[Solved] Inbound trunk issue - 401 unauthorized?

Hello, I have a strange problem with inbound calls, they all seem to fail with a 401 unauthorized and I’m not quite sure what the issue is. There is no authentication required for this trunk the call is making it to me but I cant seem to accept it.

<--- SIP read from UDP:172.16.30.2:5060 --->
    INVITE sip:[email protected] SIP/2.0
    Max-Forwards: 67
    Session-Expires: 3600;refresher=uac
    Min-SE: 600
    Supported: timer, 100rel
    To: <sip:[email protected]>
    From: "WIRELESS CALLER" <sip:[email protected]>;tag=3670166336-1674400842
    P-Asserted-Identity: "WIRELESS CALLER" <sip:[email protected]:5060>
    Call-ID: 20380-3670166336-487296215@genq10-1
    CSeq: 1 INVITE
    Allow: PUBLISH,MESSAGE,UPDATE,PRACK,SUBSCRIBE,REFER,INFO,NOTIFY,REGISTER,OPTIONS,BYE,INVITE,ACK,CANCEL
    Via: SIP/2.0/UDP 172.16.30.2:5060;branch=z9hG4bK953d8d277984fd58ba3ac74bf115923b
    Contact: <sip:[email protected]:5060>
    Content-Type: application/sdp
    Accept: application/sdp
    Content-Length: 283

    v=0
    o=genq10-1 188 1 IN IP4 172.16.30.2
    s=sip call
    c=IN IP4 172.16.30.3
    t=0 0
    m=audio 2102 RTP/AVP 0 8 18 101
    a=rtpmap:0 PCMU/8000
    a=rtpmap:8 PCMA/8000
    a=rtpmap:18 G729/8000
    a=fmtp:18 annexb=no
    a=rtpmap:101 telephone-event/8000
    a=fmtp:101 0-15
    a=sendrecv
    a=maxptime:20
    <------------->
    --- (16 headers 14 lines) ---
    Sending to 172.16.30.2:5060 (NAT)
    Sending to 172.16.30.2:5060 (NAT)
    Using INVITE request as basis request - 20380-3670166336-487296215@genq10-1
    Found peer '998' for '15555550841' from 172.16.30.2:5060

    <--- Reliably Transmitting (NAT) to 172.16.30.2:5060 --->
    SIP/2.0 401 Unauthorized
    Via: SIP/2.0/UDP 172.16.30.2:5060;branch=z9hG4bK953d8d277984fd58ba3ac74bf115923b;received=172.16.30.2;rport=5060
    From: "WIRELESS CALLER" <sip:[email protected]>;tag=3670166336-1674400842
    To: <sip:[email protected]>;tag=as219d7254
    Call-ID: 20380-3670166336-487296215@genq10-1
    CSeq: 1 INVITE
    Server: FPBX-13.0.105(11.21.2)
    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
    Supported: replaces, timer
    WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="38694e25"
    Content-Length: 0
    <------------>

These are the settings I have on the trunk:
Peer Details:
Context: from-tunk

peer=172.16.30.2
insecure=very
type=friend
dissallow=all
allow=ulaw

Any ideas?

Nat=YES - you are transmitting your internal address to your ITSP and I’m all but certain they are unhappy about it.

Thanks, but the pbx is on a external IP, the call is coming in from an address that is on the same vlan, so I could see why it would appear that I am on a internal address but its for sure on a external address.

OK - if that’s your position, then I really misinterpreted this entire section of the transcript.

Your other option is that you’ve messed up a password or a registration. I don’t see a registration, so I’m assuming you are doing IP based security with your ITSP.

Have you checked here? Asterisk config sip.conf - VoIP-Info

Your correct with IP based authentication. basically the call is coming in from the provider to a SBC which has the lan IP listed in there, then being sent to asterisk.

In another scenario I have the SBC sending the call to an opensips proxy, then to the asteirsk server and this works, sending the call directly to this asterisk server does not work oddly enough.

Apparently I did not include all of the valuable info that would have easily helped find the problem. looks like the phones were also registered from the lan ip shown in the trace, that was causing the 401 issue. Changed the ip the calls were being sent on and it was all good.