I have to ask You for little help. Look at shit scheme:
- Asterisk1 Asterisk2 Asterisk 1 (again!)
I get 401 Unathorized from Asterisk2, but
when I use this scenario: - Asterisk2 Asterisk 1
it works ok.
Does first scenario has a chance to work?
Asterisk is a back to back user agent, so the SIP protocol does not know about the third system.
401 is not an error. It is normal behaviour if you specify a secret and don’t specify insecure=invite.
Every asterisk box was set in sip.conf on both servers as a peer. I use only 2 systems:
- Asterisk1 <-> Asterisk2 <-> Asterisk1 (again!)
Asterisk will only look at two of these at a time, so will not know that that the call is looped back at the SIP signalling stage.
Ok, so why I get 401? I though it was due to loop.
Because you have specified a secret.
Asterisk will always send 401 for REGISTER, if there is a secret configured, and will always send it for INVITE, if there is a secret configured and insecure is not set to invite.
If 401 is not sent, the peer will not be authenticated.
Note that you may have problems if you use type=friend, as Asterisk will then do a user match before a peer match. This means that a call being returned to the originating machine may be treated as having come from the originating device and not the “trunk”, because the caller ID matches the sip.conf entry for the originating device.
You should only use type=friend if you really know you need it. Normal configurations should use type=peer, even though most examples posted here do not.
You can also avoid such false matches by using Fromuser and sendrpid. but, as type=friend has security risks, you should normally just use type=peer.
Ok, it makes sense. You wrote: “call being returned to the originating machine may be treated as having come from the originating device and not the “trunk”, because the caller ID matches the sip.conf entry for the originating device.” - it’s really heappenning on this box. Thank You!