Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SIP client on LAN ignoring 401 Unauthorized packet

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 133 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      Zak McKracken
      last edited by Zak McKracken

      Hi Experts,

      My pfSense+ box has served me well over many years already, and being a simple setup, I can usually solve problems myself. Unfortunately not this one:

      Configuration
      The Ricoh MP C3003 printer on my LAN has a type M3 fax option card installed (don't ask why). It is configured as below:

      • Enable SIP: On
      • Enable Server: On
      • User Name: dng-0123456789
      • Server IP Address
        Proxy Server Addr. (Main): <empty>
        Proxy Server Address (Sub): <empty>
        Redirect Svr. Add. (Main): <empty>
        Redirect Svr Add. (Sub): <empty>
        Registrar Address (Main): sip.keenconnect.eu
        Registrar Address (Sub): <empty>
      • Digest Authentication: On Password: Set
      • Digest Authentication User Name: dng-0123456789

      Problem description
      The printer sends a REGISTER packet to cloud provider sip.keenconnect.eu, but it ignores the 401 packet it receives back. After a short period of time it just sends a REGISTER packet again, and the cycle repeats.

      What does work
      Using the same credentials, an old Grandstream ATA successfully connects to sip.keenconnect.eu from this LAN.

      What also works
      After setting up an Asterisk server on my workstation, with a quick & dirty configuration with the dng-0123456789 account and password, and the Registrar Address on printer changed into my workstation IP address, the printer does respond to the 401 packet and registers successfully.

      What remains
      I can't help but thinking this may be a NAT problem. It may be related to a local IP address in the 401 where a global IP address is expected, or the other way around. I have included the full Wireshark packet dumps below.

      Perhaps the siproxd package could help out here, but it has too many knobs to turn - some of which potentially dangerous - to just start trying that.

      Can anybody please help me out? It will be highly appreciated.

      Failure with cloud provider

      Frame 12035: 476 bytes on wire (3808 bits), 476 bytes captured (3808 bits) on interface eno1, id 0
Ethernet II, Src: Ricoh_88:2b:00 (00:26:73:88:2b:00), Dst: IntelCor_b4:22:f4 (40:a6:b7:b4:22:f4)
Internet Protocol Version 4, Src: 172.17.5.1, Dst: 185.42.10.100
User Datagram Protocol, Src Port: 63265, Dst Port: 5060
Session Initiation Protocol (REGISTER)
    Request-Line: REGISTER sip:sip.keenconnect.eu SIP/2.0
        Method: REGISTER
        Request-URI: sip:sip.keenconnect.eu
            Request-URI Host Part: sip.keenconnect.eu
        [Resent Packet: True]
        [Suspected resend of frame: 11810]
    Message Header
        Via: SIP/2.0/UDP 172.17.5.1;branch=z9hG4bKUns1ysLZx*LuI
            Transport: UDP
            Sent-by Address: 172.17.5.1
            Branch: z9hG4bKUns1ysLZx*LuI
        Max-Forwards: 70
        From: <sip:dng-0123456789@sip.keenconnect.eu;user=phone>;tag=30uqJfmWqB
            SIP from address: sip:dng-0123456789@sip.keenconnect.eu;user=phone
                SIP from address User Part: dng-0123456789
                SIP from address Host Part: sip.keenconnect.eu
                SIP From URI parameter: user=phone
            SIP from tag: 30uqJfmWqB
        To: <sip:dng-0123456789@sip.keenconnect.eu;user=phone>
            SIP to address: sip:dng-0123456789@sip.keenconnect.eu;user=phone
                SIP to address User Part: dng-0123456789
                SIP to address Host Part: sip.keenconnect.eu
                SIP To URI parameter: user=phone
        Call-ID: 20250501201854-T38-R-FEGUM@172.17.5.1
        [Generated Call-ID: 20250501201854-T38-R-FEGUM@172.17.5.1]
        User-Agent: RicohIAF Version 2.0
        CSeq: 1 REGISTER
            Sequence Number: 1
            Method: REGISTER
        Contact: <sip:dng-0123456789@172.17.5.1;user=phone>
            Contact URI: sip:dng-0123456789@172.17.5.1;user=phone
        Expires: 3600
        Content-Length: 0

