Thank you for the replies. We are using version 13.27.0 so it should not be affected by that bug but I have split the inbound and outbound auth anyway.
Here is the corresponding configuration from asterisk 11. It works fine sending calls between the asterisk 11 boxes.
[gw7]
type=peer
sendrpid=yes
trustrpid=yes
context=intergateway
host=1.1.1.27
defaultuser=authuser
password=securepassword
;qualify=50
;qualifyfreq=15
disallow=all
allow=alaw
allow=ulaw
I turned on debugging when performing a test but I don’t really anything helpful there.
Jul 25 10:15:14] DEBUG[18714]: pjproject: <?>: sip_endpoint.c Processing incoming message: Request msg INVITE/cseq=102 (rdata0x7ff5e8003b18)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:384 find_dialog: Could not find matching transaction for Request msg INVITE/cseq=102 (rdata0x7ff5e8003b18)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:462 ast_sip_get_distributor_serializer: Calculated serializer pjsip/distributor-00000039 to use for Request msg INVITE/cseq=102 (rdata0x7ff5e8003b18)
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: sip_endpoint.c Distributing rdata to modules: Request msg INVITE/cseq=102 (rdata0x7ff5e800d778)
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:240 ip_identify_match_check: Source address 1.1.1.21:5060 matches identify 'gateways'
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:273 common_identify: Identify 'gateways' SIP message matched to endpoint gateways
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: endpoint .Response msg 401/INVITE/cseq=102 (tdta0x7ff6500027f8) created
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_authenticator_digest.c:454 digest_check_auth: Using default realm 'asterisk' on incoming auth 'intergw_in'.
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: tdta0x7ff6500027f8 .Destroying txdata Response msg 401/INVITE/cseq=102 (tdta0x7ff6500027f8)
[Jul 25 10:15:14] DEBUG[18714]: pjproject: <?>: sip_endpoint.c Processing incoming message: Request msg ACK/cseq=102 (rdata0x7ff5e8002fd8)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:384 find_dialog: Could not find matching transaction for Request msg ACK/cseq=102 (rdata0x7ff5e8002fd8)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:462 ast_sip_get_distributor_serializer: Calculated serializer pjsip/distributor-00000039 to use for Request msg ACK/cseq=102 (rdata0x7ff5e8002fd8)
[Jul 25 10:15:14] DEBUG[18714]: pjproject: <?>: sip_endpoint.c Processing incoming message: Request msg INVITE/cseq=103 (rdata0x7ff5e8002fd8)
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: sip_endpoint.c Distributing rdata to modules: Request msg ACK/cseq=102 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:384 find_dialog: Could not find matching transaction for Request msg INVITE/cseq=103 (rdata0x7ff5e8002fd8)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:462 ast_sip_get_distributor_serializer: Calculated serializer pjsip/distributor-00000039 to use for Request msg INVITE/cseq=103 (rdata0x7ff5e8002fd8)
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:240 ip_identify_match_check: Source address 1.1.1.21:5060 matches identify 'gateways'
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:273 common_identify: Identify 'gateways' SIP message matched to endpoint gateways
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: sip_endpoint.c Distributing rdata to modules: Request msg INVITE/cseq=103 (rdata0x7ff5e80193f8)
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:240 ip_identify_match_check: Source address 1.1.1.21:5060 matches identify 'gateways'
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:273 common_identify: Identify 'gateways' SIP message matched to endpoint gateways
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: endpoint .Response msg 401/INVITE/cseq=103 (tdta0x7ff650000f68) created
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_authenticator_digest.c:454 digest_check_auth: Using default realm 'asterisk' on incoming auth 'intergw_in'.
