VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
universe at truemetal.org
Guest
|
 Posted: Sat Aug 29, 2020 3:39 pm Post subject: [asterisk-users] 401 Unauthorized when originating SIP user |
 |
|
Hi list!
I'm trying to make a SIP test call from Bria and/or 3CXPhone from a PC
behind NAT.
From Bria/3CXPhone I connect to an Asterisk 11.25.0 server on the
internet at 100.100.94.210 with a SIP account "3333" created in sip.conf:
[3333]
type=friend
secret=something
host=dynamic
nat=yes
qualify=no
disallow=all
allow=alaw
allow=ulaw
canreinvite=no
context=voipin
I dial +1234 which goes to remote-server:
exten => +1234,1,Dial(SIP/${EXTEN}@remote-server)
On remote-server (IP: 100.100.92.16), which is running Asterisk 10.7.1,
I have the following entry for 100.100.94.210 in sip.conf:
[incoming-server]
host=100.100.94.210
type=peer
insecure=port,invite
context=voipin
disallow=all
allow=alaw
canreinvite=no
dtmfmode=rfc2833
However, there's also a SIP account "3333" on that same server:
[3333]
type=friend
secret=something
host=dynamic
nat=yes
qualify=no
disallow=all
allow=alaw
allow=ulaw
canreinvite=no
context=voipin
When I make that call I get "401 Unauthorized" from remote-server. When
I modify the username on 100.100.94.210 to "4444" or anything else that
doesn't exist on 100.100.92.16, the call connects.
tcpdump:
100.100.94.210.5060 > 100.100.92.16.5060: SIP, length: 839
INVITE sip:+1234@100.100.92.16 SIP/2.0
Via: SIP/2.0/UDP 100.100.94.210:5060;branch=z9hG4bK0aa2c03b
Max-Forwards: 70
From: <sip:3333@100.100.94.210>;tag=as14990327
To: <sip:+1234@100.100.92.16>
Contact: <sip:3333@100.100.94.210:5060>
Call-ID: 6c33aa196f7a2c206a6b50a27b6a23d6@100.100.94.210:5060
CSeq: 102 INVITE
User-Agent: Asterisk PBX 11.25.0
Shouldn't Asterisk check first for IP-based authentication and ignore
the From: part? In my case, use only the "incoming-server" peer.
Let's imagine remote-server would receive SIP calls which originate from
the PSTN... and the originating caller somewhere in the world uses
"3333" as username/CLI so that it makes it into the "From: sip:....@"
part. That call would also get rejected with 401 Unauthorized if I'm not
mistaken?
Is there a switch I'm missing?
Thank you, as always!
Markus
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
 |
jcolp at sangoma.com
Guest
|
| Posted: Sun Aug 30, 2020 5:31 am Post subject: [asterisk-users] 401 Unauthorized when originating SIP user |
|
|
On Sat, Aug 29, 2020 at 5:39 PM Markus <universe@truemetal.org (universe@truemetal.org)> wrote:
<snip>
| Quote: |
Shouldn't Asterisk check first for IP-based authentication and ignore
the From: part? In my case, use only the "incoming-server" peer.
Let's imagine remote-server would receive SIP calls which originate from
the PSTN... and the originating caller somewhere in the world uses
"3333" as username/CLI so that it makes it into the "From: sip:....@"
part. That call would also get rejected with 401 Unauthorized if I'm not
mistaken?
Is there a switch I'm missing?
|
chan_sip has a fixed matching order where From based occurs first, there's no option to change that. The chan_pjsip module made this ordering configurable.
--
Joshua C. Colp
Asterisk Technical Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
