[OpenSIPS-Users] FW: Re: 401 Unauthorized after Authentication Digest

David Peláez dvlux4 at gmail.com
Tue Jun 6 08:38:58 EDT 2017


Hi John.

I configured "secure=INVITE" but the same behaivor continue. Also the
extensions on Asterisk server are pjsip and the trunk is chan_sip, could it
be the problem why the calls aren't reching the SIPphone? Or some problem
between the ports the servers are listen to?
I just have one peer defined which is the one I am sending the calls.

And now I have seen this error on Asterisk server:

[2017-06-06 10:58:20] NOTICE[3601] res_pjsip/pjsip_distributor.c: Request
'INVITE' from '"501" <sip:2000 at 192.168.1.12>' failed for '192.168.1.12:5060'
(callid: 880692485-17367-10 at BJC.BGI.B.C) - No matching endpoint found
[2017-06-06 10:58:20] NOTICE[3601] res_pjsip/pjsip_distributor.c: Request
'INVITE' from '"501" <sip:2000 at 192.168.1.12>' failed for '192.168.1.12:5060'
(callid: 880692485-17367-10 at BJC.BGI.B.C) - No matching endpoint found
[2017-06-06 10:58:20] NOTICE[3601] res_pjsip/pjsip_distributor.c: Request
'INVITE' from '"501" <sip:2000 at 192.168.1.12>' failed for '192.168.1.12:5060'
(callid: 880692485-17367-10 at BJC.BGI.B.C) - Failed to authenticate

What does it means?

Best regards
David


2017-06-02 12:20 GMT+02:00 John Quick <john.quick at smartvox.co.uk>:

> Hi David,
>
> In asterisk, "insecure=INVITE" should be sufficient to disable
> authentication, although I have only tried it using chan_sip, not pjsip.
> Is it possible you have another sip peer defined where the address for
> "host=" is the same? It is very difficult to know which one Asterisk will
> use for incoming calls when there are two with the same address for host.
> If you have parameters for username and secret in your sip peer, try
> commenting them out and see if that helps.
>
> I would not advise disabling authentication of SIP phones. In fact you
> should make sure you always use strong passwords.
> All makes of SIP phone will support username/password authentication and
> it is vital to keep it active if you don't want your phone system to be
> hacked.
> However, you should add this line to opensips.cfg after the SIP phone
> authentication section (www_authorize) and before you send the call to
> Asterisk (t_relay):
>
> consume_credentials();
>
> This will remove the headers that OpenSIPS and the SIP phone exchanged for
> authentication. If you don't remove those headers, Asterisk is likely to
> get confused and may request authorisation.
>
> The consume_credentials function is documented here:
> http://www.opensips.org/html/docs/modules/2.2.x/auth.html#idp5543680
>
> John Quick
> Smartvox Limited
>
>
> From: David Peláez [mailto:dvlux4 at gmail.com]
> Sent: 02 June 2017 10:56
> To: john.quick at smartvox.co.uk
> Cc: users at lists.opensips.org
> Subject: Re: FW: Re: [OpenSIPS-Users] 401 Unauthorized after
> Authentication Digest
>
> Thanks a lot for your replay. I already change the option
> "insecure=INVITE" as you suggested but I am still having the same problem.
> Find attached the peer configuration maybe I am missing something else.
> About opensips authenticating calls from SIPphones how do I disabled that
> behavior? because my opensips sends an 407 Proxy Authentication to the Sip
> phone before sending the INVITE to asterisk server.
> Best regards
> David
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170606/ead2829b/attachment.html>


More information about the Users mailing list