage why 3CX tells its users to use supported VoIP Providers. Because the templates are adjusted as to what the VoIP Provider expects.

    If 3CX Registered correctly with the provider then all is looking good. Take a capture of an outgoing call and send it to your provider.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. r2k

    r2k

    Joined:
    Jan 9, 2011
    Messages:
    23
    Likes Received:
    0
    Re: 3 way authentication

    Hi Nicky
    thanks for your repelay.

    I will try this. It's not for a productiv enviroment, only for my personal test.

    Normally they use snoms and siemens for their hosted solution and do not support other phones... That's our swisscom :)

    I will wireshark the outgoing call of a snom and wireshark on the pbx to. So I (hopfully) can find you the difference...
     
  6. voipshop1

    Joined:
    Jun 19, 2009
    Messages:
    21
    Likes Received:
    0
    Re: 3 way authentication

    Tnx Nicky,

    here is a a samlpe log for Telecom Serbia.

    could we analyze that and help me to make a setting. that is very important for me.

    It it works we can make a biz deal with serbian telecom.


    best regards

    Nedja

    REGISTER sip:ims.telekomsrbija.com SIP/2.0
    Via: SIP/2.0/UDP 10.1.1.54:2069;branch=z9hG4bK-DF3A77D0;rport
    From: <sip:381117150228@ims.telekomsrbija.com>;tag=1747279765
    To: <sip:381117150228@ims.telekomsrbija.com>
    Call-ID: d68fd7c3e909d311b29e0090331f0425@10.1.1.54
    CSeq: 2820 REGISTER
    Contact: <sip:381117150228@10.1.1.6:2069>;expires=3600
    Content-Length: 0
    Expires: 3600
    Max-Forwards: 70


    SIP/2.0 401 Unauthorized
    Via: SIP/2.0/UDP 10.1.1.54:2069;received=10.1.1.54;branch=z9hG4bKDF3A77D0;
    rport=2069
    From: <sip:381117150228@ims.telekomsrbija.com>;tag=1747279765
    To:
    <sip:381117150228@ims.telekomsrbija.com>;tag=c355ceea05faa3d0929e1
    1ce3dfe99
    Call-ID: d68fd7c3e909d311b29e0090331f0425@10.1.1.54
    CSeq: 2820 REGISTER
    Content-Length: 0
    WWW-Authenticate: Digest
    realm="ims.telekomsrbija.com",domain="sip:ttcnserver@ims.telekomsr
    bija.com",nonce="412b94d5b16262fb829b79466a0e479a",stale=true,qop=
    "auth",algorithm=MD5
    P-Charging-Vector: icid-value=c355ceea05faa3d0929e11ce32a13b


    REGISTER sip:ims.telekomsrbija.com SIP/2.0
    Authorization: Digest
    username="381117150228@ims.telekomsrbija.com",realm="ims.telekomsr
    bija.com",nonce="412b94d5b16262fb829b79466a0e479a",response="d87cc
    fe2b97b7c94bc3e832367c5a0f7",uri="sip:ims.telekomsrbija.com",qop=a
    uth,cnonce="c79e52e0e909d311",nc=00000001,algorithm=MD5
    Via: SIP/2.0/UDP 10.1.1.54:2069;branch=z9hG4bK-DF3A77D1;rport
    From: <sip:381117150228@ims.telekomsrbija.com>;tag=1747279766
    To: <sip:381117150228@ims.telekomsrbija.com>
    Call-ID: d68fd7c3e909d311b29e0090331f0425@10.1.1.54
    CSeq: 2821 REGISTER
    Contact: <sip:381117150228@10.1.1.54:2069>;expires=3600
    Content-Length: 0
    Expires: 3600
    Max-Forwards: 70
    User-Agent: (innovaphone IP305/6.00 sr2-hotfix5 [08-
    60900.68/422/302])
    Allow-Events: reg,dialog,message-summary


    SIP/2.0 200 OK
    Via: SIP/2.0/UDP 10.1.1.54:2069;received=10.1.1.54;branch=z9hG4bKDF3A77D1;
    rport=2069
    From: <sip:381117150228@ims.telekomsrbija.com>;tag=1747279766
    To:
    <sip:381117150228@ims.telekomsrbija.com>;tag=c355ceea05faa430929e1
    1ce82e615
    Call-ID: d68fd7c3e909d311b29e0090331f0425@10.1.1.54
    CSeq: 2821 REGISTER
    Content-Length: 0
    Contact: <sip:381117150228@10.1.1.54:2069>;expires=1000
    P-Associated-URI: <sip:381117150228@ims.telekomsrbija.com>
    Authentication-Info:
    nextnonce="412b94d5b16262fb829b79466a0e479a",qop=auth,rspauth="c02
    5ae4d9e709c2452cd1b2db1db5302",cnonce="c79e52e0e909d311",nc=000000
    01
    P-Charging-Vector: icid-value=c355ceea05faa430929e11ce71d6dc
    P-Charging-Function-Addresses:
    ccf="aaa://bgemm01.ims.telekomsrbija.com:3868;transport=tcp"
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. r2k

    r2k

    Joined:
    Jan 9, 2011
    Messages:
    23
    Likes Received:
    0
    Re: 3 way authentication

    Hey Nedja,

    Code:
    ims.telekomsrbija.com
    Do they use broadsoft? Swisscom Business Connect is using a broadsoft pbx.

    Marco
     
  8. voipshop1

    Joined:
    Jun 19, 2009
    Messages:
    21
    Likes Received:
    0
    Re: 3 way authentication

    Hi Marco,

    they use ERICSSON SOFTSWITCH

    Regards

    nedja
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. r2k

    r2k

    Joined:
    Jan 9, 2011
    Messages:
    23
    Likes Received:
    0
    Re: 3 way authentication

    I found a way for incoming calls, they were in the log as:
    17:34:12.160 [CM500002]: Unidentified incoming call. Review INVITE and adjust source identification:

    I've created a source ID based on the display name.

    Only outgoing calls are not possible (yet). I found the following error message:
    Call to 123456767@(Ln.10000@BCON) has failed. [ V4 195.186.128.16:5060 UDP target domain=unspecified mFlowKey=812 ] replied: 403 Forbidden; from IP:195.186.128.16:5060


    I will look for this maybe tomorrow
     
  10. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,129
    Likes Received:
    153
    Re: 3 way authentication

    Guys -

    You will all face the same general problems we face when we are inter-operating with VoIP Providers for the first time.

    My tips are the following:

    1)First step is the registration process. Also did you try without 3 way authentication? Are these all 3 way authentication VoIP Providers or not? VoIP Providers might not tell you this straight ahead so you are left in the dark to troubleshoot.
    2)Go on the server and start wireshark. Make an attempt to make a call and see what the provider tells you in return.
    3)When you dial a number, always first try to dial a number that is one of their numbers. Example their support number. If they give you forbidden, there is a problem at sip level. You need to modify the sip message in the outbound parameters. This is simple but it can e frustrating because You do not know what the provider is expecting.
    4) Generally speaking solving incoming calls is the easiest. You can look at the server activity log and see whether traffic is coming to the server.

    Re telecom serbia and swiss. I would like to help you but I think that the first step is get one of their supported devices and see if that works. Make a capture with this and then make a capture with 3CX and see what the difference is. Contacting a telco this size might be futile unless you have a good contact.

    Let me know on progress you guys make.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.