[OpenSIPS-Users] FW: Re: 401 Unauthorized after Authentication Digest

John Quick john.quick at smartvox.co.uk
Fri Jun 2 06:20:00 EDT 2017


Hi David,

In asterisk, "insecure=INVITE" should be sufficient to disable authentication, although I have only tried it using chan_sip, not pjsip.
Is it possible you have another sip peer defined where the address for "host=" is the same? It is very difficult to know which one Asterisk will use for incoming calls when there are two with the same address for host.
If you have parameters for username and secret in your sip peer, try commenting them out and see if that helps.

I would not advise disabling authentication of SIP phones. In fact you should make sure you always use strong passwords.
All makes of SIP phone will support username/password authentication and it is vital to keep it active if you don't want your phone system to be hacked.
However, you should add this line to opensips.cfg after the SIP phone authentication section (www_authorize) and before you send the call to Asterisk (t_relay):

consume_credentials();

This will remove the headers that OpenSIPS and the SIP phone exchanged for authentication. If you don't remove those headers, Asterisk is likely to get confused and may request authorisation.

The consume_credentials function is documented here:
http://www.opensips.org/html/docs/modules/2.2.x/auth.html#idp5543680

John Quick
Smartvox Limited


From: David Peláez [mailto:dvlux4 at gmail.com] 
Sent: 02 June 2017 10:56
To: john.quick at smartvox.co.uk
Cc: users at lists.opensips.org
Subject: Re: FW: Re: [OpenSIPS-Users] 401 Unauthorized after Authentication Digest

Thanks a lot for your replay. I already change the option "insecure=INVITE" as you suggested but I am still having the same problem. Find attached the peer configuration maybe I am missing something else. 
About opensips authenticating calls from SIPphones how do I disabled that behavior? because my opensips sends an 407 Proxy Authentication to the Sip phone before sending the INVITE to asterisk server.
Best regards
David 





More information about the Users mailing list