I previously posted a question regarding 401 Unauthorized message I was receiving when making calls.
I have posted this new question because I have included the trace.
We are soon to upgrade our old Elastix PBX system to FreePBX v184.108.40.206 with Asterisk v 13.18.2. We switched to the other morning before working hours and we noticed we could make a call from externally to internally (mobile device to the office phone). We are getting a 401 Unauthorized message in the trace. The following is a trace from our older PBX.
No, I did not know that thank you. Could I ask please why? Also, we are still unable to make external -> internal calls, and Timico, our provider, believe its because of this?
Timico has mentioned this 401 message to me, they have told me they are “sending traffic to the new IP, however, the PBX is responding with a 401 - unauthorised message. Is there a way in which you can check and turn any registrations off?”. I have no idea what they are talking about with regards to “registrations” I have contacted them and of course, they haven’t responded. Thus the reason I’m asking the community.
401 unauthorized is part of a normal call flow. When a server receives a SIP invite, it sends back a 401 to challenge for a revised invite containing authentication.
Watch this video on SIP call flow to understand:
As to why your server is sending a 401, I don’t know, the setting “insecure=invite” in your trunk peer details means that it should not send a 401.
@avayax - thank you for the video. I now understand. I would just like to know, however, when I make a call externally into the office, I do not receive the 401 message? Also, I’ve been reading online that my problem is to do with the “insecure=invite” I’ve tried many different configurations, and I haven’t had any success.
@avayax - thank you for the suggestion. I’m afraid I cant try out your recommended configuration. I can only perform the test before office hours, so I’ll have to do it before 8 am. It’s very difficult for me to test all these different configurations, as we don’t have an additional line. So all the tests I run, I have to switch over to the newer upgraded PBX system, and be performed before people arrive in the office.
In /var/log/asterisk/full, do you see which peer is being matched for the incoming call? It could be that Asterisk is matching the call against a different peer or user in your configuration. Your SIP trace shows the call coming from “7156” to “7156” - is 7156 one of your extensions? If so, Asterisk will match that first and assume it’s an internal user trying to make a call, and challenge for password.