Frame 12036: 541 bytes on wire (4328 bits), 541 bytes captured (4328 bits) on interface eno1, id 0
Ethernet II, Src: IntelCor_b4:22:f4 (40:a6:b7:b4:22:f4), Dst: Ricoh_88:2b:00 (00:26:73:88:2b:00)
Internet Protocol Version 4, Src: 185.42.10.100, Dst: 172.17.5.1
User Datagram Protocol, Src Port: 5060, Dst Port: 63265
Session Initiation Protocol (401)
    Status-Line: SIP/2.0 401 Unauthorized
        Status-Code: 401
        [Resent Packet: True]
        [Suspected resend of frame: 11811]
        [Request Frame: 11810]
        [Response Time (ms): 34891]
    Message Header
        Via: SIP/2.0/UDP 172.17.5.1;received=81.172.xxx.xxx;rport=2529;branch=z9hG4bKUns1ysLZx*LuI
            Transport: UDP
            Sent-by Address: 172.17.5.1
            Received: 81.172.xxx.xxx
            RPort: 2529
            Branch: z9hG4bKUns1ysLZx*LuI
        From: <sip:dng-0123456789@sip.keenconnect.eu;user=phone>;tag=30uqJfmWqB
            SIP from address: sip:dng-0123456789@sip.keenconnect.eu;user=phone
                SIP from address User Part: dng-0123456789
                SIP from address Host Part: sip.keenconnect.eu
                SIP From URI parameter: user=phone
            SIP from tag: 30uqJfmWqB
        To: <sip:dng-0123456789@sip.keenconnect.eu;user=phone>;tag=d1dba4fcb27e61c7ef9beb6710991c01.0e7f
            SIP to address: sip:dng-0123456789@sip.keenconnect.eu;user=phone
                SIP to address User Part: dng-0123456789
                SIP to address Host Part: sip.keenconnect.eu
                SIP To URI parameter: user=phone
            SIP to tag: d1dba4fcb27e61c7ef9beb6710991c01.0e7f
        Call-ID: 20250501201854-T38-R-FEGUM@172.17.5.1
        [Generated Call-ID: 20250501201854-T38-R-FEGUM@172.17.5.1]
        CSeq: 1 REGISTER
            Sequence Number: 1
            Method: REGISTER
        WWW-Authenticate: Digest realm="sip.keenconnect.eu", nonce="6813bb50aed2ceb75fe7c6be581db55976cdcb99"
            Authentication Scheme: Digest
            Realm: "sip.keenconnect.eu"
            Nonce Value: "6813bb50aed2ceb75fe7c6be581db55976cdcb99"
        Server: sbc1-kc-eun
        Content-Length: 0

      Success with local Asterisk server

      Frame 26520: 458 bytes on wire (3664 bits), 458 bytes captured (3664 bits) on interface eno1, id 0
Ethernet II, Src: Ricoh_88:2b:00 (00:26:73:88:2b:00), Dst: IntelCor_ce:df:74 (84:c5:a6:ce:df:74)
Internet Protocol Version 4, Src: 172.17.5.1, Dst: 172.17.14.26
User Datagram Protocol, Src Port: 65420, Dst Port: 5060
Session Initiation Protocol (REGISTER)
    Request-Line: REGISTER sip:172.17.14.26 SIP/2.0
        Method: REGISTER
        Request-URI: sip:172.17.14.26
            Request-URI Host Part: 172.17.14.26
        [Resent Packet: False]
    Message Header
        Via: SIP/2.0/UDP 172.17.5.1;branch=z9hG4bKEE4!.Ypr4WlxS
            Transport: UDP
            Sent-by Address: 172.17.5.1
            Branch: z9hG4bKEE4!.Ypr4WlxS
        Max-Forwards: 70
        From: <sip:dng-0123456789@172.17.14.26;user=phone>;tag=cx7WlRsesY
            SIP from address: sip:dng-0123456789@172.17.14.26;user=phone
                SIP from address User Part: dng-0123456789
                SIP from address Host Part: 172.17.14.26
                SIP From URI parameter: user=phone
            SIP from tag: cx7WlRsesY
        To: <sip:dng-0123456789@172.17.14.26;user=phone>
            SIP to address: sip:dng-0123456789@172.17.14.26;user=phone
                SIP to address User Part: dng-0123456789
                SIP to address Host Part: 172.17.14.26
                SIP To URI parameter: user=phone
        Call-ID: 20250501222711-T38-R-Xf7Ye@172.17.5.1
        [Generated Call-ID: 20250501222711-T38-R-Xf7Ye@172.17.5.1]
        User-Agent: RicohIAF Version 2.0
        CSeq: 1 REGISTER
            Sequence Number: 1
            Method: REGISTER
        Contact: <sip:dng-0123456789@172.17.5.1;user=phone>
            Contact URI: sip:dng-0123456789@172.17.5.1;user=phone
        Expires: 3600
        Content-Length: 0

