PJSIP Configuration - Trunk + Endpoints

Asterisk Asterisk Support
1

Good Morning,

I’m hoping someone can help me out here. First time poster here in the forums, but I’ve been using Asterisk for some time now. My newest project is to begin using chan_pjsip. Initially I thought this would be a snap, using the conversion script provided in the Asterisk source - I realized this may not be the case.

So here’s the Scenario:

Amazon AWS instance running CentOS 6.x, Asterisk 13.4 installed there. I have a SIP trunk, and a Cisco SPA112 here. My objective is to successfully place a call to my DID and have it ring to an analog phone plugged into the Cisco. All firewall ports are open, and this is a working setup when using chan_sip, and I’m fairly certain I just have a misconfiguration somewhere. I’m including the configuration for pjsip and the debug log of a call attempt. IP’s, hostnames, and obviously passwords have been changed so as not to release any sensitive information to the internet :smile:

If you’d like raw data, please PM me and I can send over the unaltered data.

pjsip.conf:

[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0
local_net=172.31.0.0/20
local_net=127.0.0.1/32
external_media_address=52.4.222.2 ; AWS Public IP
external_signaling_address=52.4.222.2

[siptrunk_reg]
type = registration
retry_interval = 5
max_retries = 10
transport = transport-udp
outbound_auth = siptrunk_auth
client_uri = sip:18043027000@sip.myprovider.com
server_uri = sip:sip.myprovider.com
contact_user=18043027000

[siptrunk_auth]
type = auth
auth_type = userpass
username = 18043027000
password = ******************
realm = sip.myprovider.com

[siptrunk_aor]
type = aor
contact = sip:sip.myprovider.com:5060
qualify_frequency = 300

[siptrunk_ident]
type = identify
endpoint = siptrunk_ep
match = 1.234.456.7

[siptrunk_ep_auth]
type = auth
username = 18043027000
password = *************

[siptrunk_ep]
type = endpoint
context = from-external
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
force_rport = yes
rtp_symmetric = yes
rewrite_contact = yes
direct_media = no
auth = siptrunk_ep_auth
outbound_auth = siptrunk_ep_auth
aors = siptrunk_ep_auth
trust_id_inbound = yes
from_domain=sip.myprovider.com

; ATA with dedicated DID
[18043027000]
type = aor
max_contacts = 5
qualify_frequency = 300

[18043027000]
type = auth
auth_type = userpass
username = 18043027000
password = *********
realm = sip.myprovider.com

[18043027000]
type = endpoint
transport = transport-udp
context = from-internal
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
force_rport = yes
rtp_symmetric = yes
rewrite_contact = yes
direct_media = no
auth = 18043027000
outbound_auth = 18043027000
aors = 18043027000
trust_id_outbound=yes

Now, when placing a test call - I always get a 401 Unauthorized. The credentials are correct, see below:

INVITE sip:18043027000@52.4.222.2:5060;transport=UDP SIP/2.0
Via: SIP/2.0/UDP 1.234.456.7:5060;branch=z9hG4bK-524287-1---a801b4665944d171;rport
Via: SIP/2.0/UDP 1.234.456.8:5061;branch=z9hG4bK-grfi2i4pfpcxsxjh;rport=5061
Max-Forwards: 69
Record-Route: <sip:1.234.456.7:5060;lr;transport=UDP>
Contact: "WIRELESS CALLER"<sip:1.234.456.8:5061>
To: <sip:18043027000@1.234.456.7>
From: "WIRELESS CALLER" <sip:16106755373@1.234.456.8>;tag=gcvq3dpuaqpjxchu.o
Call-ID: 34f9b297-9f5e-1233-9ca3-782bcb6d394d
CSeq: 546 INVITE
Expires: 300
Allow: INVITE, ACK, BYE, CANCEL, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS, UPDATE
Content-Disposition: session
Content-Type: application/sdp
User-Agent: Sippy
P-Asserted-Identity: "WIRELESS CALLER" <sip:16106755373@1.234.456.8>
Remote-Party-ID: "WIRELESS CALLER" <sip:16106755373@1.234.456.8>;party=calling
h323-conf-id: 3767784958-616174053-2405087434-988674471

v=0
o=Sippy 1528618866700252795 1 IN IP4 1.234.456.8
t=0 0
m=audio 25768 RTP/AVP 0 101 13
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20

