I need more than one realm in my outbound identity

I’m using PJSIP. It looks like the "Digest realm=“xxx.xxx.xxx.xxx” part of my outbound authentication challenge can be one of four servers. I cannot figure out a way to have my outbound_auth support multiple realms. (sorry no trace without breaking the system.)

Here’s the auth and endpoint:

[ZZZZZZ]
type=endpoint
transport=transport-udp-nat
context=from-external
disallow=all
allow=ulaw
outbound_auth=sipus_auth
aors=sipus_aor
direct_media=no
from_domain=sip.aserver.com

[sipus_auth]
type=auth
auth_type=userpass
password=xxxxxxxxx
username=xxxxxxxxx
realm=sip.aserver.com

BUT CAN BE ONE OF THESE TOO (I’ve already seen one other)
realm=VVV.CCC.ZZZ.XX0
realm=VVV.CCC.ZZZ.XX1
realm=VVV.CCC.ZZZ.XX2

These are IP addresses published in a “white list”.

So it looks like I need a way to have one auth support three realms.

So a single auth section can only be the authentication for a single realm. You can, however, define multiple auth sections and reference those from the endpoint. The endpoint will then set multiple credentials on the outbound request. Assuming the system you are talking to will look at each of the authentication credentials and match based on the realm it’s providing, it should then accept the request.

This could be configured as shown:

[ZZZZZZ]
type=endpoint
transport=transport-udp-nat
context=from-external
disallow=all
allow=ulaw
outbound_auth=sipus_auth1,sipus_auth2,sipus_auth3
aors=sipus_aor
direct_media=no
from_domain=sip.aserver.com

[sipus_auth](!)
type=auth
auth_type=userpass
password=xxxxxxxxx
username=xxxxxxxxx

[sipus_auth1](sipus_auth)
realm=xxx.xxx.xxx.xxx

[sipus_auth2](sipus_auth)
realm=yyy.yyy.yyy.yyy

[sipus_auth3](sipus_auth)
realm=zzz.zzz.zzz.zzz
2 Likes

Cool, I shall try and post back.