Frame 26521: 603 bytes on wire (4824 bits), 603 bytes captured (4824 bits) on interface eno1, id 0
Ethernet II, Src: IntelCor_ce:df:74 (84:c5:a6:ce:df:74), Dst: Ricoh_88:2b:00 (00:26:73:88:2b:00)
Internet Protocol Version 4, Src: 172.17.14.26, Dst: 172.17.5.1
User Datagram Protocol, Src Port: 5060, Dst Port: 5060
Session Initiation Protocol (401)
    Status-Line: SIP/2.0 401 Unauthorized
        Status-Code: 401
        [Resent Packet: False]
    Message Header
        Via: SIP/2.0/UDP 172.17.5.1;branch=z9hG4bKEE4!.Ypr4WlxS;received=172.17.5.1
            Transport: UDP
            Sent-by Address: 172.17.5.1
            Branch: z9hG4bKEE4!.Ypr4WlxS
            Received: 172.17.5.1
        From: <sip:dng-0123456789@172.17.14.26;user=phone>;tag=cx7WlRsesY
            SIP from address: sip:dng-0123456789@172.17.14.26;user=phone
                SIP from address User Part: dng-0123456789
                SIP from address Host Part: 172.17.14.26
                SIP From URI parameter: user=phone
            SIP from tag: cx7WlRsesY
        To: <sip:dng-0123456789@172.17.14.26;user=phone>;tag=as536dd8f0
            SIP to address: sip:dng-0123456789@172.17.14.26;user=phone
                SIP to address User Part: dng-0123456789
                SIP to address Host Part: 172.17.14.26
                SIP To URI parameter: user=phone
            SIP to tag: as536dd8f0
        Call-ID: 20250501222711-T38-R-Xf7Ye@172.17.5.1
        [Generated Call-ID: 20250501222711-T38-R-Xf7Ye@172.17.5.1]
        CSeq: 1 REGISTER
            Sequence Number: 1
            Method: REGISTER
        Server: Asterisk PBX 16.2.1~dfsg-2ubuntu1
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="474e2946"
            Authentication Scheme: Digest
            Algorithm: MD5
            Realm: "asterisk"
            Nonce Value: "474e2946"
        Content-Length: 0

Frame 26522: 608 bytes on wire (4864 bits), 608 bytes captured (4864 bits) on interface eno1, id 0
Ethernet II, Src: Ricoh_88:2b:00 (00:26:73:88:2b:00), Dst: IntelCor_ce:df:74 (84:c5:a6:ce:df:74)
Internet Protocol Version 4, Src: 172.17.5.1, Dst: 172.17.14.26
User Datagram Protocol, Src Port: 65420, Dst Port: 5060
Session Initiation Protocol (REGISTER)
    Request-Line: REGISTER sip:172.17.14.26 SIP/2.0
        Method: REGISTER
        Request-URI: sip:172.17.14.26
            Request-URI Host Part: 172.17.14.26
        [Resent Packet: False]
    Message Header
        Via: SIP/2.0/UDP 172.17.5.1;branch=z9hG4bKyFe'yt7Fe~ZpO
            Transport: UDP
            Sent-by Address: 172.17.5.1
            Branch: z9hG4bKyFe'yt7Fe~ZpO
        Max-Forwards: 70
        From: <sip:dng-0123456789@172.17.14.26;user=phone>;tag=cx7WlRsesY
            SIP from address: sip:dng-0123456789@172.17.14.26;user=phone
                SIP from address User Part: dng-0123456789
                SIP from address Host Part: 172.17.14.26
                SIP From URI parameter: user=phone
            SIP from tag: cx7WlRsesY
        To: <sip:dng-0123456789@172.17.14.26;user=phone>
            SIP to address: sip:dng-0123456789@172.17.14.26;user=phone
                SIP to address User Part: dng-0123456789
                SIP to address Host Part: 172.17.14.26
                SIP To URI parameter: user=phone
        Call-ID: 20250501222711-T38-R-Xf7Ye@172.17.5.1
        [Generated Call-ID: 20250501222711-T38-R-Xf7Ye@172.17.5.1]
        User-Agent: RicohIAF Version 2.0
        CSeq: 2 REGISTER
            Sequence Number: 2
            Method: REGISTER
        Contact: <sip:dng-0123456789@172.17.5.1;user=phone>
            Contact URI: sip:dng-0123456789@172.17.5.1;user=phone
        Expires: 3600
        Authorization: Digest username="dng-0123456789",realm="asterisk",nonce="474e2946",uri="sip:172.17.14.26",response="978056ebc742ce2e170fd2e05000e01a"
            Authentication Scheme: Digest
            Username: "dng-0123456789"
            Realm: "asterisk"
            Nonce Value: "474e2946"
            Authentication URI: "sip:172.17.14.26"
            Digest Authentication Response: "978056ebc742ce2e170fd2e05000e01a"
        Content-Length: 0