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_authenticator_digest.c:259 check_nonce: Calculated nonce 1564046114/255ffe705ebf868bc9fc1f25756741c4. Actual nonce is 1564046114/255ffe705ebf868bc9fc1f25756741c4
[Jul 25 10:15:14] NOTICE[21367]: res_pjsip/pjsip_distributor.c:666 log_failed_request: Request 'INVITE' from '<sip:03454752225@1.1.1.21>' failed for '1.1.1.21:5060' (callid: 17f6b4e14384a1f676639a7312506ddb@1.1.1.21:5060) - Failed to authenticate
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: tdta0x7ff650000f68 .Destroying txdata Response msg 401/INVITE/cseq=103 (tdta0x7ff650000f68)
[Jul 25 10:15:14] DEBUG[18714]: pjproject: <?>: sip_endpoint.c Processing incoming message: Request msg ACK/cseq=103 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:384 find_dialog: Could not find matching transaction for Request msg ACK/cseq=103 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:462 ast_sip_get_distributor_serializer: Calculated serializer pjsip/distributor-00000039 to use for Request msg ACK/cseq=103 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: sip_endpoint.c Distributing rdata to modules: Request msg ACK/cseq=103 (rdata0x7ff5e80193f8)
[Jul 25 10:15:14] DEBUG[18714]: pjproject: <?>: sip_endpoint.c Processing incoming message: Request msg INVITE/cseq=104 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:240 ip_identify_match_check: Source address 1.1.1.21:5060 matches identify 'gateways'
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:273 common_identify: Identify 'gateways' SIP message matched to endpoint gateways
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:384 find_dialog: Could not find matching transaction for Request msg INVITE/cseq=104 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:462 ast_sip_get_distributor_serializer: Calculated serializer pjsip/distributor-00000039 to use for Request msg INVITE/cseq=104 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: sip_endpoint.c Distributing rdata to modules: Request msg INVITE/cseq=104 (rdata0x7ff5e80193f8)
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:240 ip_identify_match_check: Source address 1.1.1.21:5060 matches identify 'gateways'
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:273 common_identify: Identify 'gateways' SIP message matched to endpoint gateways
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: endpoint .Response msg 401/INVITE/cseq=104 (tdta0x7ff650000f68) created
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_authenticator_digest.c:454 digest_check_auth: Using default realm 'asterisk' on incoming auth 'intergw_in'.
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_authenticator_digest.c:259 check_nonce: Calculated nonce 1564046114/255ffe705ebf868bc9fc1f25756741c4. Actual nonce is 1564046114/255ffe705ebf868bc9fc1f25756741c4
[Jul 25 10:15:14] NOTICE[21367]: res_pjsip/pjsip_distributor.c:666 log_failed_request: Request 'INVITE' from '<sip:03454752225@1.1.1.21>' failed for '1.1.1.21:5060' (callid: 17f6b4e14384a1f676639a7312506ddb@1.1.1.21:5060) - Failed to authenticate
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: tdta0x7ff650000f68 .Destroying txdata Response msg 401/INVITE/cseq=104 (tdta0x7ff650000f68)
[Jul 25 10:15:14] DEBUG[18714]: pjproject: <?>: sip_endpoint.c Processing incoming message: Request msg ACK/cseq=104 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:384 find_dialog: Could not find matching transaction for Request msg ACK/cseq=104 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:462 ast_sip_get_distributor_serializer: Calculated serializer pjsip/distributor-00000039 to use for Request msg ACK/cseq=104 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: sip_endpoint.c Distributing rdata to modules: Request msg ACK/cseq=104 (rdata0x7ff5e80193f8)
[Jul 25 10:15:14] DEBUG[18714]: pjproject: <?>: sip_endpoint.c Processing incoming message: Request msg INVITE/cseq=105 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:240 ip_identify_match_check: Source address 1.1.1.21:5060 matches identify 'gateways'
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:273 common_identify: Identify 'gateways' SIP message matched to endpoint gateways
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:384 find_dialog: Could not find matching transaction for Request msg INVITE/cseq=105 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:462 ast_sip_get_distributor_serializer: Calculated serializer pjsip/distributor-00000039 to use for Request msg INVITE/cseq=105 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: sip_endpoint.c Distributing rdata to modules: Request msg INVITE/cseq=105 (rdata0x7ff5e80193f8)
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:240 ip_identify_match_check: Source address 1.1.1.21:5060 matches identify 'gateways'
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:273 common_identify: Identify 'gateways' SIP message matched to endpoint gateways
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: endpoint .Response msg 401/INVITE/cseq=105 (tdta0x7ff650000f68) created
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_authenticator_digest.c:454 digest_check_auth: Using default realm 'asterisk' on incoming auth 'intergw_in'.
