[OpenSIPS-Users] FW: Re: 401 Unauthorized after Authentication Digest

David Peláez dvlux4 at gmail.com
Fri Jun 2 05:56:12 EDT 2017


Thanks a lot for your replay. I already change the option "insecure=INVITE"
as you suggested but I am still having the same problem. Find attached the
peer configuration maybe I am missing something else.

About opensips authenticating calls from SIPphones how do I disabled that
behavior? because my opensips sends an 407 Proxy Authentication to the Sip
phone before sending the INVITE to asterisk server.

Best regards
David

On Wed, May 31, 2017, 10:50 John Quick <john.quick at smartvox.co.uk> wrote:

> From: John Quick [mailto:john.quick at smartvox.co.uk]
> Sent: 31 May 2017 09:49
> To: 'users at lists.opensips.org' <users at lists.opensips.org>
> Subject: Re: [OpenSIPS-Users] 401 Unauthorized after Authentication Digest
>
> Hi David,
>
> In the scenario you describe, I would expect to see one of the following
> solutions (but not both at the same time):
> 1. OpenSIPS acts as the registrar for the SIP phones. Calls (INVITE
> requests) from SIP phones are routed on via a SIP trunk 2. OpenSIPS acts as
> a transparent proxy in front of another SIP server such as Asterisk
>
> Scenario 1 is the most common. OpenSIPS authenticates calls based on a list
> of credentials that it holds, normally in the subscriber table. In this
> case, you really want to avoid the situation where each outbound call
> triggers an additional authentication request from the SIP trunk. Can you
> re-configure your Asterisk endpoint so it trusts INVITE requests coming
> from
> your OpenSIPS server? E.g. add the line insecure=INVITE to the sip peer
> definition.
>
> In scenario 2, which I would not consider to be the preferred solution,
> OpenSIPS just passes the SIP messages between the phone and the Asterisk
> server - in both directions. OpenSIPS does not authenticate calls because
> that job is done by the Asterisk server and all the credentials are held by
> Asterisk, not by OpenSIPS. In this case the 401 request would just be
> passed
> upstream to the phone.
>
> Try to avoid the situation where OpenSIPS is authenticating the INVITE from
> the SIP phones using its own list of credentials, but then it also has to
> authenticate each call sent over the SIP trunk. In theory you could use the
> UAC_AUTH module of OpenSIPS to do this, but in practice I have never been
> able to make this work because it breaks the CSeq numbering sequence of the
> SIP request messages.
>
> John Quick
> Smartvox Limited
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170602/dd98cf7b/attachment-0001.html>


More information about the Users mailing list