Pjsip WebRTC registration Failed to authenticate

Hello,

I am trying to connect phone WebRTC clients to Asterisk.

keep getting :

res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“200” sip:200@aabbcc’ failed for ‘<incomming ip + port>’ (callid: qjp62x5un9752856h111z5) - Failed to authenticate

Asterisk version:20

Configuration:
[transport-wss]
type=transport
protocol=wss
bind=

;=============TEMPLATES ===================
[endpoint-basic] (!)
type=endpoint
identify_by=auth_username
transport=transport-wss
from_user= true
webrtc=yes
context=webrtc_mo
allow=!all,g722,ulaw

[auth-userpass] (!)
type=auth
auth_type=userpass
realm=asterisk

[aor-single-reg] (!)
type=aor
max_contacts=1
;===============EXTENSION 100
[100] (endpoint-basic)
auth=auth100
aors=100

[auth100] (auth-userpass)
password=12345467
username=100

[100] (aor-single-reg)
contact=sip:100@aabbcc

;===============EXTENSION 200

[200] (endpoint-basic)
auth=auth200
aors=200

[auth200] (auth-userpass)
password=12345467
username=200

[200] (aor-single-reg)
contact=sip:200@aabbcc

DEBUG LOG:
[Jun 21 13:00:10] VERBOSE[2516826] res_http_websocket.c: WebSocket connection from ‘<incomming ip + port>’ for protocol ‘sip’ accepted using version ‘13’
[Jun 21 13:00:10] DEBUG[2516826] res_pjsip_transport_websocket.c: Found WSS transport with write timeout: 100
[Jun 21 13:00:10] DEBUG[2516826] res_pjsip_transport_websocket.c: Write timeout for WS/WSS transports: 100
[Jun 21 13:00:10] DEBUG[2393545] res_pjsip_transport_websocket.c: Creating websocket transport for WSS:<incomming ip + port>
[Jun 21 13:00:10] DEBUG[2393545] res_pjsip/pjsip_transport_events.c: Transport <incomming ip + port>(ws0x7fe9bc044208-96,WSS): RefCnt: 0 state:CONNECTED
[Jun 21 13:00:10] DEBUG[2393545] res_pjsip/pjsip_transport_events.c: Transport <incomming ip + port>(ws0x7fe9bc044208-96,WSS): RefCnt: 1 state:MONITOR_CREATED
[Jun 21 13:00:11] DEBUG[2409804] res_pjsip_transport_websocket.c: Saving contact ‘zyuikuxpkwnd.invalid:0’
[Jun 21 13:00:11] DEBUG[2409804] res_pjsip_transport_websocket.c: Request msg REGISTER/cseq=1 (rdata0x7fe9bc044358) re-writing Contact URI from zyuikuxpkwnd.invalid:0;transport=wss to <incomming ip + port>;transport=ws
