- We have build Asterisk 17.6.0 and PJSIP from the source on a VPS
- We configured TLS, generated client and server certificate
- Registered the Blink client for testing, success
- While making a call from Blink_1 to Blink_2 or vice-versa, it fails with an error
{code}
<— Received SIP request (1021 bytes) from TLS:43.249.37.23:54700 —>
INVITE sip:2222@94.140.114.51 SIP/2.0
Via: SIP/2.0/TLS 192.168.75.143:49485;rport;branch=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c;alias
Max-Forwards: 70
From: “1111” sip:1111@94.140.114.51;tag=54c6492c375e44bf8a3599fe8047016f
To: sip:2222@94.140.114.51
Contact: sip:80631759@192.168.75.143:49453;transport=tls
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
CSeq: 16687 INVITE
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: replaces, norefersub, gruu
User-Agent: Blink 3.2.0 (Windows)
Content-Type: application/sdp
Content-Length: 429
v=0
o=- 3804383127 3804383127 IN IP4 192.168.75.143
s=Blink 3.2.0 (Windows)
t=0 0
m=audio 50048 RTP/AVP 113 9 0 8 101
c=IN IP4 192.168.75.143
a=rtcp:50049
a=rtpmap:113 opus/48000/2
a=fmtp:113 useinbandfec=1
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=zrtp-hash:1.10 6171448735d90ecf08cf6a7fefedf5369e0c4b0825c13d3b30741d5182bdff7f
a=sendrecv
<— Transmitting SIP response (566 bytes) to TLS:43.249.37.23:54700 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 192.168.75.143:49485;rport=54700;received=43.249.37.23;branch=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c;alias
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
From: “1111” sip:1111@94.140.114.51;tag=54c6492c375e44bf8a3599fe8047016f
To: sip:2222@94.140.114.51;tag=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c
CSeq: 16687 INVITE
WWW-Authenticate: Digest realm=“asterisk”,nonce=“1595419528/95038c7ada5d1c4091cb7649c149cd06”,opaque=“5a2d21b867e7b7d7”,algorithm=md5,qop=“auth”
Server: Asterisk PBX 17.6.0
Content-Length: 0
<— Received SIP request (423 bytes) from TLS:43.249.37.23:54700 —>
ACK sip:2222@94.140.114.51 SIP/2.0
Via: SIP/2.0/TLS 192.168.75.143:49485;rport;branch=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c;alias
Max-Forwards: 70
From: “1111” sip:1111@94.140.114.51;tag=54c6492c375e44bf8a3599fe8047016f
To: sip:2222@94.140.114.51;tag=z9hG4bKPj28ae9d1c90c443fbac7f6021e4771d5c
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
CSeq: 16687 ACK
User-Agent: Blink 3.2.0 (Windows)
Content-Length: 0
<— Received SIP request (1314 bytes) from TLS:43.249.37.23:54700 —>
INVITE sip:2222@94.140.114.51 SIP/2.0
Via: SIP/2.0/TLS 192.168.75.143:49485;rport;branch=z9hG4bKPjbf7e99f726d74c4ebbbb508d7033dea9;alias
Max-Forwards: 70
From: “1111” sip:1111@94.140.114.51;tag=54c6492c375e44bf8a3599fe8047016f
To: sip:2222@94.140.114.51
Contact: sip:80631759@192.168.75.143:49453;transport=tls
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
CSeq: 16688 INVITE
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: replaces, norefersub, gruu
User-Agent: Blink 3.2.0 (Windows)
Authorization: Digest username=“1111”, realm=“asterisk”, nonce=“1595419528/95038c7ada5d1c4091cb7649c149cd06”, uri="sip:2222@94.140.114.51", response=“7b6971ff7f3d73d8cb888640056d6e3e”, algorithm=md5, cnonce=“5bacef95a6f243e19c4cfc0b41ebb5c9”, opaque=“5a2d21b867e7b7d7”, qop=auth, nc=00000001
