N95 SIP/VoIP calls

[davidstoll]

I would like to use the built in SIP functions in my N95, but for some reason, I can't get it to work. I don't want to use fring because all the traffic (even if you have your own VoIP system) routes the traffic through the fring server...not cool.

My company is using an Asterisk VoIP PBX and I can't seem to get a successful registration. "Registering to service" then I get "Unable to register to service".

I've seen lots of places where people claim that they have the "correct settings" to setup your phone, but they are all a little bit different and I just can't seem to get it to work.

Profile name: VoIP
Service profile: IETF?
Public user name: XXXXX@VoIP server IP address
Use compression: No
Registration: When needed
Use security: No

Proxy server address: VoIP server IP address
Realm: VoIP server IP address
User name: XXXXX
Allow loose routing: Yes
Transport type: Auto
Port: 5060

Proxy server address: VoIP server IP address
Realm: ?
User name: XXXXX
Allow loose routing: Yes
Transport type: UDP (Auto did not work for me)
Port: 5060

I have been sniffing the packets and I see a 401 Unauthorized error. The Asterisk people are saying that that is a "challenge" and the phone should try again with the correct key and should then go through....which is exactly what my soft phone does on my PC (I also get the 401 error with that program).

Here is their response...
The usual reason for a 401 is that Authentication is required. The initial REGISTER message is sent a 401 with the Challenge for Athentication embedded. If the phone responds with the proper key, embedded in a second REGISTER message, then the EP is accepted. If the Nokia is not responding to the Challenge, then you need to fix its settings.

Any suggestions would be much appreciated!

[juhanak]

Hi,
Your SIP profile's registrar server realm might be wrong. You can copy the correct realm value from 401 message's WWW-authenticate header.

[davidstoll]

Hi,
Your SIP profile's registrar server realm might be wrong. You can copy the correct realm value from 401 message's WWW-authenticate header.

Thanks for the response. I do have the realm that the sniffer program shows me. I've even tried the actual IP associated with it. However, I don't believe it means much because it hasn't really been setup on the system. What exactly does the realm do?

[juhanak]

RFC 2617 says:
"A string to be displayed to users so they know which username and password to use. This string should contain at least the name of the host performing the authentication and might additionally indicate the collection of users who might have access. An example might be "registered_users@gotham.news.com"."

Service provider should set an unique string as a realm. On a client side nonce(received from server), realm, username and password are used to calculate the response which is then sent via new REGISTER message.

Some SIP Client implementations don't require you to set the realm value (like X-lite). These clients use incoming value (value from 401 message).

Nokia's implementation checks that received realm value (in 401 message) and the value in sip settings are equal. If values differ, SIP client won't send a new REGISTER message and registering fails..

[davidstoll]

WOW! You really know your stuff! Are you watching me?
I am using a sniffer program with X-Lite to watch the differences, so the X-lite info was also helpful.

The only thing I don't understand is why the differences? i.e. Is there not a clear standard way of doing things (like the 401 challenge)? Is there a security reason for doing it one way over the other...or is it that X-Lite (or something similar) tries to just make it as simple as possible?

Thank you so much!

RFC 2617 says:
"A string to be displayed to users so they know which username and password to use. This string should contain at least the name of the host performing the authentication and might additionally indicate the collection of users who might have access. An example might be "registered_users@gotham.news.com"."

Service provider should set an unique string as a realm. On a client side nonce(received from server), realm, username and password are used to calculate the response which is then sent via new REGISTER message.

Some SIP Client implementations don't require you to set the realm value (like X-lite). These clients use incoming value (value from 401 message).

Nokia's implementation checks that received realm value (in 401 message) and the value in sip settings are equal. If values differ, SIP client won't send a new REGISTER message and registering fails..

[juhanak]

Hi,
Good question. In my opinion Nokia's approach makes sense so client doesn't send a new REGISTER message in vain if the incoming realm value is wrong. I can't point any standard though

Neither client (xlite,nokia) actually leak the credential information because only the hash value of username and password is sent to the server so there can't be a fake server in the middle which collects credentials. So it's not security issue.

[davidstoll]

I know this is an old thread, but I had the same issue after I upgraded my firmware on my N95.

To summarize...(because it's easy to forget some of the minor details after time has passed)

The Realm is CRITICAL! The N95 needs it to be manually entered and other programs seem to pick it up from the 401 error...yes, even my X-Lite gets a 401 error, but then keeps plowing through because it automatically uses the Realm that is sent back in the 401 error. N95 does not seem to do this.
If you aren't able to register (I am going to assume your username and password are correct), find the correct Realm by running Wireshark and look for the 401 error (using the N95 or X-Lite or whatever). In that error, you will see what Realm it is expecting. In my case, it was the same value as what I had after the @ in the username.

There are other postings in other forums that recommend you to download some kind of "advanced settings" sis program to enable SIP features...well, that is a bunch of crap. Yes, it gives you control over advanced features (default ports, QoS, etc), but it isn't necessary for a normal setup.

Thanks again Juhanak!

[traud]

Yes, the REALM is a problem for far too many S60. If I recall correctly, this got fixed in Nokia VoIP/SIP Release 3 (for newer phones). However, if your VoIP provider does not use the Download- or SMS-configuration methods and you are forced to edit your profile manually, the advanced settings are useful. Otherwise, you are not able to call over W-CDMA (UMTS, 3G) and caller identification is turned off, or?

[tinodj1]

I would like to ask you if someone can help me with this:

http://discussion.forum.nokia.com/fo...017#post810017

Maybe the problem is not related - but it seems to me that maybe you have enough knowledge on this topic to help me.

I would be thankful for any help.