Connecting two asterisk servers username mismatch

Asterisk Asterisk SIP
1

I have an existing openwrt gateway that works well with asterisk, I have an elderly relative that needs to be able to call me so I have set up a second openwrt gateway with asterisk with him.
Both have a wireguard tunnel connecting them.
I have successfully registered both boxes with each other. But can not get the phones to dial each other.
I have read ‘Connecting Two Asterisk Boxes Together via SIP’ in the document ‘Asterisk_ The Future of Telephony’ but I still cant get it to work.
I tried to make Server A (ME) dial 555 to call Server B (John) and Server B call 666 to call Server A.
‘Home’ is used to connect my gateway device (touch tone phone) to asterisk. Home is registered to asterisk as it is used for the other external sip providers.

I get the following errors when I try to make a call from Server A using 555-

== Using SIP RTP CoS mark 5
    -- Executing [555@phones:1] Dial("SIP/home-00000016", "SIP/John") in new stack
  == Using SIP RTP CoS mark 5
    -- Called SIP/John
[Feb 19 18:16:01] WARNING[14914][C-0000000d]: chan_sip.c:24127 handle_response_invite: Received response: "Forbidden" from '"home" <sip:home@172.23.14.1>;tag=as1b9d452f'
  == Everyone is busy/congested at this time (1:0/0/1)
    -- Executing [555@phones:2] Hangup("SIP/home-00000016", "") in new stack
  == Spawn extension (phones, 555, 2) exited non-zero on 'SIP/home-00000016'
    -- Unregistered SIP 'home'
    -- Registered SIP 'home' at xxx.xxx.xxx.x:5065
[Feb 19 18:16:02] NOTICE[14914]: chan_sip.c:28519 handle_request_subscribe: Received SIP subscribe for peer without mailbox: home

and Server B shows-

[Feb 19 17:13:53] WARNING[14914][C-0000000c]: chan_sip.c:17332 check_auth: username mismatch, have <home>, digest has <John>
[Feb 19 17:13:53] NOTICE[14914][C-0000000c]: chan_sip.c:26418 handle_request_invite: Failed to authenticate device "home" <sip:home@172.23.14.2>;tag=as752658ba
[Feb 19 17:15:17] NOTICE[14914]: chan_sip.c:28519 handle_request_subscribe: Received SIP subscribe for peer without mailbox: home

Calling from Server B to Server A dose the same thing.

Below are Server A and Server B’s sip.conf and extensions.conf
(I had to remove password form sip.conf for the connection as it was giving errors).
Server A-
sip.conf

register => ME:@172.23.14.2/John

; # Phones #
[home]
        type=friend
        context=phones
        allow=ulaw,alaw
        secret=secrethome
        host=dynamic
[mobile-home]
        type=friend
        context=phones
        allow=ulaw,alaw
        secret=secretmhome
        host=dynamic
[John]
        type=friend
        context=John
        allow=ulaw,alaw
        secret=
        host=dynamic
        insecure=invite
        defaultuser=John
; # Sip Providers details #
[Provider1]
        type=friend
        context=P1
        allow=ulaw,alaw
        secret=xxxxxxx
        host=voice.service.com
        nat=force_rport,comedia
        insecure=invite
        fromdomain=voice.service.com
        defaultuser=xxxxxxxxxx
[Provider2]
        type=friend
        context=P2
        allow=ulaw,alaw
        secret=yyyyyyyyy
        host=sip.serv.com
        nat=force_rport,comedia
        insecure=invite
        fromdomain=sip.serv.com
        defaultuser=xxxxxxxxxxxx

extensions.conf

; # Incoming #
[P1]
exten => xxxxxxx,1,Goto(phones,333,1)
[John]
exten => 666,1,Goto(phones,333,1)

; # Internal Devices #
[phones]
exten => 111,1,Dial(SIP/home)
same => n,Hangup

exten => 222,1,Dial(SIP/mobile-home)
same => n,Hangup

exten => 555,1,Dial(SIP/John)
same => n,Hangup

; # Block caller list #
exten => 333,1,NoOp(${CALLERID(num)})
same => n,GotoIf($["${DB(blockcaller/${CALLERID(num)})}" != "1"]?allowed)
same => n,Playback(Number_not_avaliable)
same => n,Hangup()
same => n(allowed),Ringing                          ;caller hears ringing tone
same => n,Queue(home)                               ;call Queue
same => n,Hangup()

; # Outgoing Dials #

; # Dial Extension Provider2 #
exten => _2X.,1,Goto(outgoing,${EXTEN:1},1)          ;press 2 for P2