Content-Type: application/sdp
Content-Length: 429
v=0
o=- 3804383127 3804383127 IN IP4 192.168.75.143
s=Blink 3.2.0 (Windows)
t=0 0
m=audio 50048 RTP/AVP 113 9 0 8 101
c=IN IP4 192.168.75.143
a=rtcp:50049
a=rtpmap:113 opus/48000/2
a=fmtp:113 useinbandfec=1
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=zrtp-hash:1.10 6171448735d90ecf08cf6a7fefedf5369e0c4b0825c13d3b30741d5182bdff7f
a=sendrecv
== Setting global variable ‘SIPDOMAIN’ to ‘94.140.114.51’
<— Transmitting SIP response (368 bytes) to TLS:43.249.37.23:54700 —>
SIP/2.0 100 Trying
Via: SIP/2.0/TLS 192.168.75.143:49485;rport=54700;received=43.249.37.23;branch=z9hG4bKPjbf7e99f726d74c4ebbbb508d7033dea9;alias
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
From: “1111” sip:1111@94.140.114.51;tag=54c6492c375e44bf8a3599fe8047016f
To: sip:2222@94.140.114.51
CSeq: 16688 INVITE
Server: Asterisk PBX 17.6.0
Content-Length: 0
<— Transmitting SIP response (422 bytes) to TLS:43.249.37.23:54700 —>
SIP/2.0 488 Not Acceptable Here
Via: SIP/2.0/TLS 192.168.75.143:49485;rport=54700;received=43.249.37.23;branch=z9hG4bKPjbf7e99f726d74c4ebbbb508d7033dea9;alias
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
From: “1111” sip:1111@94.140.114.51;tag=54c6492c375e44bf8a3599fe8047016f
To: sip:2222@94.140.114.51;tag=a7cdfce3-d8be-42b1-b0db-47e437493be3
CSeq: 16688 INVITE
Server: Asterisk PBX 17.6.0
Content-Length: 0
<— Received SIP request (418 bytes) from TLS:43.249.37.23:54700 —>
ACK sip:2222@94.140.114.51 SIP/2.0
Via: SIP/2.0/TLS 192.168.75.143:49485;rport;branch=z9hG4bKPjbf7e99f726d74c4ebbbb508d7033dea9;alias
Max-Forwards: 70
From: “1111” sip:1111@94.140.114.51;tag=54c6492c375e44bf8a3599fe8047016f
To: sip:2222@94.140.114.51;tag=a7cdfce3-d8be-42b1-b0db-47e437493be3
Call-ID: 73fa29d60a5a4ea7989d2d175ea91342
CSeq: 16688 ACK
User-Agent: Blink 3.2.0 (Windows)
Content-Length: 0
{code}
- pjsip.conf:
{code}
[default]
type=transport
protocol=tls
bind=94.140.114.51:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
method=tlsv1
[1111]
type=aor
max_contacts=1
remove_existing=yes
[1111]
type=auth
auth_type=userpass
username=1111
password=1111
[1111]
type=endpoint
aors=1111
auth=1111
context=default
disallow=all
allow=GSM
allow=ulaw
allow=g726
allow=g729
allow=speex
allow=g722
allow=iLBC
dtmf_mode=rfc4733
media_encryption=sdes
[2222]
type=aor
max_contacts=1
remove_existing=yes
[2222]
type=auth
auth_type=userpass
username=2222
password=2222
[2222]
type=endpoint
aors=2222
auth=2222
context=default
disallow=all
allow=GSM
allow=ulaw
allow=g726
allow=g729
allow=speex
allow=g722
allow=iLBC
dtmf_mode=rfc4733
media_encryption=sdes
[3333]
type=aor
max_contacts=1
remove_existing=yes
[3333]
type=auth
auth_type=userpass
username=3333
password=3333
[3333]
type=endpoint
aors=3333
auth=3333
context=default
disallow=all
allow=gsm
allow=ulaw
allow=g726
allow=g729
dtmf_mode=rfc4733
media_encryption=sdes
{code}
- extensions.conf
{code}
[general]
static=yes
writeprotect=no
priorityjumping=no
autofallthrough=yes
clearglobalvars=no
;[local]
;exten=>1111,1,Dial(PJSIP/1111,20)
;exten=>2222,1,Dial(PJSIP/2222,20)
;exten=>3333,1,Dial(PJSIP/3333,20)
[default]
exten => 1111,1,Dial(PJSIP/1111,20)
exten => 2222,1,Dial(PJSIP/2222,20)
exten => 3333,1,Dial(PJSIP/3333,20)
{code}