[Jul  7 15:18:05] DEBUG[30622] netsock2.c: Splitting '1.234.456.7:5060' into...
[Jul  7 15:18:05] DEBUG[30622] netsock2.c: ...host '1.234.456.7' and port '5060'.
[Jul  7 15:18:05] DEBUG[30622] netsock2.c: Splitting '0.0.0.0:5060' into...
[Jul  7 15:18:05] DEBUG[30622] netsock2.c: ...host '0.0.0.0' and port '5060'.
[Jul  7 15:18:05] DEBUG[30617] pjsip:   sip_endpoint.c Distributing rdata to modules: Request msg INVITE/cseq=546 (rdata0x7fbd28010a28)
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: Splitting '1.234.456.7' into...
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: ...host '1.234.456.7' and port ''.
[Jul  7 15:18:05] DEBUG[30617] res_pjsip_endpoint_identifier_ip.c: Source address 1.234.456.7:5060 matches identify 'siptrunk_ep'
[Jul  7 15:18:05] DEBUG[30617] res_pjsip_endpoint_identifier_ip.c: Retrieved endpoint siptrunk_ep
[Jul  7 15:18:05] DEBUG[30617] res_pjsip_nat.c: Re-wrote Contact URI host/port to 1.234.456.7:5060
[Jul  7 15:18:05] DEBUG[30617] pjsip:         endpoint .Response msg 401/INVITE/cseq=546 (tdta0x7fbd280083d0) created
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: Splitting '172.31.4.68' into...
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: ...host '172.31.4.68' and port ''.
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: Splitting '1.234.456.7' into...
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: ...host '1.234.456.7' and port ''.
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: Splitting '1.234.456.7' into...
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: ...host '1.234.456.7' and port ''.
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: Splitting '0.0.0.0:5060' into...
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: ...host '0.0.0.0' and port '5060'.
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: Splitting '1.234.456.7:5060' into...
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: ...host '1.234.456.7' and port '5060'.
[Jul  7 15:18:05] VERBOSE[30617] res_pjsip_logger.c: <--- Transmitting SIP response (691 bytes) to UDP:1.234.456.7:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 1.234.456.7:5060;rport=5060;received=1.234.456.7;branch=z9hG4bK-524287-1---a801b4665944d171
Via: SIP/2.0/UDP 1.234.456.8:5061;rport=5061;branch=z9hG4bK-grfi2i4pfpcxsxjh
Record-Route: <sip:1.234.456.7:5060;transport=UDP;lr>
Call-ID: 34f9b297-9f5e-1233-9ca3-782bcb6d394d
From: "WIRELESS CALLER" <sip:16106755373@1.234.456.8>;tag=gcvq3dpuaqpjxchu.o
To: <sip:18043027000@1.234.456.7>;tag=z9hG4bK-524287-1---a801b4665944d171
CSeq: 546 INVITE
WWW-Authenticate: Digest  realm="asterisk",nonce="1436282285/e41aa0e839337b3c0638c7a6926ad52a",opaque="25c588d0389d481f",algorithm=md5,qop="auth"
Server: Asterisk PBX 13.4.0
Content-Length:  0


[Jul  7 15:18:05] DEBUG[30617] pjsip:   tdta0x7fbd2800 .Destroying txdata Response msg 401/INVITE/cseq=546 (tdta0x7fbd280083d0)
[Jul  7 15:18:05] DEBUG[30622] pjsip:   sip_endpoint.c Processing incoming message: Request msg ACK/cseq=546 (rdata0x7fbd280064a8)
[Jul  7 15:18:05] VERBOSE[30622] res_pjsip_logger.c: <--- Received SIP request (400 bytes) from UDP:1.234.456.7:5060 --->
ACK sip:18043027000@52.4.222.2:5060;transport=UDP SIP/2.0
Via: SIP/2.0/UDP 1.234.456.7:5060;branch=z9hG4bK-524287-1---a801b4665944d171;rport
Max-Forwards: 70
To: <sip:18043027000@1.234.456.7>;tag=z9hG4bK-524287-1---a801b4665944d171
From: "WIRELESS CALLER" <sip:16106755373@1.234.456.8>;tag=gcvq3dpuaqpjxchu.o
Call-ID: 34f9b297-9f5e-1233-9ca3-782bcb6d394d
CSeq: 546 ACK
Content-Length: 0


