I have set up Asterisk as a SIP server/proxy which generally works well. This is very useful for testing the software I’m developing for a SIP phone. According to the SIP RFC (3261), section 8.1.1.3, it is possible to place anonymous calls:
However, whenever I try this with my software, the Asterisk will ultimately respond ‘403 Forbidden’ to my INVITE requests.
The first response to the invite, is a 407 proxy-auth required (as expected). I respond to that with a new invite with a Proxy-Authentication header inserted. This header uses the actual username and password of the (existing) account. Unfortunately, the Asterisk refuses the call with a 403 Forbidden error.
If I don’t call anonymous, the only difference is that the ‘From’ header contains the appropriate username. In this case I have no problems with the authentication. This leads me to believe that my authentication header has the correct info.
Does anyone know why I get the 403 Forbidden? And what I can do about it?
No, I didn’t. After some investigation I came to the conclusion that Asterisk uses the configured userid for both the SIP user ID and SIP authenticate ID fields. This means that it is not possible to change the SIP user ID without also adding a new user in Asterisk reflecting this changed ID.
A workaround may be to define a single extra account in Asterisk for the anonymous calls. However, that would probably introduce problems for tasks such as billing (if relevant).
Since my current need is only for a simple SIP proxy I am using SER (SIP Express Router) right now, so I am not sure this hasn’t been changed in a recent version of Asterisk (I posted my problem over a year ago!) From what I could find at the time about this in the issue tracking system of Asterisk, there was no agreement on whether this was actually an issue and if so, how it should be solved.