Multiple SIP-trunks, different realm (for proxy authentication) per trunk

Hi,

I have 2 questions:

1st: What I’ve noticed so far, is that a 407 challenge uses the information in FROM header in the INVITE. on Asterisk based systems, I’ve noticed that the wrong information is being send, which results in a proxy authentication that will always result in failure

e.a.: On a system (non asterisk), when an INVITE is sent, the following information is sent:

INVITE sip:<CDPN>@<Provider domain>;user=phone SIP/2.0
Via: SIP/2.0/UDP 172.16.255.253:39052;branch=z9hG4bK-50477240;rport
From: <sip:CGPN@<Provider domain>;user=phone>;tag=2391940369

which is challenged as:

SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 172.16.255.253:39052;received=<provider IP>;branch=z9hG4bK-50477240;rport=43491
From: <sip:<CGPN>@<Provider domain>;user=phone>;tag=2391940369
To: <sip:CDPN>@<Provider domain>;user=phone>;tag=1d24a28a0bded6c40d31e6db8aab9ac6.7862
Call-ID: 45584da510d15801d47f0090333011c5@373
CSeq: 57198894 INVITE
Proxy-Authenticate: Digest realm="<Provider domain>", nonce="<provider key>"

The authentication succeeds.

From Asterisk, the INVITE looks like this:

INVITE sip:<CDPN>@<provider domein> SIP/2.0
Via: SIP/2.0/UDP 10.0.10.45:5060;branch=z9hG4bK4444c02f;rport
Max-Forwards: 70
From: <sip:<CGPN>@<internal IP-address Asterisk>>;tag=as2601fa07

Which result is the following challenge:

SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.0.10.45:5060;received=<HQ external IP>;branch=z9hG4bK4444c02f;rport=5060
From: <sip:<CGPN>@<internal IP-address Asterisk>>;tag=as2601fa07
To: <sip:<CDPN>@<Provider domain>>;tag=1d24a28a0bded6c40d31e6db8aab9ac6.f5c7
Call-ID: 03b4d5286533ef9b0d7bfef179cef752@<internal IP Asterisk:5060
CSeq: 104 INVITE
Proxy-Authenticate: Digest realm="<internal IP Asterisk", nonce="<provider key>"

The authentication fails, as the provided realm does not exist.

2nd: I was wondering if it is possible to use different realms for different SIP-trunks. As not all of the sip-trunks are registered at the same provider, some providers require proxy authentication on each outgoing call. So the INVITE is challenged with a 407. Is there a way to setup the sip.conf in such a way, this will happen?

I hope my question is clear. if not, please let me know :slight_smile:

Beste regards,
Maikel

De first part is already solved and it was way easier than expected.

In the sip-registration, just add the fromdomain= option. :sweat_smile:
This resulted in the requested INVITE :smile:

INVITE sip:<CDPN>@<provider domein> SIP/2.0
Via: SIP/2.0/UDP 10.0.10.45:5060;branch=z9hG4bK4444c02f;rport
Max-Forwards: 70
From: <sip:<CGPN>@<fromdomain-value>;tag=as2601fa07

I’m guessing the second part is achievable as well now.