[Jul  7 15:18:05] DEBUG[30622] netsock2.c: Splitting '1.234.456.7:5060' into...
[Jul  7 15:18:05] DEBUG[30622] netsock2.c: ...host '1.234.456.7' and port '5060'.
[Jul  7 15:18:05] DEBUG[30622] netsock2.c: Splitting '0.0.0.0:5060' into...
[Jul  7 15:18:05] DEBUG[30622] netsock2.c: ...host '0.0.0.0' and port '5060'.
[Jul  7 15:18:05] DEBUG[30617] pjsip:   sip_endpoint.c Distributing rdata to modules: Request msg ACK/cseq=546 (rdata0x7fbd28010a28)
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: Splitting '1.234.456.7' into...
[Jul  7 15:18:05] DEBUG[30617] netsock2.c: ...host '1.234.456.7' and port ''.
[Jul  7 15:18:05] DEBUG[30617] res_pjsip_endpoint_identifier_ip.c: Source address 1.234.456.7:5060 matches identify 'siptrunk_ep'
[Jul  7 15:18:05] DEBUG[30617] res_pjsip_endpoint_identifier_ip.c: Retrieved endpoint siptrunk_ep
[Jul  7 15:18:14] VERBOSE[30669] asterisk.c: Remote UNIX connection disconnected
[Jul  7 15:18:14] DEBUG[30622] pjsip:   sip_endpoint.c Processing incoming message: Request msg OPTIONS/cseq=1 (rdata0x7fbd280064a8)
[Jul  7 15:18:14] VERBOSE[30622] res_pjsip_logger.c: <--- Received SIP request (313 bytes) from UDP:1.234.456.7:5060 --->
OPTIONS sip:sip.myprovider.com SIP/2.0
Via: SIP/2.0/UDP 1.234.456.7:5060;branch=z9hG4bK-524287-1---c464164ec584965c;rport
Max-Forwards: 1
To: <sip:sip.myprovider.com>
From: <sip:1.234.456.7:5060>;tag=46752163
Call-ID: natpingcFVE7ko_kx0s1BMvC2byxg..
CSeq: 1 OPTIONS
Accept: application/sdp
Content-Length: 0


[Jul  7 15:18:14] DEBUG[30622] netsock2.c: Splitting '1.234.456.7:5060' into...
[Jul  7 15:18:14] DEBUG[30622] netsock2.c: ...host '1.234.456.7' and port '5060'.
[Jul  7 15:18:14] DEBUG[30622] netsock2.c: Splitting '0.0.0.0:5060' into...
[Jul  7 15:18:14] DEBUG[30622] netsock2.c: ...host '0.0.0.0' and port '5060'.
[Jul  7 15:18:14] DEBUG[30617] pjsip:   sip_endpoint.c Distributing rdata to modules: Request msg OPTIONS/cseq=1 (rdata0x7fbd28010a28)
[Jul  7 15:18:14] DEBUG[30617] netsock2.c: Splitting '1.234.456.7' into...
[Jul  7 15:18:14] DEBUG[30617] netsock2.c: ...host '1.234.456.7' and port ''.
[Jul  7 15:18:14] DEBUG[30617] res_pjsip_endpoint_identifier_ip.c: Source address 1.234.456.7:5060 matches identify 'siptrunk_ep'
[Jul  7 15:18:14] DEBUG[30617] res_pjsip_endpoint_identifier_ip.c: Retrieved endpoint siptrunk_ep
[Jul  7 15:18:14] DEBUG[30617] pjsip:         endpoint .Response msg 401/OPTIONS/cseq=1 (tdta0x7fbd280083d0) created
[Jul  7 15:18:14] DEBUG[30617] netsock2.c: Splitting '172.31.4.68' into...
[Jul  7 15:18:14] DEBUG[30617] netsock2.c: ...host '172.31.4.68' and port ''.
[Jul  7 15:18:14] DEBUG[30617] netsock2.c: Splitting '1.234.456.7' into...
[Jul  7 15:18:14] DEBUG[30617] netsock2.c: ...host '1.234.456.7' and port ''.
[Jul  7 15:18:14] DEBUG[30617] netsock2.c: Splitting '1.234.456.7' into...
[Jul  7 15:18:14] DEBUG[30617] netsock2.c: ...host '1.234.456.7' and port ''.
[Jul  7 15:18:14] DEBUG[30617] netsock2.c: Splitting '0.0.0.0:5060' into...
[Jul  7 15:18:14] DEBUG[30617] netsock2.c: ...host '0.0.0.0' and port '5060'.
[Jul  7 15:18:14] DEBUG[30617] netsock2.c: Splitting '1.234.456.7:5060' into...
[Jul  7 15:18:14] DEBUG[30617] netsock2.c: ...host '1.234.456.7' and port '5060'.
[Jul  7 15:18:14] VERBOSE[30617] res_pjsip_logger.c: <--- Transmitting SIP response (500 bytes) to UDP:1.234.456.7:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 1.234.456.7:5060;rport=5060;received=1.234.456.7;branch=z9hG4bK-524287-1---c464164ec584965c
Call-ID: natpingcFVE7ko_kx0s1BMvC2byxg..
From: <sip:1.234.456.7>;tag=46752163
To: <sip:sip.myprovider.com>;tag=z9hG4bK-524287-1---c464164ec584965c
CSeq: 1 OPTIONS
WWW-Authenticate: Digest  realm="asterisk",nonce="1436282294/4f73afcf2654911ac0bd76281022df8c",opaque="5b5c3cd240a28391",algorithm=md5,qop="auth"
Server: Asterisk PBX 13.4.0
Content-Length:  0