[Jun 21 13:00:11] DEBUG[2409804] res_pjsip/pjsip_distributor.c: Could not find matching transaction for Request msg REGISTER/cseq=1 (rdata0x7fe9bc044358)
[Jun 21 13:00:11] DEBUG[2409804] res_pjsip/pjsip_distributor.c: Calculated serializer pjsip/distributor-0000002c to use for Request msg REGISTER/cseq=1 (rdata0x7fe9bc044358)
[Jun 21 13:00:11] DEBUG[2409804] res_pjsip_endpoint_identifier_user.c: Attempting identify by From username ‘200’ domain ‘aabbcc’
[Jun 21 13:00:11] DEBUG[2409804] res_pjsip_endpoint_identifier_user.c: Identified by From username ‘200’ domain ‘aabbcc’
[Jun 21 13:00:11] DEBUG[2409804] res_pjsip_authenticator_digest.c: Realm: asterisk Username: 200 Result: NOAUTH
[Jun 21 13:00:11] DEBUG[2409804] res_http_websocket.c: Writing websocket text frame, length 477
[Jun 21 13:00:11] DEBUG[2393545] res_pjsip_transport_websocket.c: Saving contact ‘zyuikuxpkwnd.invalid:0’
[Jun 21 13:00:11] DEBUG[2393545] res_pjsip_transport_websocket.c: Request msg REGISTER/cseq=2 (rdata0x7fe9bc044358) re-writing Contact URI from zyuikuxpkwnd.invalid:0;transport=wss to <incomming ip + port>;transport=ws
[Jun 21 13:00:11] DEBUG[2393545] res_pjsip/pjsip_distributor.c: Could not find matching transaction for Request msg REGISTER/cseq=2 (rdata0x7fe9bc044358)
[Jun 21 13:00:11] DEBUG[2393545] res_pjsip/pjsip_distributor.c: Calculated serializer pjsip/distributor-0000002c to use for Request msg REGISTER/cseq=2 (rdata0x7fe9bc044358)
[Jun 21 13:00:11] DEBUG[2393545] res_pjsip_endpoint_identifier_user.c: Attempting identify by Authorization username ‘200’ realm ‘asterisk’
[Jun 21 13:00:11] DEBUG[2393545] res_pjsip_endpoint_identifier_user.c: Identified by Authorization username ‘200’ realm ‘asterisk’
[Jun 21 13:00:11] DEBUG[2393545] res_pjsip_authenticator_digest.c: Calculated nonce 1687341611/6e129ba086c0aa7a7953af248857356c. Actual nonce is 1687341611/6e129ba086c0aa7a7953af248857356c
[Jun 21 13:00:11] DEBUG[2393545] res_pjsip_authenticator_digest.c: Realm: asterisk Username: 200 Result: FAIL