Frame 26523: 635 bytes on wire (5080 bits), 635 bytes captured (5080 bits) on interface eno1, id 0
Ethernet II, Src: IntelCor_ce:df:74 (84:c5:a6:ce:df:74), Dst: Ricoh_88:2b:00 (00:26:73:88:2b:00)
Internet Protocol Version 4, Src: 172.17.14.26, Dst: 172.17.5.1
User Datagram Protocol, Src Port: 5060, Dst Port: 5060
Session Initiation Protocol (200)
    Status-Line: SIP/2.0 200 OK
        Status-Code: 200
        [Resent Packet: False]
    Message Header
        Via: SIP/2.0/UDP 172.17.5.1;branch=z9hG4bKyFe'yt7Fe~ZpO;received=172.17.5.1
            Transport: UDP
            Sent-by Address: 172.17.5.1
            Branch: z9hG4bKyFe'yt7Fe~ZpO
            Received: 172.17.5.1
        From: <sip:dng-0123456789@172.17.14.26;user=phone>;tag=cx7WlRsesY
            SIP from address: sip:dng-0123456789@172.17.14.26;user=phone
                SIP from address User Part: dng-0123456789
                SIP from address Host Part: 172.17.14.26
                SIP From URI parameter: user=phone
            SIP from tag: cx7WlRsesY
        To: <sip:dng-0123456789@172.17.14.26;user=phone>;tag=as536dd8f0
            SIP to address: sip:dng-0123456789@172.17.14.26;user=phone
                SIP to address User Part: dng-0123456789
                SIP to address Host Part: 172.17.14.26
                SIP To URI parameter: user=phone
            SIP to tag: as536dd8f0
        Call-ID: 20250501222711-T38-R-Xf7Ye@172.17.5.1
        [Generated Call-ID: 20250501222711-T38-R-Xf7Ye@172.17.5.1]
        CSeq: 2 REGISTER
            Sequence Number: 2
            Method: REGISTER
        Server: Asterisk PBX 16.2.1~dfsg-2ubuntu1
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Expires: 3600
        Contact: <sip:dng-0123456789@172.17.5.1;user=phone>;expires=3600
            Contact URI: sip:dng-0123456789@172.17.5.1;user=phone
            Contact parameter: expires=3600
        Date: Thu, 01 May 2025 20:27:13 GMT
        Content-Length: 0
      1 Reply Last reply Reply Quote 0
      • Z
        Zak McKracken
        last edited by

        Bump
        Nobody, really?

        w0wW 1 Reply Last reply Reply Quote 0
        • w0wW
          w0w @Zak McKracken
          last edited by

          @Zak-McKracken
          So it was working fine until something happened or it is some kind of new setup?

          Z 1 Reply Last reply Reply Quote 0
          • Z
            Zak McKracken @w0w
            last edited by

            @w0w Your question is a bit of an eye-opener to me, so just to be clear: This has not worked before. And yes - with some embarrassment - I am really trying to setup a fax, in 2025.

            w0wW 1 Reply Last reply Reply Quote 1
            • w0wW
              w0w @Zak McKracken
              last edited by

              @Zak-McKracken
              If the issue is suspected to be with the external IP and the Ricoh firmware, then it might be worth trying siproxd.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.