PJSIP incoming SMS rejected with SIP 401

Hello all.
I have Asterisk 20.5.2 running on Centos and I trying to setup SMS receiving from GOIP gateway.
SMS flow:
[Mobile station] ---> GSM network ---> [GOIP] --> SIP ---> [Asterisk] ---> HTTP or TG

GOIP is registered on Asterisk
Asterisk is rejecting incoming SIP “MESSAGE” with SIP/2.0 401 Unauthorized

Voice calls from GOIP to Asterisk are passing well.

pjsip.conf:

[MOWGP01]
type = endpoint
context = MOWGP01-Incoming
allow = !all,alaw,ulaw,g729
direct_media = no
trust_id_inbound = yes
trust_id_outbound = yes
device_state_busy_at = 1
dtmf_mode = rfc4733
rtp_symmetric = yes
rewrite_contact = yes
auth = MOWGP01
aors = MOWGP01
identify_by = auth_username

[MOWGP01]
type = auth
auth_type = userpass
password = some_passw0rd
username = MOWGP01

[MOWGP01]
type = aor
max_contacts=1

extensions.conf:

[MOWGP01-Incoming]
exten => _.,1,NoOp(mymessage receiving dialplan invoked)
exten => _.,n,NoOp(To ${MESSAGE(to)})
exten => _.,n,NoOp(From ${MESSAGE(from)})
exten => _.,n,NoOp(Body ${MESSAGE(body)})
exten => _.,n,Set(ACTUALTO=${CUT(MESSAGE(to),@,1)})
exten => _.,n,MessageSend(${ACTUALTO},${MESSAGE(from)})
exten => _.,n,NoOp(mymessage Send status is ${MESSAGE_SEND_STATUS})
exten => _.,n,GotoIf($["${MESSAGE_SEND_STATUS}" != "SUCCESS"]?sendfailedmsg)
exten => _.,n,Hangup()

/var/log/asterisk/full log
[Jun 2 17:09:55] NOTICE[3177426] res_pjsip/pjsip_distributor.c: Request 'MESSAGE' from '<sip:MOWGP01@1.2.3.48>' failed for '48.49.50.51:5116' (callid: 1466074431@192.168.11.121) - No matching endpoint found

TCPDUMP output:

1.2.3.48 - Asterisk
192.168.11.121 - GOIP behind NAT
48.49.50.51 - NAT External IP

     48.49.50.51.5116 > 1.2.3.48.5060: [udp sum ok] SIP
17:09:55.710055 IP (tos 0x0, ttl 246, id 0, offset 0, flags [DF], proto UDP (17), length 436)
    48.49.50.51.5116 > 1.2.3.48.5060: [udp sum ok] SIP, length: 408
        MESSAGE sip:190000000@1.2.3.48 SIP/2.0
        Via: SIP/2.0/UDP 48.49.50.51:5116;branch=z9hG4bK1673627084
        From: <sip:MOWGP01@1.2.3.48>;tag=1295114581
        To: <sip:190000000@1.2.3.48>
        Call-ID: 1466074431@192.168.11.121
        CSeq: 33 MESSAGE
        Contact: <sip:MOWGP01@48.49.50.51:5116>
        Max-Forwards: 30
        User-Agent: dble
        Content-Type: text/plain
        Content-Length:    40

        +19192223344
        (L1)What is wonderful day 
17:09:55.710449 IP (tos 0x0, ttl 64, id 49211, offset 0, flags [DF], proto UDP (17), length 494)
    1.2.3.48.5060 > 48.49.50.51.5116: [bad udp cksum 0xc3c9 -> 0x7ae6!] SIP, length: 466
        SIP/2.0 401 Unauthorized
        Via: SIP/2.0/UDP 48.49.50.51:5116;rport=5116;received=48.49.50.51;branch=z9hG4bK1673627084
        Call-ID: 1466074431@192.168.11.121
        From: <sip:MOWGP01@1.2.3.48>;tag=1295114581
        To: <sip:190000000@1.2.3.48>;tag=z9hG4bK1673627084
        CSeq: 33 MESSAGE
        WWW-Authenticate: Digest realm="asterisk",nonce="1748873395/4ad79029c962ecbc29bdccba2afc5151",opaque="59be8d01725d5955",algorithm=MD5,qop="auth"
        Server: Sonus GSX 9
        Content-Length:  0

17:09:59.883034 IP (tos 0x0, ttl 246, id 0, offset 0, flags [DF], proto UDP (17), length 643)
    48.49.50.51.5116 > 1.2.3.48.5060: [udp sum ok] SIP, length: 615
        REGISTER sip:1.2.3.48 SIP/2.0
        Via: SIP/2.0/UDP 48.49.50.51:5116;branch=z9hG4bK1385715349
        From: <sip:MOWGP01@1.2.3.48>;tag=35189537
        To: <sip:MOWGP01@1.2.3.48>
        Call-ID: 1466074431@192.168.11.121
        CSeq: 34 REGISTER
        Contact: <sip:MOWGP01@48.49.50.51:5116>;expires=60
        Authorization: Digest username="MOWGP01", realm="asterisk", nonce="1748873369/a35de691c32f460c1f18de9b73c842a9", uri="sip:1.2.3.48", response="180a7f410927f79e6774e58031af3da7", algorithm=MD5, cnonce="683db098", opaque="630828343fe36fef", qop=auth, nc=00000001
        Max-Forwards: 30
        User-Agent: dble
        Expires: 60
        Content-Length: 0

17:09:59.883590 IP (tos 0x0, ttl 64, id 53357, offset 0, flags [DF], proto UDP (17), length 438)
    1.2.3.48.5060 > 48.49.50.51.5116: [bad udp cksum 0xc391 -> 0x81bf!] SIP, length: 410
        SIP/2.0 200 OK
        Via: SIP/2.0/UDP 48.49.50.51:5116;rport=5116;received=48.49.50.51;branch=z9hG4bK1385715349
        Call-ID: 1466074431@192.168.11.121
        From: <sip:MOWGP01@1.2.3.48>;tag=35189537
        To: <sip:MOWGP01@1.2.3.48>;tag=z9hG4bK1385715349
        CSeq: 34 REGISTER
        Date: Mon, 02 Jun 2025 14:09:59 GMT
        Contact: <sip:MOWGP01@48.49.50.51:5116>;expires=59
        Expires: 60
        Server: Sonus GSX 9
        Content-Length:  0

Where to dig?
Thanks.

401 is not a rejection, and is correct behaviour, according to the above configuration, which is further reinforced by:

which makes 401 essential before the endpoint can even be matched! Only after it receives a 401 will the endpoint send an auth-user identity, and without that the endpoint cannot be matched.

Thank for reply David,

"SIP/2.0 401 Unauthorized is a correct behaviour." Okay!
Good to hear that!

Mayabe i didn’t complete the configuration?
What is the next steps?
GOIP do send nothing after 401.

Configure GoIP with the password that it needs to use.

However, if voice calls are working, I would suggest that GoIP is broken, and the only solution may be to disable authentication. (Personally, I would want to authenticate the other way round, as is outbound calls through GoIP that pose the toll fraud risk.)