Regards,
Yohai

The configuration requires an auth realm of “asterisk”. If the client isn’t using this, then authentication will fail. The easiest option is to remove the “realm=asterisk” line from the auth-userpass template.

Thanks for the quick reply,

I have changed the config removing realm=asterisk

Still getting the same error:

here is the new log:

[Jun 22 08:41:21] VERBOSE[2657170] res_http_websocket.c: WebSocket connection from ‘<ip+port>’ for protocol ‘sip’ accepted using version ‘13’
[Jun 22 08:41:21] DEBUG[2657170] res_pjsip_transport_websocket.c: Found WSS transport with write timeout: 100
[Jun 22 08:41:21] DEBUG[2657170] res_pjsip_transport_websocket.c: Write timeout for WS/WSS transports: 100
[Jun 22 08:41:21] DEBUG[2393545] res_pjsip_transport_websocket.c: Creating websocket transport for WSS:<ip+port>
[Jun 22 08:41:21] DEBUG[2393545] res_pjsip/pjsip_transport_events.c: Transport <ip+port>(ws0x7fe9bc08e0a8-138,WSS): RefCnt: 0 state:CONNECTED
[Jun 22 08:41:21] DEBUG[2393545] res_pjsip/pjsip_transport_events.c: Transport <ip+port>(ws0x7fe9bc08e0a8-138,WSS): RefCnt: 1 state:MONITOR_CREATED
[Jun 22 08:41:21] DEBUG[2409804] res_pjsip_transport_websocket.c: Saving contact ‘9824z0r6767g.invalid:0’
[Jun 22 08:41:21] DEBUG[2409804] res_pjsip_transport_websocket.c: Request msg REGISTER/cseq=1 (rdata0x7fe9bc08e1f8) re-writing Contact URI from 9824z0r6767g.invalid:0;transport=wss to <ip+port>;transport=ws
[Jun 22 08:41:21] DEBUG[2409804] res_pjsip/pjsip_distributor.c: Could not find matching transaction for Request msg REGISTER/cseq=1 (rdata0x7fe9bc08e1f8)
[Jun 22 08:41:21] DEBUG[2409804] res_pjsip/pjsip_distributor.c: Calculated serializer pjsip/distributor-00000039 to use for Request msg REGISTER/cseq=1 (rdata0x7fe9bc08e1f8)
[Jun 22 08:41:21] DEBUG[2409804] res_pjsip_endpoint_identifier_user.c: Attempting identify by From username ‘200’ domain ‘domain.com’
[Jun 22 08:41:21] DEBUG[2409804] res_pjsip_endpoint_identifier_user.c: Identified by From username ‘200’ domain ‘domain.com’
[Jun 22 08:41:21] DEBUG[2409804] res_pjsip_authenticator_digest.c: Using default realm ‘asterisk’ on incoming auth ‘200’.
[Jun 22 08:41:21] DEBUG[2409804] res_pjsip_authenticator_digest.c: Realm: asterisk Username: 200 Result: NOAUTH
[Jun 22 08:41:21] DEBUG[2409804] res_http_websocket.c: Writing websocket text frame, length 479
[Jun 22 08:41:22] DEBUG[2393545] res_pjsip_transport_websocket.c: Saving contact ‘9824z0r6767g.invalid:0’
[Jun 22 08:41:22] DEBUG[2393545] res_pjsip_transport_websocket.c: Request msg REGISTER/cseq=2 (rdata0x7fe9bc08e1f8) re-writing Contact URI from 9824z0r6767g.invalid:0;transport=wss to <ip+port>;transport=ws
[Jun 22 08:41:22] DEBUG[2393545] res_pjsip/pjsip_distributor.c: Could not find matching transaction for Request msg REGISTER/cseq=2 (rdata0x7fe9bc08e1f8)
[Jun 22 08:41:22] DEBUG[2393545] res_pjsip/pjsip_distributor.c: Calculated serializer pjsip/distributor-00000039 to use for Request msg REGISTER/cseq=2 (rdata0x7fe9bc08e1f8)
[Jun 22 08:41:22] DEBUG[2393545] res_pjsip_endpoint_identifier_user.c: Attempting identify by Authorization username ‘200’ realm ‘asterisk’
[Jun 22 08:41:22] DEBUG[2393545] res_pjsip_endpoint_identifier_user.c: Identified by Authorization username ‘200’ realm ‘asterisk’
[Jun 22 08:41:22] DEBUG[2393545] res_pjsip_authenticator_digest.c: Using default realm ‘asterisk’ on incoming auth ‘200’.
[Jun 22 08:41:22] DEBUG[2393545] res_pjsip_authenticator_digest.c: Calculated nonce 1687412481/7db3a5eb23f00247eaae5cae55c63724. Actual nonce is 1687412481/7db3a5eb23f00247eaae5cae55c63724
[Jun 22 08:41:22] DEBUG[2393545] res_pjsip_authenticator_digest.c: Realm: asterisk Username: 200 Result: FAIL

Show the actual new configuration, as well as an actual SIP trace (pjsip set logger on), and confirm that the client is configured with the correct username/password.

[transport-wss]
type=transport
protocol=wss
bind=0.0.0.0

;=============TEMPLATES TEST===================

endpoint-basic
type=endpoint

identify_by=auth_username,username ;username header,auth_username
transport=transport-wss
from_user= true

