I have created a peer between asterisk and a MVTS Pro softswitch, I need to send calls from MVTS Pro to Asterisk, I made the settings but it does not authorize the calls, returning error code SIP 401, this is the configuration of the peer in sip.conf:
[mvts]
type=peer
host=10.0.5.33
disallow=all
allow=allaw
context=mvts_in
allow=alaw
canreinvite=no
qualify=yes
insecure=port,invite
Where is the problem?
careinvite is deprecated option on new version of Asterisk, insecure=invite tell Asterisk do not require authentication of incoming INVITEs
401 is not an error.
The problem is that the service provider is not authorising to you. In practice no service provider will do this.
insecure=invite was the old way round this. insecure=port is irrelevant to this problem and should not be used if not needed for other reasons. The parameter is called insecure for a reason.
insecure=invite has no effect if you don’t have a secret.
The modern way, if you do have a secret, is to use remotesecret.
In this case, the logs will almost certainly show that you either have alwaysauthreject set and the peer doesn’t match a sip.conf entry, or you have used type=friend for local devices, and the From: header user part matches a local device name.
configure the insecure option anyway and keep failing, attach log sip:
2018/10/26 12:25:56.948958 10.0.5.33:5062 -> 10.16.1.55:5060
INVITE sip:46062000@10.16.1.55;user=phone SIP/2.0^M
Via: SIP/2.0/UDP 10.0.5.33:5062;rport;branch=z9hG4bK-3236050012-3893442009-570437553-622606413^M
From: sip:1137519550@10.0.5.33:5062;user=phone;tag=3367122012-3893442009-570437553-622606413^M
To: sip:46062000@10.16.1.55;user=phone^M
Call-ID: 5c34b2e6d93511e8b12f00224d381c25@10.0.5.33^M
CSeq: 1 INVITE^M
Contact: sip:1137519550@10.0.5.33:5062;user=phone^M
Content-Type: application/sdp^M
Allow: ACK, BYE, CANCEL, INFO, INVITE, OPTIONS, REFER, REGISTER, UPDATE^M
Max-Forwards: 70^M
User-Agent: MERA MVTS3G v.4.4.0-23a^M
Cisco-Guid: 1546869712-3644133864-2972647458-1295522853^M
Content-Length: 410^M
^M
v=0^M
o=- 1540567565 1540567565 IN IP4 10.0.5.33^M
s=-^M
c=IN IP4 10.0.5.33^M
t=0 0^M
m=audio 13080 RTP/AVP 18 96 97 98 0 8 101^M
a=rtpmap:18 G729/8000^M
a=fmtp:18 annexb=yes^M
a=rtpmap:96 G729/8000^M
a=fmtp:96 annexb=yes^M
a=rtpmap:97 G729/8000^M
a=fmtp:97 annexb=no^M
a=rtpmap:98 G729/8000^M
a=fmtp:98 annexb=no^M
a=rtpmap:0 PCMU/8000^M
a=rtpmap:8 PCMA/8000^M
a=rtpmap:101 telephone-event/8000^M
a=fmtp:101 0-15^M
a=sendrecv^M
There is not any 401 response after the INVITE request, so it is incomplete
Sorry, send the incomplete capture
Also my problem was solved, this was the problem:
“…and the From: header user part matches a local device name.”
Best regards
I use an fromuser on my trunks with remote devices to avoid this issue
It’s the inbound From header that cause the match problem. fromuser only affects the outbound one.
Yes but I use an uniquie fromuser on both peer different to all other devices on the Asterisk, assuming it is a trunk between 2 Asterisks servers
It is better to use type=peer. You only really need user matches if two devices share an IP address.
I dont think type peer solve the from header authentication issue at least not with Asterisk, because if you check he had type peer, and I have done also test with 2 Asterisk and issue happen, Asterisk doesnt really use the IP address to authenticate the device
The problem is putting type=friend on local devices. It is the part of the dialplan he didn’t show that has the problem.