Getting opensips and freepbx to authenticate

Hi all,
So im trying to get my opensips and freepbx to make calls over a SIP. however both are require authentication and failing on both ends.

At the moment I can get income calls to the freepbx to work if it has the line:
insecure=port,invite into the peer details

if not it will throw back a 401.
Does anyone know how I can fix this so it dosn’t need insecure=port,invite.

Not sure what you mean by “a SIP” but if you are talking of getting a trunk between your Asterisk and your proxy working then:-

http://www.voip-info.org/wiki/view/Asterisk+sip+insecure

might help clarify your current problem, if you are working in a static and protected network then your working settings are fine, neither of your boxes “require” authentification, but if you want to use SIP invite authentication, then you will need to choose a scheme that is acceptable to both and use the correct credentials (which you will presumably have previously set up). You can debug the SIP conversations on both ends to find out what you have wrong common problems are obvoiusly wrong account/passwords and less obviously attempting to use digest authentification without having previously set it up completely, if in doubt, try google.

Apologizes meant to say “a SIP trunk” must have missed it out when typing.

I am currently configuring opensips to authenticate using username, password and ip address to connect to remote pbx.

I can make calls to the pbx with the insecure=port,invite. but I’m worried if this could make the network vulnerable at the freepbx end.

The second thing is when we make call from a phone attached to the pbx to opensips it send back a 403 Forbidden auth ID

the full setting for the pbx opensip trunk atm are

PEER Details:
host=192.168.168.227
type=peer
insecure=port,invite
username=pbx
remotesecret=****

I’m not sure if the Username or remotesecret are the correct thing to be using however the username and password values are correct.

when we send an INVITE to the opensips (from freepbx) we get a 407
with this field
Proxy-Authenticate: Digest realm=“192.168.168.183”, nonce=“52ef9bda000000431f0208e68c83258ad2b6510af66d8f78”

Freepbx reply with
Digest username=“pbx”, realm=“192.168.168.183”, algorithm=MD5, uri="sip:[email protected]", nonce=“52ef9bda000000431f0208e68c83258ad2b6510af66d8f78”, response=“c056ba21b1b9515aa4117d97fafff8f1”

and I still get a 403 response back I feel that freepbx . I read somewhere that you can configure how the md5 hashes the username and password but I don’t know how you are meant to format that part.

If you want to use digest authentication with asterisk you will need to learn how it works, I could tell you but what fun would that be and how would you have increased your feeling of security? :wink:

I was looking around the internet finally found this article
http://tyler.anairo.com/?id=3.1.0 and realized I was missing a field.

type=peer
host=192.168.168.227
username=pbx
fromuser=pbx
secret=test
insecure=port,invite

It works but I still have doubt on how secure this is mainly because I still have “insecure=port,invite” to allow incoming calls from opensips.

You also don’t have a context. I doubt this is doing much