First of all, hi everyone! I'm a sysadmin/network engineer and big nerd. I've worked at a telco/ISP in the past and know a little about VoIP stuff.
Currently I work in an IT dept and we have a Mitel 3300 ICP. We want to setup SIP Trunking to a provider, who does not do registration. Instead, they have ACLs on their firewall which only allows our IP address in.
I keep getting 403 Forbidden errors on the Proxy Authentication. The provider says this below (when he says "his", he means mine):
His authentication string looks like this:
Proxy-Authorization: Digest username="xxxxxxxxxx",
realm="packet8.net", algorithm=md5,
uri="sip:xxxxxxxxxxx@192.84.16.18:5060",
nonce="xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
response="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
cnonce="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xx",nc=xxxxxxxx
Everyone elses looks like this:
Proxy-Authorization: Digest username="xxxxxxxxxx",
realm="packet8.net", algorithm=MD5,
uri="sip:xxxxxxxxxxx@eps1.packet8.net",
nonce="xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
response="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", opaque=""
We do not appear to support 'nonce' or 'nc'
I would reccomend disabling these authentication methods.
...
as far as I knew the cnonce and nc parts were part of the process. Anyone else run into this issue? Oh, and we're only concerned with outbound calls at the moment. Our Mitel tech has programmed a certain number to go out over the SIP trunk. We're going to try the service on a provisional basis... if it works, we'll go with it. It hasn't worked yet. I'm doing captures on a Cisco firewall, and dumping the output to wireshark.
I just don't see that many options related to digest authentication.