I have PJSIP endpoints, which are identified by ip address for incoming calls, and appropriate identify-records exists in pjsip.conf
I have further PJSIP endpoints, which have public, volatile IP addresses, which are identified by username/password, and appropriate records exist in database.
When an INVITE comes from an unknown IP address, asterisk / pjsip behaves as follows:
INVITE is received, parsed, …
Warning “INVITE from … failed … No matching endpoint found” is created and logged
Response “SIP/2.0 401 Unauthorized” is sent
client sends new INVITE with credentials
asterisk / pjsip checks username / password.
call is setup as desired.
Unfortunately, asterisk is logging the warning, before it checks username / password.
=> fail2ban will soon block, though the endpoint is well known and using correct username / password.
Any Ideas as solution for my problem? Hope anyone can help.
regards
If you are asking here, you have fully configured fail2ban yourself. Without that configuration, it is difficult to know what to change.
However, if the client doesn’t include the user name in the From header, you are going to get the warning and you are going to need to compensate on the fail2ban side.
Hi this error is only, if a customer send a outgoing call to external sip provider over asterisk. Well 1st asterisk check ip adress of customer and send error message and than asterisk make auth check with username / password (what i use for customers). For external sip provider i do onyl use ip auth, well provider need it. Can i solve it in asterisk or do i must remove command mathcing point out of line 33 mandatory? For me it was better, if i have a solution without change fail2ban lines. Config directly in Asterisk was better. Hope you have ideas…