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_authenticator_digest.c:259 check_nonce: Calculated nonce 1564046114/255ffe705ebf868bc9fc1f25756741c4. Actual nonce is 1564046114/255ffe705ebf868bc9fc1f25756741c4
[Jul 25 10:15:14] NOTICE[21367]: res_pjsip/pjsip_distributor.c:666 log_failed_request: Request 'INVITE' from '<sip:03454752225@1.1.1.21>' failed for '1.1.1.21:5060' (callid: 17f6b4e14384a1f676639a7312506ddb@1.1.1.21:5060) - Failed to authenticate
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: tdta0x7ff650000f68 .Destroying txdata Response msg 401/INVITE/cseq=105 (tdta0x7ff650000f68)
[Jul 25 10:15:14] DEBUG[18714]: pjproject: <?>: sip_endpoint.c Processing incoming message: Request msg ACK/cseq=105 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:384 find_dialog: Could not find matching transaction for Request msg ACK/cseq=105 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[18714]: res_pjsip/pjsip_distributor.c:462 ast_sip_get_distributor_serializer: Calculated serializer pjsip/distributor-00000039 to use for Request msg ACK/cseq=105 (rdata0x7ff5e800e788)
[Jul 25 10:15:14] DEBUG[21367]: pjproject: <?>: sip_endpoint.c Distributing rdata to modules: Request msg ACK/cseq=105 (rdata0x7ff5e80193f8)
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:240 ip_identify_match_check: Source address 1.1.1.21:5060 matches identify 'gateways'
[Jul 25 10:15:14] DEBUG[21367]: res_pjsip_endpoint_identifier_ip.c:273 common_identify: Identify 'gateways' SIP message matched to endpoint gateways
Here is the first INVITE with the authentication included and the reply send back.
*CLI> pjsip show history entry 3
<--- History Entry 3 Received from 1.1.1.21:5060 at 1564046114 --->
INVITE sip:conference@1.1.1.27 SIP/2.0
Via: SIP/2.0/UDP 1.1.1.21:5060;received=1.1.1.21;branch=z9hG4bK5f202436
Max-Forwards: 70
From: <sip:03454752225@1.1.1.21>;tag=as61d8e2c0
To: <sip:conference@1.1.1.27>
Contact: <sip:03454752225@1.1.1.21:5060>
Call-ID: 17f6b4e14384a1f676639a7312506ddb@1.1.1.21:5060
CSeq: 103 INVITE
User-Agent: Asterisk PBX 11.6-cert8
Authorization: Digest username="authuser", realm="asterisk", nonce="1564046114/255ffe705ebf868bc9fc1f25756741c4", uri="sip:conference@1.1.1.27", response="740d1bf4b058067fc9dae4193e4b8e55", algorithm=MD5, cnonce="459eeade", opaque="0f9781a902768258", qop=auth, nc=00000001
Date: Thu, 25 Jul 2019 09:15:14 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Remote-Party-ID: "03454752225" <sip:03454752225@1.1.1.21>;party=calling;privacy=off;screen=no
Content-Type: application/sdp
Content-Length: 290
Content-Type: application/sdp
Content-Length: 290
v=0
o=root 2002911273 2002911274 IN IP4 1.1.1.21
s=Asterisk PBX 11.6-cert8
c=IN IP4 1.1.1.21
t=0 0
m=audio 18444 RTP/AVP 8 0 101
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
a=ptime:20
a=sendrecv
*CLI> pjsip show history entry 4
<--- History Entry 4 Sent to 1.1.1.21:5060 at 1564046114 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 1.1.1.21:5060;rport=5060;received=1.1.1.21;branch=z9hG4bK5f202436
Call-ID: 17f6b4e14384a1f676639a7312506ddb@1.1.1.21:5060
From: <sip:03454752225@1.1.1.21>;tag=as61d8e2c0
To: <sip:conference@1.1.1.27>;tag=z9hG4bK5f202436
CSeq: 103 INVITE
WWW-Authenticate: Digest realm="asterisk",nonce="1564046114/255ffe705ebf868bc9fc1f25756741c4",opaque="08180708774e62fc",algorithm=md5,qop="auth"
Server: Asterisk PBX 13.27.0
Content-Length: 0
Finally the new pjsip configuration. The only other changes I made was to turn off qualify just to make the debug output cleaner.
