SIP Trunk

[FredR]

First of all, hi everyone!  I'm a sysadmin/network engineer and big nerd.  I've worked at a telco/ISP in the past and know a little about VoIP stuff.

Currently I work in an IT dept and we have a Mitel 3300 ICP.  We want to setup SIP Trunking to a provider, who does not do registration.  Instead, they have ACLs on their firewall which only allows our IP address in.

I keep getting 403 Forbidden errors on the Proxy Authentication.  The provider says this below (when he says "his", he means mine):


His authentication string looks like this:
Proxy-Authorization: Digest username="xxxxxxxxxx",
realm="packet8.net", algorithm=md5,
uri="sip:xxxxxxxxxxx@192.84.16.18:5060",
nonce="xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
response="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
cnonce="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xx",nc=xxxxxxxx


Everyone elses looks like this:
Proxy-Authorization: Digest username="xxxxxxxxxx",
realm="packet8.net", algorithm=MD5,
uri="sip:xxxxxxxxxxx@eps1.packet8.net",
nonce="xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
response="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", opaque=""

We do not appear to support 'nonce' or 'nc'
I would reccomend disabling these authentication methods.


...

as far as I knew the cnonce and nc parts were part of the process.  Anyone else run into this issue?  Oh, and we're only concerned with outbound calls at the moment.  Our Mitel tech has programmed a certain number to go out over the SIP trunk.  We're going to try the service on a provisional basis... if it works, we'll go with it.  It hasn't worked yet.  I'm doing captures on a Cisco firewall, and dumping the output to wireshark.

I just don't see that many options related to digest authentication.

[ralph]

I didn't realize that Packet8 was doing SIP trunking.
Your vendor can contact Mitel on this one to have them do interop testing through their "SIP Center of Exelence".
They're actually woring hard to test with various providers so they can set up How-to's. 
There may actually be a how-to for Packet8.   Have your vendor check.   If not, have them request Mitel do one.

Ralph

[FredR]

Ralph,

 Thanks for the response!  So far, packet8 (or 8x8 as they've changed their name to) doesn't have a specific howto for Mitel.  I was reading different dev channels for places like asterisk (I'm in some other forums/chatrooms with some of the digium guys) and it appears the SIP stack Mitel uses is either a) a different implementation or what I believe b) a newer SIP stack than theirs.

 Either way, I have a conference bridge and web session setup, going to get Mitel's engineers on there as well as 8x8's.  We're in EST, they're in PST, so it's just a matter of coordinating.  Both parties have been fantastic to work with, the web/screen sharing session (through our Mitel equipment btw) should clear up any and all confusions about what I'm seeing or configuration.

[FredR]

Ok, it's important to note that 8x8's SIP implementation looks like a bit of proprietary code and some of the Java "JAIN" API.  It's also important to note, it's not that there's an RFC compliance issue with SIP, but rather md5 digest authentication (which works practically the same way with http).  So if I were one of their devs, I would be looking at the MD5 routines, not necessarily the SIP routines.