I have an Inbound route for 87055512340 which points to an extension. Incoming calls make it to that extension. It’s just that they get there via from-sip-external (anonymous) and require that ‘Allow SIP Guests’ to be set to YES.
I am guessing that in addition to the trunk under discussion, you also have an SPx on the same OBi configured as an extension. So pjsip can’t match by IP (both the same) or by username (you’re using that for caller ID). And FreePBX can’t (yet) tell pjsip to match on auth_username.
I don’t understand what’s going on, because the INVITE wasn’t challenged so it has no auth_username. I suppose you could try setting Authentication Inbound for the trunk, but if it knows to authenticate when you set it, then it already knows which trunk it is! Conceivably, it will authenticate to resolve the ambiguity.
Otherwise, post the relevant lines from a verbose log at the start of a call and maybe there will be a clue.
That makes no sense to me. If you have a typical SIP trunk (to a provider), then I believe that setting Authentication Incoming is equivalent to insecure=invite being off in a chan_sip trunk, i.e. it will challenge incoming INVITE. Authentication control on REGISTER seems strange (I’ve never seen a server that would accept a REGISTER request without challenging it).
Well, I don’t understand what is going on but thought about a possible workaround:
Assuming that calls to/from the extension and outbound calls on the trunk are both ok, try adding a dummy trunk with no registration or authentication and with the OBi IP address in SIP Server (and perhaps also in Match). With luck, after not matching the username it will match the IP address and accept it as onymous.
A minimal PJSIP trunk (obi202btx) configured as you described (no Advanced tab settings needed) gets the job done and inbound calls are now routed to from-pstn as expected and ‘Allow SIP Guests’ can be set to No.
I don’t understand the issue to be honest there’s a lot of back and forth here. What exactly do you think freepbx should do. If it’s change any of the defaults in trunk settings we are against that because they are the asterisk defaults and those are the chan_sip defaults. Hints for settings are also taken from the asterisk wiki.
The help for Trunk -> pjsip Settings tab -> General tab -> Authentication says:
Usually, this will be set to ‘Outbound’, which authenticates calls going out, and allows unauthenticated calls in from the other server. If you select ‘None’, all calls from or to the specified SIP Server are unauthenticated. Setting this to ‘None’ may be insecure!
However, this setting determines whether REGISTER’s are authenticated (not INVITE’s). INVITE’s are never authenticated (at least when the Registration option is set to Receive).
When using Registration=Receive, it appears it’s not possible for incoming calls to be matched with the correct endpoint and they always end up going to the anonymous context (from-sip-external). Stewart’s work-around of having a dummy trunk configured for no registration plus manual SIP Server and SIP Server Port settings to collect (match) the incoming call and route it to the desired context is extremely clever, but not a very pretty long-term/permanent fix.