type=auth
auth_type=userpass
username=authuser
password=securepassword
[intergw_out]
type=auth
auth_type=userpass
username=authuser
password=securepassword
; Test entry to permit incoming connections from all other gateways. Never used for outgoing connections.
[gateways]
type=endpoint
trust_id_inbound=yes
context=intergateway
disallow=all
allow=alaw
allow=ulaw
auth=intergw_in
aors=gw1
[gateways]
type=identify
endpoint=gateways
match=1.1.1.21
match=1.1.1.22
match=1.1.1.23
match=1.1.1.24
match=1.1.1.25
match=1.1.1.26
match=1.1.1.27
[gw1]
type=endpoint
send_rpid=yes
trust_id_outbound=yes
disallow=all
allow=alaw
allow=ulaw
outbound_auth=intergw_out
aors=gw1
[gw2]
type=endpoint
send_rpid=yes
trust_id_outbound=yes
disallow=all
allow=alaw
allow=ulaw
outbound_auth=intergw_out
aors=gw2
[gw3]
type=endpoint
send_rpid=yes
trust_id_outbound=yes
disallow=all
allow=alaw
allow=ulaw
outbound_auth=intergw_out
aors=gw3
[gw4]
type=endpoint
send_rpid=yes
trust_id_outbound=yes
disallow=all
allow=alaw
allow=ulaw
outbound_auth=intergw_out
aors=gw4
[gw5]
type=endpoint
send_rpid=yes
trust_id_outbound=yes
disallow=all
allow=alaw
allow=ulaw
outbound_auth=intergw_out
aors=gw5
[gw6]
type=endpoint
send_rpid=yes
trust_id_outbound=yes
disallow=all
allow=alaw
allow=ulaw
outbound_auth=intergw_out
aors=gw6
[gw7]
type=endpoint
send_rpid=yes
trust_id_outbound=yes
disallow=all
allow=alaw
allow=ulaw
outbound_auth=intergw_out
aors=gw7
[gw1]
type=aor
contact=sip:1.1.1.21:5060
;qualify_frequency=15
;qualify_timeout=2
[gw2]
type=aor
contact=sip:1.1.1.22:5060
;qualify_frequency=15
;qualify_timeout=2
[gw3]
type=aor
contact=sip:1.1.1.23:5060
;qualify_frequency=15
;qualify_timeout=2
[gw4]
type=aor
contact=sip:1.1.1.24:5060
;qualify_frequency=15
;qualify_timeout=2
[gw5]
type=aor
contact=sip:1.1.1.25:5060
;qualify_frequency=15
;qualify_timeout=2
[gw6]
type=aor
contact=sip:1.1.1.26:5060
;qualify_frequency=15
;qualify_timeout=2
[gw7]
type=aor
contact=sip:1.1.1.27:5060
;qualify_frequency=15
;qualify_timeout=2