Do they mean that :5077 should appear in the URI, the request should be sent to port 5077 on the Outbound Proxy address, or both?
Please confirm that you have set
Outbound Proxy to sip:xxx.xxx.xxx.xxx:5077\;lr\;hide
SIP Server to bwas.voice.onvoy.net
SIP Server Port to 5077 or left blank (according to what they want in the URI)
Server URI (leave blank)
Client URI (leave blank)
If you still have trouble, post the pjsip logger output of a new registration attempt.
I guess before the 403 there was a 401 response with a challenge. If one takes the response literally, then you have given them a wrong password for the given account. The service provider should be able to tell you exactly what is going wrong.
I suspect that you need a domain name as part of the Auth username, even though you didn’t need one in the Register String in your first post.
Unfortunately, the ‘working registration’ given by your carrier did not include the Authorization header, so we can’t tell what domain is required. However, based on
try setting Auth username to [email protected]
(replace xxxx with actual last 4 digits of phone number) and retest.
If you still have trouble, paste another log with pjsip logger on. (It’s possible that registration will now succeed but calls will still fail because of another error.
Left Username at: 330237xxxx
Changed Authname to [email protected]
I also asked the carrier to change the secret
Still rejected - here is log with pjsip logger on.
<— Received SIP response (408 bytes) from UDP xxx.xxx.xxx.xxx:5077 —>
SIP/2.0 403 Authentication Failure
Via: SIP/2.0/UDP 162.221.91.166:5077;received=162.221.91.166;branch=z9hG4bKPj11734c8b-88cb-4bd5-aacd-251880573500;rport=5077
From: sip:[email protected];tag=8a02576a-94a7-4ad0-b122-aac346fb87c7
To: sip:[email protected];tag=233850133-1643727334634
Call-ID: e7020b45-f519-4d84-b46d-9b83bef0b072
CSeq: 6346 REGISTER
Content-Length: 0
[2022-02-01 09:55:34] WARNING[8706]: res_pjsip_outbound_registration.c:1047 handle_registration_response: 403 Forbidden fatal response received from ‘sip:bwas.voice.onvoy.net’ on registration attempt to ‘sip:[email protected]’, retrying in ‘30’ seconds
In trying to fix this, now not receiving replies to my Registration requests. They are sending a 401 and I show rejected, but the replies don’t show in the log. This is not consistent to first thing this morning when I blanked Authname and got it to register. I also changed the name of the trunk.
Put all fields back to what they were this AM after getting it to register and
did an fwconsole restart.
Now registering again, out calls ok, no inbound calls. I do have an inbound route to 440306nnnn.
Why would it be sending back a ‘401 Unauthorized’ to the carrier’s INVITE?
Because it was configured to do inbound (or both way) authentication, or because it didn’t recognize the carrier as being the carrier, but didn’t want to let it know, on the basis that is was an attacker and it is better to make attackers waste their time trying passwords when none will work.
Referring to a PJSIP trunk, If I I set both ‘Allow Anonymous Inbound SIP Calls’ and 'Allow SIP Guests ’ to Yes, I can receive incoming calls. For security I believe I’d want these set to ‘No’. Where would I enter the carrier domain to allow incoming calls only from that carrier?. If I try setting Auth username to [email protected], the trunk won’t initial register. Leaving it blank, it will register. Thanks for any help!
Look at one of those inbound calls and post the logs. It could be a simple thing.
Or, another possibility is many carriers use a broad range of IP addresses now, which is one of the things chan_pjsip was designed to handle that chan_sip could not.
You can enter all of their IP addresses in the Match/Permit field of the advanced tab.