Hello.

I’m trying to connect a new installation of FreePBX with a ChimeSDK SIP trunk. I got it to work for both inbound and outbound by disabling all authentication options (and by sacrificing a few goats). However, enabling any kind of authentication on the trunk causes problems:

1. If I enable “Authentication = Outbound” on the FreePBX side, then the ChimeSDK doesn’t reply to any SIP OPTIONS and the trunk stays in an “unavailable” state (I’m using the “pjsip list endpoints” command).

2. If I enabled “Authentication = Both”, then I see SIP OPTIONS replies from the ChimeSDK and the trunk changes to a “Not in use state”. At this point, I can make outbound calls from FreePBX, however, inbound calls fail with an “401 Unauthorized” error message.

Here’s the 401 Unauthorized message exchange:

<— Received SIP request (1166 bytes) from UDP:99.77.253.5:5060 —>
INVITE sip:[email protected]:5060;transport=UDP SIP/2.0
Record-Route: sip:99.77.253.5:5060;r2=on;lr;ftag=0QXB3a33apQ1Q;did=94b.dc23;nat=yes
Record-Route: sip:99.77.253.5;transport=tcp;r2=on;lr;ftag=0QXB3a33apQ1Q;did=94b.dc23;nat=yes
Via: SIP/2.0/UDP 99.77.253.5:5060;branch=z9hG4bK5f4e.0f6b05136481b947b4b1929adfa3337c.0;i=711
Via: SIP/2.0/UDP 10.0.62.19;received=10.0.62.19;rport=34767;branch=z9hG4bKBgv33pUrBvpKD
Max-Forwards: 69
From: sip:[email protected]:5060;tag=0QXB3a33apQ1Q
To: sip:[email protected]:5060;transport=UDP
Call-ID: dcd21a07-59d1-4480-b294-8528f2757f11
CSeq: 88785709 INVITE
Contact: sip:10.0.62.19:5060;alias=10.0.62.19~34767~2
Content-Type: application/sdp
Content-Length: 287
X-Vine-ID: 019b15c6-e6ea-4c1a-88b9-55a81aee4966
X-VoiceConnector-ID: crr1ugszv3fq75uiwckdva
X-SMA-Max-Forwards: 4
User-Agent: VineProx-v2.3

v=0
o=FreeSWITCH 1726664537 1726664538 IN IP4 99.77.253.145
s=FreeSWITCH
c=IN IP4 99.77.253.145
t=0 0
m=audio 60872 RTP/AVP 0 101
a=silenceSupp:off - - - -
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=rtcp:60873
a=rtcp-mux
a=ptime:20

<— Transmitting SIP response (846 bytes) to UDP:99.77.253.5:5060 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 99.77.253.5:5060;rport=5060;received=99.77.253.5;branch=z9hG4bK5f4e.0f6b05136481b947b4b1929adfa3337c.0;i=711
Via: SIP/2.0/UDP 10.0.62.19;rport=34767;received=10.0.62.19;branch=z9hG4bKBgv33pUrBvpKD
Record-Route: sip:99.77.253.5:5060;lr;r2=on;ftag=0QXB3a33apQ1Q;did=94b.dc23;nat=yes
Record-Route: sip:99.77.253.5;transport=tcp;lr;r2=on;ftag=0QXB3a33apQ1Q;did=94b.dc23;nat=yes
Call-ID: dcd21a07-59d1-4480-b294-8528f2757f11
From: sip:[email protected];tag=0QXB3a33apQ1Q
To: sip:[email protected];tag=z9hG4bK5f4e.0f6b05136481b947b4b1929adfa3337c.0;transport=UDP
CSeq: 88785709 INVITE
WWW-Authenticate: Digest realm=“asterisk”,nonce=“1726679003/0c18fb3b7a416d82734bd174590631da”,opaque=“302349f34df81167”,algorithm=MD5,qop=“auth”
Server: FPBX-17.0.19.5(21.4.1)
Content-Length: 0

=======

Any ideas on how to make this work?

Interestingly, the ChimeSDK “Termination” tab has a field for setting up the authentication credentials. However, the “Origination” tab (which is the part that receives calls from FreePBX) does not have any credential/authentication related settings. This led me to believe that setting the FreePBX authentication to “outbound” only was the right thing to do, but as noted above, that didn’t work either.

Thanks!

This doesn’t make sense. Only outbound authentication is used for those OPTIONS requests!

Not replying to OPTIONS indicates either a broken SIP implementation, or a real transport level failure (IP packets being lost in transit). If received, any well formed request packet should produce, at least, method not implemented.

This is the expected result of enabling inbound authentication for a SIP provider, so the whole bit about 401 is not worth any further investigation.

I compared the OPTIONS ping from FreePBX with the different config options and it turns out that the “To” field is different depending on how you set it up:

** Authentication = Both **

<--- Transmitting SIP request (494 bytes) to UDP:3.3.3.3:5060 --->
OPTIONS sip:voiceconnector1.voiceconnector.chime.aws SIP/2.0
Via: SIP/2.0/UDP 4.4.4.4:5060;rport;branch=z9hG4bKPj4d9c7f52-eaa5-4c29-b80b-5892ed4a46f2
From: <sip:[email protected]>;tag=5d35471c-77b9-4d97-bee1-ee9ca84c626a
**To: <sip:voiceconnector1.voiceconnector.chime.aws>**
Contact: <sip:[email protected]:5060>
Call-ID: a6d00baf-1aef-4df6-a3d4-1809086a4d14
CSeq: 39169 OPTIONS
Max-Forwards: 70
User-Agent: FPBX-17.0.19.5(21.4.1)
Content-Length:  0

** Authentication = Outbound **

<--- Transmitting SIP request (526 bytes) to UDP:3.3.3.3:5060 --->
OPTIONS sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 4.4.4.4:5060;rport;branch=z9hG4bKPjf1584aee-d3dc-4fda-931d-109a5fc1ceee
From: <sip:[email protected]>;tag=2347d158-2848-4c0b-a843-2bdee2e1e98a
**To: <sip:[email protected]>**
Contact: <sip:[email protected]:5060>
Call-ID: 84dc1081-9a9c-48d6-b5b2-f23f0e39f1b9
CSeq: 59356 OPTIONS
Max-Forwards: 70
User-Agent: FPBX-17.0.19.5(21.4.1)
Content-Length:  0

I have been trying to get the “To” field of the “outbound authentication” trunk to change without success. Any ideas on how to do that?

I got the “authentication = outbound” OPTIONS to work by deleting the username from the pjsip tab and moving it to the “Username auth” field. Then I renamed the SIP trunk (general tab) to “voiceconnector2.voiceconnector.chime.aws”.

The ChimeSDK now replies to the SIP OPTIONS ping with a 200 OK and the trunk is up. However, now when I make an outbound call, I get a “401 Unauthorized” error.

Ok, I got it working. It is as picky as it gets. Here’s the manual for some other poor soul who may end up having to set this up:

General tab:

• The trunk’s name must be the E.164 number associated with the ChimeSDK trunk.

PJSIP/General tab:

1. Username: Must be blank
2. Auth username: Leave it blank
3. Authentication: Outbound
4. Registration: None
5. Context: from-pstn
6. Sacrifice another goat.

On the ChimeSDK side:

• Use the E.164 number as the username.

Additional observations:

• The “Auth username” field in FreePBX doesn’t seem to work. No matter what you set it to, it still sends the SIP trunk’s name as the Digest username.

• It takes about a minute for any ChimeSDK config changes to take effect.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.