webrtc=yes
context=webrtc_mo
allow=!all,g722,ulaw

identify-userpass
type = identify

auth-userpass
type=auth
auth_type=userpass

aor-single-reg
type=aor
max_contacts=1

;===============EXTENSION 100
100
auth=auth100
aors=100

auth100
password=XXXXXX
username=100

100
contact=sip:100@domain-com

;===============EXTENSION 200

200
auth=200
aors=200

200
password=YYYYY
username=200

200
contact=sip:200@domain-com

DEBUG LOG

== WebSocket connection from ‘InternalIP:61688’ for protocol ‘sip’ accepted using version ‘13’
asterisk*CLI>
<— Received SIP request (581 bytes) from WSS:InternalIP:61688 —>
REGISTER sip:MyDomain SIP/2.0
Via: SIP/2.0/WSS 9824z0r6767g.invalid;branch=z9hG4bK1951058889
Max-Forwards: 69
To: sip:200@MyDomain
From: “200” sip:200@MyDomain;tag=30696169zj
Call-ID: 2227852tqm4rd4u6585283
CSeq: 58 REGISTER
Contact: sip:3761e6ba@9824z0r6767g.invalid;transport=wss;+sip.ice;reg-id=1;+sip.instance=“urn:uuid:f5e99350-123b-43e7-94c6-6ef33da38b24”;expires=600
Expires: 600
Allow: INVITE,ACK,CANCEL,BYE,UPDATE,MESSAGE,OPTIONS,REFER,INFO,NOTIFY
Supported: path,gruu,outbound
User-Agent: Dart SIP Client v1.0.0
Content-Length: 0

<— Transmitting SIP response (480 bytes) to WSS:InternalIP:61688 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/WSS 9824z0r6767g.invalid;rport=61688;received=InternalIP;branch=z9hG4bK1951058889
Call-ID: 2227852tqm4rd4u6585283
From: “200” sip:200@MyDomain;tag=30696169zj
To: sip:200@MyDomain;tag=z9hG4bK1951058889
CSeq: 58 REGISTER
WWW-Authenticate: Digest realm=“asterisk”,nonce=“1687441852/4976eecbf173e45f2e1c01017466ad92”,opaque=“59e10b330b0fe8ad”,algorithm=MD5,qop=“auth”
Server: Asterisk PBX 20.2.0
Content-Length: 0

<— Received SIP request (847 bytes) from WSS:InternalIP:61688 —>
REGISTER sip:MyDomain SIP/2.0
Via: SIP/2.0/WSS 9824z0r6767g.invalid;branch=z9hG4bK75215008
Max-Forwards: 69
To: sip:200@MyDomain
From: “200” sip:200@MyDomain;tag=30696169zj
Call-ID: 2227852tqm4rd4u6585283
CSeq: 59 REGISTER
Authorization: Digest algorithm=MD5, username=“200”, realm=“asterisk”, nonce=“1687441852/4976eecbf173e45f2e1c01017466ad92”, uri=“sip:MyDomain”, response=“f3ccebea386b860d3985632bdb6a119d”, opaque=“59e10b330b0fe8ad”, qop=auth, cnonce=“q35w7qg92858”, nc=00000001
Contact: sip:3761e6ba@9824z0r6767g.invalid;transport=wss;+sip.ice;reg-id=1;+sip.instance=“urn:uuid:f5e99350-123b-43e7-94c6-6ef33da38b24”;expires=600
Expires: 600
Allow: INVITE,ACK,CANCEL,BYE,UPDATE,MESSAGE,OPTIONS,REFER,INFO,NOTIFY
Supported: path,gruu,outbound
User-Agent: Dart SIP Client v1.0.0
Content-Length: 0

[Jun 22 16:50:52] NOTICE[2693641]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request ‘REGISTER’ from ‘“200” sip:200@MyDomain’ failed for ‘InternalIP:61688’ (callid: 2227852tqm4rd4u6585283) - Failed to authenticate
<— Transmitting SIP response (476 bytes) to WSS:InternalIP:61688 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/WSS 9824z0r6767g.invalid;rport=61688;received=InternalIP;branch=z9hG4bK75215008
Call-ID: 2227852tqm4rd4u6585283
From: “200” sip:200@MyDomain;tag=30696169zj
To: sip:200@MyDomain;tag=z9hG4bK75215008
CSeq: 59 REGISTER
WWW-Authenticate: Digest realm=“asterisk”,nonce=“1687441852/4976eecbf173e45f2e1c01017466ad92”,opaque=“1254a865525fd342”,algorithm=MD5,qop=“auth”
Server: Asterisk PBX 20.2.0
Content-Length: 0

Hello,

Issue solved.
bad password

I am very sorry.

Yohai

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.