Re: [Ekiga-list] security check failed
- From: Jānis Rukšāns <thedogfarted gmail com>
- To: Ekiga mailing list <ekiga-list gnome org>
- Subject: Re: [Ekiga-list] security check failed
- Date: Tue, 8 Feb 2011 13:58:08 +0200
On Wed, Feb 2, 2011 at 5:14 PM, Jan Teichmann
<jan teichmann googlemail com> wrote:
> I have a problem using Ekiga. I set-up an ekiga.net account and calling
> the echo service works fine.
>
> When I try to call a SIP uri I get the message "security check failed"
>
> From the log I get:
>
> SIP/2.0 403 No relaying
> CSeq: 1 INVITE
> Via: SIP/2.0/UDP
> 10.62.***.***:5060;branch=z9hG4bKe284eb70-4b2d-e011-9824-***;rport=5060
> Server: Sip EXpress router (0.9.7 (i386/linux))
> From: "Jan Teichmann"
> <sip:jan@10.62.***.***:5060>;tag=0e40d770-4b2d-e011-9824-***
> Call-ID: 4c48d770-4b2d-e011-9824-001cbf3d1cf3@fedora14
> To: <sip:***@bluesip.de>;tag=0354a2e1b960c9cc2279eca4e5f84e20.7c75
> Warning: 392 217.74.***.***:5060 "Noisy feedback tells: pid=28716
> req_src_ip=80.71.***.*** req_src_port=5060 in_uri=sip:***@bluesip.de
> out_uri=sip:***@bluesip.de via_cnt==1"
> Content-Length: 0
>
>
> what does that mean and how can I fix that?
It depends on who are you calling and what is your setup. Do you have
a bluesip.de account configured? Are you using an outbound proxy
(doesn't seem so - no Route headers)? Is the number you are trying to
call a PSTN number or a SIP address? Did the server asked to
authenticate before giving that 403 (given the CSeq value of 1 I guess
no)?
403 Forbidden is usually returned when the call fails to meet security
restrictions on the other end (hence "security check failed" in the
GUI), eg, you are trying to call a PSTN number but your account
doesn't allow PC to phone calls. Also, many test numbers (echo test
etc) are usually restricted to the customers of the SIP provider in
question, regardless of whether it's free VoIP only, or offers PC to
phone calls.
"No relaying" instead of the usual "Forbidden" in the response kind-of
implies that the server giving you the 403 thinks that you are trying
to use it as a relay, that is, the callee is outside of it's
administrative domain. This is forbidden by some SIP providers.
One thing of notice in the above log snippet is that there is an IP
address in the From: address. Some SIP providers use the From: address
in addition to authentication for access checks. Which is a bit silly
as From is not required to contain a SIP address at all and is trivial
to fake. In your case, it could be that the proxy expects from to
contain something like sip:jan bluesip de as the From address, that
is, for you to have a bluesip.de account.
So, in short, there are many options of what's the problem. If you're
just trying to call someone who has a bluesip.de account, I suggest
you to ask that person to complain to bluesip.de that he/she is not
reachable for users using other SIP providers. Heck, it should work
with no provider at all.
Cheers,
---
Ian
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]