; # Dial Extension Provider1 #
exten => _X.,1,NoOp(${CALLERID(num)})
same => n,Set(CALLERID(num)=xxxxxxxxx)
same => n,Goto(outgoing,${EXTEN},2)


; # Outgoing Providers #
[outgoing]
exten => _X.,1,Dial(SIP/P2/${EXTEN})
exten => _X.,2,Dial(SIP/P1/${EXTEN})

Server B-
sip.conf

register => John:@172.23.14.1/ME

[home]
        type=friend
        context=phones
        allow=ulaw,alaw
        secret=secrethome
        host=dynamic
[ME]
        type=friend
        context=John
        allow=ulaw,alaw
        secret=
        host=dynamic
        insecure=invite
        defaultuser=ME

extensions.conf

; # Incoming #
[ME]
exten => 555,1,Goto(phones,333,1)

; # Internal Devices #
[phones]
exten => 111,1,Dial(SIP/home)
same => n,Hangup

exten => 222,1,Dial(SIP/mobile-home)
same => n,Hangup

exten => 666,1,Dial(SIP/ME)
same => n,Hangup

exten => 333,1,NoOp()
same => n,Ringing                          ;caller hears ringing tone
same => n,Hangup()

Can someone tell me what I am doing wrong? Please :slight_smile:

2

chan_sip is no longer supported, and has been deprecated for a long time, so there is little knowledge of it amongst most contributors here. It has been completely removed from the latest two versions of Asterisk.

You are over using type=friend. It is likely that all should be type=peer. Having the same type=friend at both ends is asking for trouble.

It doesn’t make sense to have both sides dynamic. If you know the address for the register line, you know it for the host line.

There may be more, but I;ve had to scroll lots of times to get this far.

This is small enough that you should do a complete rework with the, currently supported, chan_pjsip.

3

Thanks for the fast reply David, I was hoping for a quick fix as I no nothing about pjsip and I read that sip can have less problems. I do volunteer work for the elderly and that is why I started to use asterisk as they all need landlines. I will try to do some reading on pjsip. In the meantime, maybe someone else here knows how I can fix what I have?

4

It would help if you could rearrange the information in the order in in which it is processed, and with just the relevant bit: outbound part of extensions.conf. outbound peer, inbound peer.

The likely cause is that the wrong peer is being matched at the remote end. It is trying to match the peer named “home”.

If there is a tunnel, there should be no need to match by name, at all, and no need to register, from either end.

Are you sure you actually need the Asterisk at the remote end? Can you not directly access the remote phone?

(If chan_sip is so easy to set up, why does nearly every (or every) provider get it wrong (meaningless options, obsolete names, excessive insecurity).)

5

It would help if you could rearrange the information in the order in in which it is processed, and with just the relevant bit: outbound part of extensions.conf. outbound peer, inbound peer.

Yes this might make it clear, I will try it.

The likely cause is that the wrong peer is being matched at the remote end. It is trying to match the peer named “home”.

It is trying to match ‘home’ with John and I don’t know why as home is the connection between the device (phone) and asterisk not the connection from asterisk ‘John’ to asterisk ME which has John extension. In my mind it looks like this=
Home(phone)=>asterisk(ME)[sip/John]==>asterisk(John)
so it should match sip/John with asterisk(John) not home.

If there is a tunnel, there should be no need to match by name, at all, and no need to register, from either end.

Are you sure you actually need the Asterisk at the remote end? Can you not directly access the remote phone?

I do not know how to get asterisk to connect to the phone on gateway B through the wireguard tunnel I just know the ends are ip’s 172.23.14.1 and 172.23.14.2. Maybe the problem is not the sip.conf and extensions.conf, maybe it acts differently through the tunnel. I am no expert in either asterisk or wireguard.
I will play with both the above and see if another approach will work.

(If chan_sip is so easy to set up, why does nearly every (or every) provider get it wrong (meaningless options, obsolete names, excessive insecurity).)

You are probably right, I am just an amateur. I will see if there is an easy way to convert my sip to pjsip, maybe ChatGTP can help me.
Although I am not sure if I have to add more packages if I am changing to pjsip on my device or if pjsip will work on my device. It gets complicated…

6

You really need to fix the chan_sip configuration before trying to do any automated conversion. The best way of configuring is to do it from first principles, or at least from res_pjsip Configuration Examples - Asterisk Documentation

7

Thanks for the link very helpful. I have a spare device I might try set up pjsip on it and see if it works, before I break the existing setup. :slight_smile: