PJSIP calling issues

zermus · August 2, 2020, 9:07am

So I’m having issues with what I think is auth issues with my extension dialing out to my trunk. Here is the debug, note the SIP/2.0 401 Unauthorized:

PJSIP Logging enabled
<--- Received SIP request (934 bytes) from UDP:10.9.9.2:5060 --->
INVITE sip:214xxxxxxx@10.9.9.13:5060;user=phone SIP/2.0
Via: SIP/2.0/UDP 10.9.9.2;branch=z9hG4bK96e2f9e15E6C28C
From: "301" <sip:301@10.9.9.13>;tag=8112E3BF-A762EB82
To: <sip:214xxxxxxx@10.9.9.13;user=phone>
CSeq: 1 INVITE
Call-ID: f3c0638c0e313688757168f4a49d03d5
Contact: <sip:301@10.9.9.2>
Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER
User-Agent: PolycomVVX-VVX_411-UA/6.3.0.14929
Accept-Language: en
Supported: replaces,100rel
Allow-Events: conference,talk,hold
Max-Forwards: 70
Content-Type: application/sdp
Content-Length: 343

v=0
o=- 1596358705 1596358705 IN IP4 10.9.9.2
s=Polycom IP Phone
c=IN IP4 10.9.9.2
t=0 0
a=sendrecv
m=audio 10002 RTP/AVP 0 9 102 8 18 127
a=rtpmap:0 PCMU/8000
a=rtpmap:9 G722/8000
a=rtpmap:102 G7221/16000
a=fmtp:102 bitrate=32000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:127 telephone-event/8000

<--- Transmitting SIP response (494 bytes) to UDP:10.9.9.2:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.9.9.2;rport=5060;received=10.9.9.2;branch=z9hG4bK96e2f9e15E6C28C
Call-ID: f3c0638c0e313688757168f4a49d03d5
From: "301" <sip:301@10.9.9.13>;tag=8112E3BF-A762EB82
To: <sip:214xxxxxxx@10.9.9.13;user=phone>;tag=z9hG4bK96e2f9e15E6C28C
CSeq: 1 INVITE
WWW-Authenticate: Digest realm="asterisk",nonce="1596358714/0b5ac0cba3068ec602c608a40bfb6927",opaque="1df0fdae336c84d8",algorithm=md5,qop="auth"
Server: Asterisk PBX 16.12.0
Content-Length:  0


<--- Received SIP request (515 bytes) from UDP:10.9.9.2:5060 --->
ACK sip:214xxxxxxx@10.9.9.13:5060;user=phone SIP/2.0
Via: SIP/2.0/UDP 10.9.9.2;branch=z9hG4bK96e2f9e15E6C28C
From: "301" <sip:301@10.9.9.13>;tag=8112E3BF-A762EB82
To: <sip:214xxxxxxx@10.9.9.13;user=phone>;tag=z9hG4bK96e2f9e15E6C28C
CSeq: 1 ACK
Call-ID: f3c0638c0e313688757168f4a49d03d5
Contact: <sip:301@10.9.9.2>
Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER
User-Agent: PolycomVVX-VVX_411-UA/6.3.0.14929
Accept-Language: en
Max-Forwards: 70
Content-Length: 0


<--- Received SIP request (1228 bytes) from UDP:10.9.9.2:5060 --->
INVITE sip:214xxxxxxx@10.9.9.13:5060;user=phone SIP/2.0
Via: SIP/2.0/UDP 10.9.9.2;branch=z9hG4bKab9928f36CFDB346
From: "301" <sip:301@10.9.9.13>;tag=8112E3BF-A762EB82
To: <sip:214xxxxxxx@10.9.9.13;user=phone>
CSeq: 2 INVITE
Call-ID: f3c0638c0e313688757168f4a49d03d5
Contact: <sip:301@10.9.9.2>
Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER
User-Agent: PolycomVVX-VVX_411-UA/6.3.0.14929
Accept-Language: en
Supported: replaces,100rel
Allow-Events: conference,talk,hold
Authorization: Digest username="301", realm="asterisk", nonce="1596358714/0b5ac0cba3068ec602c608a40bfb6927", qop=auth, cnonce="LUO8DGYaN+o2xSe", nc=00000001, opaque="1df0fdae336c84d8", uri="sip:214xxxxxxx@10.9.9.13:5060;user=phone", response="a01d67705cf236046d7f4ab6cedbffb7", algorithm=MD5
Max-Forwards: 70
Content-Type: application/sdp
Content-Length: 343

v=0
o=- 1596358705 1596358705 IN IP4 10.9.9.2
s=Polycom IP Phone
c=IN IP4 10.9.9.2
t=0 0
a=sendrecv
m=audio 10002 RTP/AVP 0 9 102 8 18 127
a=rtpmap:0 PCMU/8000
a=rtpmap:9 G722/8000
a=rtpmap:102 G7221/16000
a=fmtp:102 bitrate=32000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:127 telephone-event/8000

  == Setting global variable 'SIPDOMAIN' to '10.9.9.13'
<--- Transmitting SIP response (316 bytes) to UDP:10.9.9.2:5060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.9.9.2;rport=5060;received=10.9.9.2;branch=z9hG4bKab9928f36CFDB346
Call-ID: f3c0638c0e313688757168f4a49d03d5
From: "301" <sip:301@10.9.9.13>;tag=8112E3BF-A762EB82
To: <sip:214xxxxxxx@10.9.9.13;user=phone>
CSeq: 2 INVITE
Server: Asterisk PBX 16.12.0
Content-Length:  0


    -- Executing [214xxxxxxx@internal-kids:1] Set("PJSIP/301-00000002", "CALLERID(all)="Cody Gee" <4694988277>") in new stack
    -- Executing [214xxxxxxx@internal-kids:2] Dial("PJSIP/301-00000002", "PJSIP/1214xxxxxxx@VoIPms") in new stack
    -- Called PJSIP/1214xxxxxxx@VoIPms
  == Everyone is busy/congested at this time (1:0/0/1)
    -- Executing [214xxxxxxx@internal-kids:3] Hangup("PJSIP/301-00000002", "") in new stack
  == Spawn extension (internal-kids, 214xxxxxxx, 3) exited non-zero on 'PJSIP/301-00000002'
<--- Transmitting SIP response (382 bytes) to UDP:10.9.9.2:5060 --->
SIP/2.0 603 Decline
Via: SIP/2.0/UDP 10.9.9.2;rport=5060;received=10.9.9.2;branch=z9hG4bKab9928f36CFDB346
Call-ID: f3c0638c0e313688757168f4a49d03d5
From: "301" <sip:301@10.9.9.13>;tag=8112E3BF-A762EB82
To: <sip:214xxxxxxx@10.9.9.13;user=phone>;tag=a5418ed8-c80e-4604-81d0-9f417cc847a4
CSeq: 2 INVITE
Server: Asterisk PBX 16.12.0
Reason: Q.850;cause=16
Content-Length:  0


<--- Received SIP request (530 bytes) from UDP:10.9.9.2:5060 --->
ACK sip:214xxxxxxx@10.9.9.13:5060;user=phone SIP/2.0
Via: SIP/2.0/UDP 10.9.9.2;branch=z9hG4bKab9928f36CFDB346
From: "301" <sip:301@10.9.9.13>;tag=8112E3BF-A762EB82
To: <sip:214xxxxxxx@10.9.9.13;user=phone>;tag=a5418ed8-c80e-4604-81d0-9f417cc847a4
CSeq: 2 ACK
Call-ID: f3c0638c0e313688757168f4a49d03d5
Contact: <sip:301@10.9.9.2>
Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER
User-Agent: PolycomVVX-VVX_411-UA/6.3.0.14929
Accept-Language: en
Max-Forwards: 70
Content-Length: 0

pjsip.conf

[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0
external_media_address = 1.2.3.4
external_signaling_address = 1.2.3.4
local_net = 10.9.9.0/255.255.255.240
local_net = 10.5.5.0/255.255.255.0

[transport-tcp]
type = transport
protocol = tcp
bind = 0.0.0.0
external_media_address = 1.2.3.4
external_signaling_address = 1.2.3.4
local_net = 10.9.9.0/255.255.255.240
local_net = 10.5.5.0/255.255.255.0

[transport-tls]
type = transport
protocol = tls
bind = 10.9.9.13:5061
external_media_address = 1.2.3.4
external_signaling_address = 1.2.3.4
local_net = 10.9.9.0/255.255.255.240
local_net = 10.5.5.0/255.255.255.0
cert_file = /etc/asterisk/keys/asterisk-10y.crt
priv_key_file = /etc/asterisk/keys/asterisk-10y.key
;cert_file = /etc/asterisk/keys/asterisk.pem
cipher = AES128-GCM-SHA256
;ca_list_file = /etc/asterisk/keys/ca-10y.crt
;ca_list_file = /etc/asterisk/keys/ca.crt
verify_server = no
;verify_client=no
method = tlsv1_2


[VoIPms]
type = registration
;retry_interval = 20
;max_retries = 10
;expiration = 120
transport = transport-tls
outbound_auth = VoIPms
client_uri = sip:userx@dallas2.voip.ms:5061
server_uri = sip:dallas2.voip.ms:5061

[VoIPms]
type = auth
auth_type = userpass
password = xxx
username = userx

[VoIPms]
type = aor
contact = sip:userx@dallas2.voip.ms

[VoIPms]
type = identify
endpoint = VoIPms
match = dallas2.voip.ms

;[VoIPms]
;type = auth
;username = VoIPms
;password = xxx

[VoIPms]
type = endpoint
transport = transport-tls
context = from-trunk
dtmf_mode = rfc4733
disallow = all
allow = ulaw
from_user = userx
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
;disable_directed_media_on_nat = yes
direct_media = no
trust_id_inbound = yes
send_rpid = yes
media_encryption = sdes
auth = VoIPms
outbound_auth = VoIPms
aors = VoIPms