[Jul  7 15:18:14] DEBUG[30617] pjsip:   tdta0x7fbd2800 .Destroying txdata Response msg 401/OPTIONS/cseq=1 (tdta0x7fbd280083d0)

Could someone give me an idea where to start? Any help is greatly appreciated, and I thank you ahead of time!

2

You’ve configured the endpoint to require authentication for inbound requests. You’ll want to remove the “auth” option from the endpoint to stop this.

3

@jcolp:

You were correct, removing the “auth” option allowed a call to come through. Now that I’ve done so, I’ve moved on to the bigger objective: T38 faxing.

Same Scenario: Amazon AWS instance, Local Cisco ATA connected to a standard Fax machine. I make the connection successfully, and fax tones begin to negotiate, but somewhere down the line all falls apart, and the exchange disconnects due to a failure to ack.

pjsip.conf file (updated):

;==============TRANSPORTS

[simpletrans]
type=transport
protocol=udp
bind=0.0.0.0
local_net=172.31.0.0/20
local_net=127.0.0.1/32
external_media_address=52.4.222.2
external_signaling_address=52.4.222.2

;===============TRUNK

[myprovider_reg]
type=registration
transport=simpletrans
outbound_auth=myprovider_auth
server_uri=sip:sip.myprovider.com
client_uri=sip:18043027000@sip.myprovider.com
retry_interval=60

[myprovider_auth]
type=auth
auth_type=userpass
password=*******************************
username=18043027000

[myprovider_aor]
type=aor
contact=sip:sip.myprovider.com:5060

[myprovider_endpoint]
type=endpoint
transport=simpletrans
context=from-external
disallow=all
allow=alaw
allow=ulaw
outbound_auth=myprovider_auth
aors=myprovider_aor
rtp_symmetric=yes
rewrite_contact=yes
t38_udptl=yes
t38_udptl_maxdatagram=400
t38_udptl_ec=redundancy
t38_udptl_nat=yes
direct_media=yes

[myprovider_endpoint]
type=identify
endpoint=myprovider_endpoint
match = 8.34.182.111
match = 8.34.182.112

;===============Endpoints

[18043027000]
type=aor
max_contacts=5
qualify_frequency=300

[18043027000]
type=auth
auth_type=userpass
username=18043027000
password=***************
realm=sip.myprovider.com

[18043027000]
type=endpoint
transport=simpletrans
context=endpoint
dtmf_mode=rfc4733
disallow=all
allow=alaw
allow=ulaw
force_rport=yes
rtp_symmetric=yes
rewrite_contact=yes
direct_media=no
callerid="Bill Murray" <18043027000>
;auth=18043027000
outbound_auth=18043027000
aors=18043027000
trust_id_outbound=yes
t38_udptl=yes
t38_udptl_maxdatagram=400
t38_udptl_ec=redundancy
t38_udptl_nat=yes

udptl.conf:

; UDPTL Configuration (UDPTL is one of the transports for T.38)

[general]
udptlstart=4000
udptlend=4999
udptlchecksums=no
T38FaxUdpEC=t38UDPRedundancy
udptlfecentries=3
udptlfecspan=3
use_even_ports=no

Debug log available here:

bitbucket.org/snippets/UCMGuru/7ybpp

Any ideas?

4

They do not appear to be receiving our ACK to the 200 OK they send, or if they are they are ignoring it for some reason. Nothing immediately stands out in it.