Freepbx VPN SIP Client (SIP/2.0 401 Unauthorized)


(Debpbx) #1

Hello,
i try to connect my SIP Client (linphone) via VPN to FreePBX.
The routing looks OK. I can ping the Endpoints and traffic is routing.
I can also Register my sip client.

debpbx*CLI> pjsip list contacts

Contact: <Aor/ContactUri…> <Hash…> <RTT(ms)…>

Contact: 731/sip:731@192.168.30.132:5060 163a967d99 Avail 15.722
Contact: 734/sip:734@10.8.0.143:5060 1b1aa8cbac Avail 62.180

So far so good. When I try to call an other extension I get a timeout.
tcpdump:

root@debpbx:/etc/asterisk# tcpdump -ni enp0s15 host 10.8.0.143 and not port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s15, link-type EN10MB (Ethernet), capture size 262144 bytes
13:03:04.086687 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP: INVITE sip:731@asterisk.kes SIP/2.0
13:03:04.087364 IP 192.168.30.28.5060 > 10.8.0.143.5060: SIP: SIP/2.0 401 Unauthorized
13:03:04.126101 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP: ACK sip:731@asterisk.kes SIP/2.0
13:03:09.054643 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP
13:03:14.112561 IP 192.168.30.28.5060 > 10.8.0.143.5060: SIP: OPTIONS sip:734@10.8.0.143:5060 SIP/2.0
13:03:14.162609 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP: SIP/2.0 200 Ok
13:03:19.057752 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP
13:03:29.060765 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP
13:03:44.672509 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP

I think the SIP/2.0 401 Unauthorized is the problem.
I also had add the VPN IP range to the local_net but that does not solve the problem.

root@debpbx:/etc/asterisk# grep -ri 10.8.0
sip_general_additional.conf:localnet=10.8.0.0/24
pjsip.transports.conf:local_net=10.8.0.0/24


(Itzik) #2

In case you did not read it yet: https://wiki.freepbx.org/display/FPG/System+Admin+-+VPN+Server