[301]
type = aor
max_contacts = 1

[301]
type = auth
username = 301
password = xxx

[301]
type = endpoint
context = internal-kids
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 301
mailboxes = 303@internal
device_state_busy_at = 4
auth = 301
outbound_auth = 301
;srtp_tag_32 = yes
aors = 301

[302]
type = aor
max_contacts = 1

[302]
type = auth
username = 302
password = xxx

[302]
type = endpoint
context = internal-home
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 302
mailboxes = 302@internal
device_state_busy_at = 4
auth = 302
outbound_auth = 302
srtp_tag_32 = yes
aors = 302

[303]
type = aor
max_contacts = 1

[303]
type = auth
username = 303
password = xxx

[303]
type = endpoint
context = internal-work
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 303
mailboxes = 301@internal
device_state_busy_at = 4
auth = 303
outbound_auth = 303
srtp_tag_32 = yes
aors = 303

[304]
type = aor
max_contacts = 1

[304]
type = auth
username = 304
password = xxx

[304]
type = endpoint
context = internal-home
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 304
mailboxes = 304@internal
auth = 304
outbound_auth = 304
aors = 304

[305]
type = aor
max_contacts = 1

[305]
type = auth
username = 305
password = xxx

[305]
type = endpoint
context = internal-work
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 305
mailboxes = 305@internal
device_state_busy_at = 4
auth = 305
outbound_auth = 305
srtp_tag_32 = yes
aors = 305

[306]
type = aor
max_contacts = 1

[306]
type = auth
username = 306
password = xxx

[306]
type = endpoint
context = internal-home
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 306
mailboxes = 306@internal
device_state_busy_at = 4
auth = 306
outbound_auth = 306
srtp_tag_32 = yes
aors = 306

[307]
type = aor
max_contacts = 1

[307]
type = auth
username = 307
password = xxx

[307]
type = endpoint
context = internal-home
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 307
mailboxes = 307@internal
auth = 307
outbound_auth = 307
aors = 307

zermus · August 2, 2020, 9:10am

I would think if it’s the wrong pass the endpoint wouldn’t register

mercury*CLI> pjsip show endpoints

 Endpoint:  <Endpoint/CID.....................................>  <State.....>  <Channels.>
    I/OAuth:  <AuthId/UserName...........................................................>
        Aor:  <Aor............................................>  <MaxContact>
      Contact:  <Aor/ContactUri..........................> <Hash....> <Status> <RTT(ms)..>
  Transport:  <TransportId........>  <Type>  <cos>  <tos>  <BindAddress..................>
   Identify:  <Identify/Endpoint.........................................................>
        Match:  <criteria.........................>
    Channel:  <ChannelId......................................>  <State.....>  <Time.....>
        Exten: <DialedExten...........>  CLCID: <ConnectedLineCID.......>
==========================================================================================

 Endpoint:  301/301                                              Not in use    0 of 4
    OutAuth:  301/301
     InAuth:  301/301
        Aor:  301                                                1
      Contact:  301/sip:301@10.9.9.2:5060                  6d13bbcb9b NonQual         nan

jcolp · August 2, 2020, 9:39am

The problem is not with the endpoint. It is authenticating, entering the dialplan, and trying to call out using an endpoint named “VoIPms” which is not succeeding. You need to look at the VoIP provider configuration and signaling instead.

zermus · August 2, 2020, 10:35am

I don’t even see it reaching out to the voip.ms IP though.

jcolp · August 2, 2020, 8:16pm

Did you do “pjsip set logger on” to confirm that it is not sending traffic to them?

zermus · August 2, 2020, 8:20pm

Yeah the debug log is posted on the initial post. All the 10.9.9.x IPs are internal, Asterisk server is at 10.9.9.13 and phone is at 10.9.9.2.

zermus · August 3, 2020, 6:37am

I guess this might have something to do with it Anyone know how to fix that?

[Aug 3 01:36:21] ERROR[4516] loader.c: Error loading module ‘res_srtp.so’: /usr/lib64/asterisk/modules/res_srtp.so: undefined symbol: crypto_policy_set_aes_cm_128_hmac_sha1_32

jcolp · August 3, 2020, 9:28am

That would be dependent on the libsrtp library. Did you upgrade the library and not rebuild Asterisk? What distribution is in use?

zermus · August 3, 2020, 10:06am

No it’s the same version that was on the box during Asterisk install. CentOS 8

zermus · August 4, 2020, 5:28am

After about 4 days of troubleshooting I’m starting to think these issues are Asterisk and Ryzen Threadripper incompatibility, and/or ESXi 6.7…

zermus · August 4, 2020, 8:22am

jc a post from you in 2015 fixed me lol. Thanks bro.

This can be done by going into the source code directory and executing “make menuselect”. In menuselect go to “Compiler Flags - Development” and uncheck “BUILD_NATIVE”. Save and exit menuselect. Once done do “make && make install”. This should give you a working Asterisk.

jcolp · August 4, 2020, 9:14am

Ah, you did not mention you were on virtualization.

system · September 3, 2020, 9:14am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.