Getting a 401 Unauthorized on Twilio Oirgination

I’m trying to connect an instance of Asterisk 18 hosted on DigitalOcean to a Twilio SIP trunk. I can dial out, but am having trouble with origination.

I’m using the latest O’Reilly Starfish book as a starting point and trying to synthesize it with Twilio’s docs, but I think something is getting lost in translation.

Here is my pjsip_wizard.conf. Mostly boilerplate from the Twilio docs.

[trunk_defaults](!)
type=wizard
endpoint/transport=transport-udp
endpoint/allow=!all,ulaw
endpoint/t38_udptl=no 
endpoint/t38_udptl_ec=none 
endpoint/fax_detect=no
endpoint/trust_id_inbound=no
endpoint/t38_udptl_nat=no
endpoint/direct_media=no
endpoint/rewrite_contact=yes
endpoint/rtp_symmetric=yes
endpoint/dtmf_mode=rfc4733
endpoint/allow_subscribe=no
aor/qualify_frequency=60
;endpoint/media_encryption=sdes (Not using TLS until I get UDP working)

[twilio-na-us](trunk_defaults) 
sends_auth=yes 
sends_registrations=no 
remote_hosts=[my_pbx].pstn.umatilla.twilio.com:5060,[my_pbx].pstn.ashburn.twilio.com:5060
outbound_auth/username=[acl_username]
outbound_auth/password=[acl_secret]
endpoint/context=pstn-in
aor/qualify_frequency=60

And the pjsip.conf

[global]
type=global
default_outbound_endpoint=dpma_endpoint

; Basic UDP transport
;
[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0:5060
external_media_address=[WAN IP for my VPC]
external_signaling_address=[Same WAN IP]
allow_reload=no
tos=cs3
cos=3
local_net=10.124.0.0/20 ; local subnet of my VPC

[dpma_endpoint]
type=endpoint

And my extensions.conf, which is pretty basic.

[general] ; This always has to be here

[globals] ; Global variables (we'll discuss these later)
ME=PJSIP/[MAC_ADDRESS]
me_softphone=PJSIP/me_softphone
TOLL=PJSIP/twilio-na-us
LOCAL=${TOLL}

[pstn-in] ; Calls from the carriers could arrive here
exten => _NXXXXXXXXX,1,Dial(sets,1010,1)
exten => _1NXXXXXXXXX,1,Dial(sets,1010,1)
exten => _+1NXXXXXXXXX,1,Dial(sets,1010,1)

[outgoing]
exten => _NXXNXXXXXX,1,Set(CALLERID(all)="Me" <+1555555555>)
same => n,Dial(PJSIP/+1${EXTEN}@twilio-na-us)
same => n(end),Hangup()

[sets] ; on a simple system, we can use this
exten => 1009,1,Dial(${ME})
exten => 1010,1,Dial(${me_softphone})
include => outgoing

[services] ; Special services such as conferencing could be defined here

Is there something obvious I’m missing?

Here is the info from the asterisk CLI:

[2021-09-23 22:11:32] NOTICE[14975]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'INVITE' from '"MICHAEL" <sip:+1801[redacted]@[URI].pstn.twilio.com>' failed for '54.172.60.0:5060' (callid: fab0e7700cecb709ff1a6237c13a366a@0.0.0.0) - No matching endpoint found

And if I look at the pjsip history, I see the following, duplicated for several of Twilio’s IPs:

00514 1632435092 * <== 54.172.60.0:5060         INVITE sip:+1[my_incoming_did]@[VPC IP];region=us1 SIP/2.0
00515 1632435092 * ==> 54.172.60.0:5060         SIP/2.0 401 Unauthorized

You neither have an endpoint called +1801[redacted] nor do you have an identify section for Twilio’s IP addresses. How were you expecting Asterisk to recognize traffic for your Twillio endpoint?

The +1801[redacted] denotes a number I’m dialing from to test origination calls into Twilio->Asterisk rather than my inbount DID. Perhaps I’m really messing things up.

Nonetheless, I take your meaning that I’m missing some very fundamental part of my config. Namely, an identify section for Twilio’s IP addresses and an endpoint for my DIDs, correct? Twilio’s docs don’t indicate the need for any identify sections. Are those normally added to pjsip.conf?

It looks like they have badly translated a typical ITSP chan_sip configuration (which means a badly designed one).

I’d suggest starting, from first principles, using the generic one in res_pjsip Configuration Examples - Asterisk Project - Asterisk Project Wiki as there are some options in their configuration which would only be needed if their system is broken in a way that I would not expect of an ITSP.

1 Like

I’ll try taking off the training wheels and give it a shot :wink: