Endpoints not able to register Endpoint 'anonymous' has no configured AORs

Asterisk Asterisk SIP
#1

I am facing an issue with Asterisk server where the clients that try to rgister from another subnet cant register properly and cli shows error that Endpoint annonymous has no configured AORs

Below is the log.
As there are some clients that are not configured properly kindly consider client with IP 192.168.91.207 or 192.168.91.203 only. Both are using the correct username and password.

The asterisk is connected the modem/router of the building with an ip of 192.168.1.18 and a managed switch creates subnets for each flat. Each flat has a subnet of 192.168.< FlatNumber >.0 for example flat 91 has an ip range of 192.168.91.0/24

Devices that are connected to the modem / 1.x subnet can register properly. Those connecting through WAN using the TLS transport can also connect . But those from the flats subnets get 401 unauthorized errors aslthough providing correct credentials.


[transport - udp]
type = transport
protocol = udp
bind = 0.0.0.0:5060
tos = cs3


[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
method=tlsv1
local_net=192.168.0.0/16
local_net=127.0.0.0/16
external_media_address=82.178.204.211
external_signaling_address=82.178.204.211
external_signaling_port=5061
tos = cs3






[70701]
type = aor
max_contacts = 1
remove_existing = yes
qualify_frequency = 60
maximum_expiration = 3600
minimum_expiration = 60
default_expiration = 120

[70701]
type = auth
username = 70701
password = 70701
nonce_lifetime = 200


[70701]
type = endpoint
context=fullrights
rtp_symmetric = yes
rewrite_contact=yes
dtmf_mode = rfc4733
message_context=some_context_that_does_nothing
disallow = all
allow = ulaw
allow = alaw
allow = gsm
allow = g726
allow = h264
allow = mpeg4
allow = vp8
allow = h263p
rtp_timeout = 30
timers = yes
direct_media = no
callerid=70701 <70701>
send_pai = yes
use_avpf = no
tos_audio = ef
tos_video = af41
auth = 70701
outbound_auth = 70701
aors = 70701




[80701]
type = aor
max_contacts = 1
remove_existing = yes
qualify_frequency = 60
maximum_expiration = 3600
minimum_expiration = 60
default_expiration = 120

[80701]
type = auth
username = 80701
password = 80701
nonce_lifetime = 200


[80701]
type = endpoint
context=fullrights
rtp_symmetric = yes
rewrite_contact=yes
dtmf_mode = rfc4733
message_context=some_context_that_does_nothing
disallow = all
allow = ulaw
allow = alaw
allow = gsm
allow = g726
allow = h264
allow = mpeg4
allow = vp8
allow = h263p
rtp_timeout = 30
timers = yes
direct_media = no
callerid=80701 <80701>
send_pai = yes
use_avpf = no
tos_audio = ef
tos_video = af41
auth = 80701
outbound_auth = 80701
aors = 80701

Below are the logs
full.log.txt (40.4 KB)

#2

91.207 isn’t providing a password when asked for it, so it is not true to say it is using its password. 91.203 is nowhere to be seen.

I’d suggest the problem with 91.207 is that there is no route to 192.168.91.0/24

#3

401 is not an error. It is a normal part of authentication.

1 Like
#4

Thanks @david551 for pointing out , found that the modem was blocking some traffic. fixed that and now clients can register!