How do I stop dnsmgr from resolving the URL in chan_sip register string

Do they mean that :5077 should appear in the URI, the request should be sent to port 5077 on the Outbound Proxy address, or both?

Please confirm that you have set
Outbound Proxy to\;lr\;hide
SIP Server to
SIP Server Port to 5077 or left blank (according to what they want in the URI)
Server URI (leave blank)
Client URI (leave blank)

If you still have trouble, post the pjsip logger output of a new registration attempt.




Both now blank

Still won’t register below, is the logger output.

I guess before the 403 there was a 401 response with a challenge. If one takes the response literally, then you have given them a wrong password for the given account. The service provider should be able to tell you exactly what is going wrong.

Based on the Register String in this thread:

I suspect that you need a domain name as part of the Auth username, even though you didn’t need one in the Register String in your first post.

Unfortunately, the ‘working registration’ given by your carrier did not include the Authorization header, so we can’t tell what domain is required. However, based on

try setting Auth username to
[email protected]
(replace xxxx with actual last 4 digits of phone number) and retest.
If you still have trouble, paste another log with pjsip logger on. (It’s possible that registration will now succeed but calls will still fail because of another error.

Left Username at: 330237xxxx
Changed Authname to [email protected]
I also asked the carrier to change the secret
Still rejected - here is log with pjsip logger on.

<— Transmitting SIP request (880 bytes) to —>
Via: SIP/2.0/UDP yyy.yyy.yyy.yyy:5077;rport;branch=z9hG4bKPj11734c8b-88cb-4bd5-aacd-251880573500
From: sip:[email protected];tag=8a02576a-94a7-4ad0-b122-aac346fb87c7
To: sip:[email protected]
Call-ID: e7020b45-f519-4d84-b46d-9b83bef0b072
Contact: sip:[email protected]:5077
Expires: 3600
Max-Forwards: 70
User-Agent: FPBX-
Authorization: Digest username="[email protected]", realm=“”, nonce=“BroadWorksXkz48tcjyTi0lp78BW”, uri=“”, response=“707f8518d769edeafb3a4bcd2fb5c866”, algorithm=MD5, cnonce=“49e4264896b5476db2c5f218ab382698”, qop=auth, nc=00000001
Content-Length: 0

<— Received SIP response (408 bytes) from UDP —>
SIP/2.0 403 Authentication Failure
Via: SIP/2.0/UDP;received=;branch=z9hG4bKPj11734c8b-88cb-4bd5-aacd-251880573500;rport=5077
From: sip:[email protected];tag=8a02576a-94a7-4ad0-b122-aac346fb87c7
To: sip:[email protected];tag=233850133-1643727334634
Call-ID: e7020b45-f519-4d84-b46d-9b83bef0b072
Content-Length: 0

[2022-02-01 09:55:34] WARNING[8706]: res_pjsip_outbound_registration.c:1047 handle_registration_response: 403 Forbidden fatal response received from ‘’ on registration attempt to ‘sip:[email protected]’, retrying in ‘30’ seconds

Working with the carrier, they didn’t like the Authname. So I blanked it - it REGISTERED!!!

I’m glad you got it working, but wasn’t it blank before the latest change? What’s different now?
Are incoming and outgoing calls working now?

I blanked this out and it started registering.
Could make out calls but not receive calls.

In trying to fix this, now not receiving replies to my Registration requests. They are sending a 401 and I show rejected, but the replies don’t show in the log. This is not consistent to first thing this morning when I blanked Authname and got it to register. I also changed the name of the trunk.

Any way I can reset PJSIP?

Put all fields back to what they were this AM after getting it to register and
did an fwconsole restart.

Now registering again, out calls ok, no inbound calls. I do have an inbound route to 440306nnnn.
Why would it be sending back a ‘401 Unauthorized’ to the carrier’s INVITE?

Test call to PBX
<— Received SIP request (1176 bytes) from —>
INVITE sip:[email protected]:5077 SIP/2.0
Via: SIP/2.0/UDP;branch=z9hG4bK9k455n10egpqkrrgf9u0.1
Via: SIP/2.0/UDP yyy.yyy.yyy.yyy;branch=z9hG4bKBroadWorks.2pp4ea-
From: "INDEPENDENCE OH"sip:[email protected]:5077;user=phone;tag=573771062-1643739247404-
To: "DataVoice DataVoice"sip:[email protected]:5077
Call-ID: [email protected]
CSeq: 457128343 INVITE
Contact: sip:[email protected]:5077;transport=udp
Supported: 100rel
Recv-Info: x-broadworks-client-session-info
Accept: application/btbc-session-info,application/media_control+xml,application/sdp,multipart/mixed
Max-Forwards: 69
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 279

o=- 21591877 1 IN IP4
c=IN IP4
t=0 0
m=audio 28150 RTP/AVP 0 8 18 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

<— Transmitting SIP response (720 bytes) to UDP: —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP;rport=5077;received=;branch=z9hG4bK9k455n10egpqkrrgf9u0.1
Via: SIP/2.0/UDP;branch=z9hG4bKBroadWorks.2pp4ea-
Call-ID: [email protected]
From: “INDEPENDENCE OH” sip:[email protected];user=phone;tag=573771062-1643739247404-
To: “DataVoice DataVoice” sip:[email protected];tag=z9hG4bK9k455n10egpqkrrgf9u0.1
CSeq: 457128343 INVITE
WWW-Authenticate: Digest realm=“asterisk”,nonce=“1643739247/c06e35448ff5e96306a55ad1763de8ea”,opaque=“39bd93b14bf8906c”,algorithm=md5,qop=“auth”
Server: FPBX-
Content-Length: 0

<— Received SIP request (434 bytes) from —>
ACK sip:[email protected]:5077 SIP/2.0
Via: SIP/2.0/UDP;branch=z9hG4bK9k455n10egpqkrrgf9u0.1
CSeq: 457128343 ACK
From: "INDEPENDENCE OH"sip:[email protected]:5077;user=phone;tag=573771062-1643739247404-
To: "DataVoice DataVoice"sip:[email protected]:5077;tag=z9hG4bK9k455n10egpqkrrgf9u0.1
Call-ID: [email protected]
Max-Forwards: 69
Content-Length: 0

Because it was configured to do inbound (or both way) authentication, or because it didn’t recognize the carrier as being the carrier, but didn’t want to let it know, on the basis that is was an attacker and it is better to make attackers waste their time trying passwords when none will work.

Authentication is set to Outbound
Registration is set to Send

How do I tell FPBX to recognize the carrier as being the carrier?

Referring to a PJSIP trunk, If I I set both ‘Allow Anonymous Inbound SIP Calls’ and 'Allow SIP Guests ’ to Yes, I can receive incoming calls. For security I believe I’d want these set to ‘No’. Where would I enter the carrier domain to allow incoming calls only from that carrier?. If I try setting Auth username to
[email protected], the trunk won’t initial register. Leaving it blank, it will register. Thanks for any help!

Look at one of those inbound calls and post the logs. It could be a simple thing.

Or, another possibility is many carriers use a broad range of IP addresses now, which is one of the things chan_pjsip was designed to handle that chan_sip could not.

You can enter all of their IP addresses in the Match/Permit field of the advanced tab.

That was it! I entered two /24 subnets, provided by the carrier.
To all who responded, I appreciate your help very much. And learned much too!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.