[OpenSIPS-Users] 401 Unauthorized after Authentication Digest

John Quick john.quick at smartvox.co.uk
Wed May 31 04:49:15 EDT 2017


Hi David,

In the scenario you describe, I would expect to see one of the following
solutions (but not both at the same time):
1. OpenSIPS acts as the registrar for the SIP phones. Calls (INVITE
requests) from SIP phones are routed on via a SIP trunk
2. OpenSIPS acts as a transparent proxy in front of another SIP server such
as Asterisk

Scenario 1 is the most common. OpenSIPS authenticates calls based on a list
of credentials that it holds, normally in the subscriber table. In this
case, you really want to avoid the situation where each outbound call
triggers an additional authentication request from the SIP trunk. Can you
re-configure your Asterisk endpoint so it trusts INVITE requests coming from
your OpenSIPS server? E.g. add the line insecure=INVITE to the sip peer
definition.

In scenario 2, which I would not consider to be the preferred solution,
OpenSIPS just passes the SIP messages between the phone and the Asterisk
server - in both directions. OpenSIPS does not authenticate calls because
that job is done by the Asterisk server and all the credentials are held by
Asterisk, not by OpenSIPS. In this case the 401 request would just be passed
upstream to the phone.

Try to avoid the situation where OpenSIPS is authenticating the INVITE from
the SIP phones using its own list of credentials, but then it also has to
authenticate each call sent over the SIP trunk. In theory you could use the
UAC_AUTH module of OpenSIPS to do this, but in practice I have never been
able to make this work because it breaks the CSeq numbering sequence of the
SIP request messages.

John Quick
Smartvox Limited




More information about the Users mailing list