REFER request uses IP address in "From" URI

Anonymous · ‎11-09-2018

I've tested transfer (REFER) from a VVX running firmware 5.6.0.17325 against reSIProcate / reConServer. One of the main aims of the testing is validation of mutual TLS authentication using the client certificate from the phone.

It is noticed that the INVITE message and REFER message from this phone have different "From" addresses. In particular, when a REFER message is sent,

- the From URI is (user from address)@(IP address);transport=tls

- the Referred-by URI appears to be correct though, a logical address with a domain instead of IP

The From URI should probably be the same as the Referred-by URI.

In the INVITE request from the same phone, the From URI is correct

Example of the bad From URI in a REFER:

From: "5007" <sip:phone7@192.168.1.48:35376;transport=tls>;tag=ABCDEFG

Expected:

From: "5007" <sip:phone7@example.org;transport=tls>;tag=ABCDEFG

Spec:

https://tools.ietf.org/html/rfc3261#section-8.1.1.3

   The From header field indicates the logical identity of the initiator
   of the request, possibly the user's address-of-record.  Like the To
   header field, it contains a URI and optionally a display name.  It is
   used by SIP elements to determine which processing rules to apply to
   a request (for example, automatic call rejection).  As such, it is
   very important that the From URI not contain IP addresses or the FQDN
   of the host on which the UA is running, since these are not logical
   names.

This is particularly important in mutual TLS deployments because authorization checks are performed on the URIs to see if they match the domain permitted for the certificate. reSIProcate considers domains in the certificate and also a white list of domains permitted for each MAC address.

SteffenBaierUK · ‎11-09-2018

Hello @pocock,

welcome back to the Polycom Community.

First of all 5.6.0 is no longer supported. We only support the current Software aka 5.8.1 -1 which would be 5.8.0

If you insist on using 5.6.x you should use 5.6.4 instead.

If this is still the same issue please report this into Polycom via the Support Portal.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN

Create an account on the HP Community to personalize your profile and ask a question