Help with PJSIP and call file

Hello there,

We connect this server with other Asterisk boxes we own. For this reason, none of the “trunks” use username and password authentication, just IP-based authentication. Everything works great except when using Asterisk call files. Whenever we try, Asterisk complains that there is no authentication ID available.

When trying to make calls directly to the external server, everything works fine as expected. The same occurs with incoming calls. I’ve even tried the “channel originate” command from the CLI, and it worked like a charm!

For reference, I’m attaching the call file I used to test, as well as the debug that shows the error. As you will see, there are errors about a 403 response, but the destination server (MAC02) never gets contacted, at least the logs on MAC02 don’t say anything about it! Yet, the “trunk” on MAC02 uses IP-based authentication too, so I can’t figure out what is going on!

I would appreciate any help you can provide.

Thank you!

debug.txt (25.2 KB)
callfile.txt (171 Bytes)

There is no SIP traffic in the log, but according to it the remote side challenged for authentication:

[May 30 13:13:52] DEBUG[434] res_pjsip/pjsip_distributor.c: Searching for serializer associated with dialog dlg0x7f3c58275f68 for Response msg 401/INVITE/cseq=2688 (rdata0x7f3c9c2d30e8)
[May 30 13:13:52] DEBUG[434] res_pjsip/pjsip_distributor.c: Found serializer pjsip/outsess/MAC02-000002e7 associated with dialog dlg0x7f3c58275f68
[May 30 13:13:52] DEBUG[56611] res_pjsip_session.c: PJSIP/MAC02-00000457: Initial INVITE is being challenged.
[May 30 13:13:52] ERROR[56611] res_pjsip_outbound_authenticator_digest.c: Endpoint: 'MAC02': There were no auth ids available
[May 30 13:13:52] DEBUG[56611] res_pjsip_session.c:  PJSIP/MAC02-00000457 Method: INVITE Status: 401
[May 30 13:13:52] DEBUG[56611] res_pjsip_session.c:  
[May 30 13:13:52] DEBUG[56611] res_pjsip_session.c:  PJSIP/MAC02-00000457 Event: TSX_STATE  Inv State: DISCONNCTD
[May 30 13:13:52] DEBUG[56611] res_pjsip_session.c: PJSIP/MAC02-00000457: Source of transaction state change is RX_MSG
[May 30 13:13:52] DEBUG[56611] res_pjsip_session.c: PJSIP/MAC02-00000457: Received response
[May 30 13:13:52] DEBUG[56611] res_pjsip_session.c:  PJSIP/MAC02-00000457: Response is 401 Unauthorized
[May 30 13:13:52] DEBUG[56611] chan_pjsip.c:  PJSIP/MAC02-00000457: Status: 401

What would be more useful, initially, would be debug level 0, but with “pjsip set logger on” in effect.

But why would the remote server challenge for authentication only when using call files? In other cases, everything works fine! I must be missing something… BTW, here’s the “trunk” configured on MAC02. It still uses chan_sip and wasn’t configured by me, unfortunately.

[MAC16]
type=friend
host=216.xxx.xxx.xxx
port=5060
;nat=force_rport,comedia
nat=force_rport
insecure=port,invite
dtmfmode=rfc2833
;context=centralB
context=TELVIR_OUT
qualify=no
sendrpid=yes
trustrpid=yes
nat=no
reinvite=no
canreinvite=no
allow=ulaw

:man_shrugging:

You could compare the working INVITE and non-working INVITE and see the difference, and then deduce based on that, or look at the remote side and its own logging for chan_sip and see. It could be matching another entry in sip.conf for matching which requests auth.

There is no secret, so there will be no challenge for a match on that entry, and insecure=invite has no effect at all. As such it must be matching something else.

With chan_sip, for that entry to match, either the user part of the From header URI must be MAC02, or the IP level source address must be 216.xxx.xxx.xxx AND the user part of the From header URI must not match the section name of any other type=user or type=friend entry. Obviously, you also shouldn’t have more than one entry with host=216.xxx.xxx.xxx.

You’ve

That remote machine isn’t directly under my responsibility, so I didn’t see that, indeed, there was an entry “101112” in sip.conf that required authentication. Changing the “callerid” parameter in the call file caused the call to successfully go through.

Thank you so much for your help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.