• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

407 Proxy Authentication Required - Phone through VPN

Status
Not open for further replies.

eQDoBBs

Forum User
Joined
Aug 14, 2012
Messages
38
Reaction score
3
Hi,

I have 3 home workers each with a site to site VPN connection. At each site is a PC and Grandstream phone (2000 or 2020). The VPN is running, the PC can connect through and I have confirmed that registration packets are hitting the 3CX server.

One out of the 3 phones is working. It registers successfully and makes calls without issue. The other 2 have the same issue, where it does not do the second pass registration. The packet trace is showing that it just cycles through the registration request and 3CX responds with 407 Proxy Authentication Required.:

Code:
REGISTER sip:172.16.1.10 SIP/2.0
Via: SIP/2.0/UDP 172.16.2.202:5060;branch=z9hG4bKf942e81e7b07a2ef
From: "phone1" <sip:[email protected]>;tag=706d6ad0fd91f0a9
To: <sip:[email protected]>
Contact: <sip:[email protected]:5060;transport=udp>
Supported: path
Call-ID: [email protected]
CSeq: 10001 REGISTER
Expires: 3600
User-Agent: Grandstream GXP2000 1.1.6.16
Max-Forwards: 70
Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE,UPDATE,PRACK,MESSAGE
Content-Length: 0

SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 172.16.2.202:5060;branch=z9hG4bKf942e81e7b07a2ef
Proxy-Authenticate: Digest nonce="414d535c07ca174e45:40d788785283a4fe3b5c10e2be01c2af",algorithm=MD5,realm="3CXPhoneSystem"
To: <sip:[email protected]>;tag=e853061e
From: "phone1"<sip:[email protected]>;tag=706d6ad0fd91f0a9
Call-ID: [email protected]
CSeq: 10001 REGISTER
User-Agent: 3CXPhoneSystem 11.0.28976.849 (28862)
Content-Length: 0

I have checked (quadruple checked) the Grandstream settings and they are configured exactly the same except for the User ID and passwords obviously. i have also got the user to install the android client on his phone and connect from home and using the same account settings is able to connect successfully.

I am thinking this may be a natting issue, as the android has the Nat helper option.

Any help is much appreciated.

thanks

Mark
 
NAT should not be an issue if the site-to-site is online.. can confirm by pinging the handset from the PBX.
Unclear, but would expect a firewall's SIP ALG to "not" interfere if the destination is over the VPN.. aka the PBX's LAN address.
 
Hi,

To add to this, I have also tried the provision method and while the template gets picked up and processed (confirmed by the fact that the settings on the phone update, screen display changes etc.) it still fails with the same error.

I do not believe it is related to the firewall, as another site works fine and on a site with a grandstream phone that fails an Android based client connects fine.

This is why I have turned to these forums, as I am missing something (maybe very obvious) as to why these two phones are not registering.

thanks

Mark
 
I don't know that the Android is a valid comparison. You did not mention if the Android is connecting via the cell carrier or if through a Wi-Fi and, if Wi-Fi, how the Wi-Fi integrates into or not with the VPN.

If possible, you might take the working phone to one or both of the other locations and see how it reacts. If it works, then it tends to suggest that the VPN set-up is likely not the issue.

You might also bring the (non-working) phones back to the local office and 1) ensure that they have updated firmware, 2) do a factory reset, and 3) provision them from 3CX while (not manually) local and ensure they work before moving back out remotely. Do this such that both of the phones having issues are connected at the same time and tested.

Try the above and see. We made need to see more of the log and with both the working and non-working. At the moment, there is something about the credentials that 3CX does not like.
 
I didn't see anyone else mention it, but did you confirm that for the two phones that are not working properly, you've cleared the 'Disallow use of extension outside of the LAN'?
 
Yes, sorry I should have pointed out that this setting had been cleared.

Rather oddly one of the phones is now working. All that I did was perform a factory reset and use the provision method (again). It didnt work immediately, but miraculously about an hour after the reset and provision it registered successfully. This in itself does not make any sense (at least to me).

I have not had a chance to perform the same procedure on the other phone yet.
 
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Forum statistics

Threads
141,633
Messages
748,966
Members
144,752
Latest member
matchofficees
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.