PJSIP not sending Authorization Header on 401

[Peter Warrick <peter@xxxxxxxxxxxxxx>]

I’ve run into an odd issue trying to get my client that is using PJSIP to talk to Asterisk. The first time it tries to REGISTER with my Asterisk server it get’s back a 401 Unauthorized. Which is expected. However the next attempt, PJSIP should send the Authorization Header in it’s REGISTER request. But it’s not doing this. See below for a snippet of a packet capture I’ve done. 

10.200.0.72 is my Asterisk server. And 10.200.154.118 is my client. For reference, it’s an iOS project I’m working on and I’m trying to get my device to register as extension 100. 

Here’s the really confusing part. This wasn’t working 2 days ago, and then suddenly yesterday it started working fine. Now today, it’s not working again. It’s almost as if it all of sudden starts working and PJSIP finally sends the Authorization Header. Other devices such as my LinkSys PCAP device are able to register without issue. So I know it must be something I’m doing wrong with PJSIP? I’ve been wrestling with this for over a week and I know it must be something simple but it escapes me. Welcome any thoughts anyone might have?

Also, apologies for the length of this message. I wanted to include as much info as possible. I tried to trim down as much as possible. 

REGISTER sip:10.200.0.72 SIP/2.0

Via: SIP/2.0/UDP 10.200.154.118:5080;rport;branch=z9hG4bKPjKy2xO6UVBMvX6oiWCt9UrWdclNlhvh31

Max-Forwards: 70

From: <sip:100@10.200.0.72>;tag=eXXDvPSkJ5WhQUNxs7UNXtHO-rdIO96v

To: <sip:100@10.200.0.72>

Call-ID: 6ddWjvyiBuGGfEW7vq2AvF-PF8SSpUxZ

CSeq: 13892 REGISTER

Contact: <sip:100@10.200.154.118:5080;ob>

Expires: 300

Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS

Content-Length: 0

SIP/2.0 401 Unauthorized

Via: SIP/2.0/UDP 10.200.154.118:5080;branch=z9hG4bKPjKy2xO6UVBMvX6oiWCt9UrWdclNlhvh31;received=174.0.50.116;rport=15923

From: <sip:100@10.200.0.72>;tag=eXXDvPSkJ5WhQUNxs7UNXtHO-rdIO96v

To: <sip:100@10.200.0.72>;tag=as45017471

Call-ID: 6ddWjvyiBuGGfEW7vq2AvF-PF8SSpUxZ

CSeq: 13892 REGISTER

Server: Mozilla

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE

Supported: replaces, timer

WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="5d4f67d0"

Content-Length: 0

REGISTER sip:10.200.0.72 SIP/2.0

Via: SIP/2.0/UDP 10.200.154.118:5080;rport;branch=z9hG4bKPjKy2xO6UVBMvX6oiWCt9UrWdclNlhvh31

Max-Forwards: 70

From: <sip:100@10.200.0.72>;tag=eXXDvPSkJ5WhQUNxs7UNXtHO-rdIO96v

To: <sip:100@10.200.0.72>

Call-ID: 6ddWjvyiBuGGfEW7vq2AvF-PF8SSpUxZ

CSeq: 13892 REGISTER

Contact: <sip:100@10.200.154.118:5080;ob>

Expires: 300

Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS

Content-Length: 0

REGISTER sip:10.200.0.72 SIP/2.0

Via: SIP/2.0/UDP 10.200.154.118:5080;rport;branch=z9hG4bKPjKy2xO6UVBMvX6oiWCt9UrWdclNlhvh31

Max-Forwards: 70

From: <sip:100@10.200.0.72>;tag=eXXDvPSkJ5WhQUNxs7UNXtHO-rdIO96v

To: <sip:100@10.200.0.72>

Call-ID: 6ddWjvyiBuGGfEW7vq2AvF-PF8SSpUxZ

CSeq: 13892 REGISTER

Contact: <sip:100@10.200.154.118:5080;ob>

Expires: 300

Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS

Content-Length: 0

SIP/2.0 401 Unauthorized

Via: SIP/2.0/UDP 10.200.154.118:5080;branch=z9hG4bKPjKy2xO6UVBMvX6oiWCt9UrWdclNlhvh31;received=174.0.50.116;rport=15923

From: <sip:100@10.200.0.72>;tag=eXXDvPSkJ5WhQUNxs7UNXtHO-rdIO96v

To: <sip:100@10.200.0.72>;tag=as45017471

Call-ID: 6ddWjvyiBuGGfEW7vq2AvF-PF8SSpUxZ

CSeq: 13892 REGISTER

Server: Mozilla

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE

Supported: replaces, timer

WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="5d4f67d0"

Content-Length: 0

It’s not any firewall issue obviously as the packets are getting through and I don’t have any restrictions on which IPs can connect to that extension… 

For those who are familiar with ObjC.. Here’s my start and register function… 

- (void) startAndRegisterOnServer:(NSString *)sipDomain withUserName:(NSString *)sipUser andPassword:(NSString *)password success:(void (^)(void))success failure:(void (^)(int errorCode, NSString *errorMessage))failure

{

pj_status_t status;

status = pjsua_create();

if (status != PJ_SUCCESS)

{

failure (status, @"Error in pjsua_create");

return;

}

// Setup Config and Initialize

pjsua_config config;

pjsua_config_default (&config);

config.cb.on_incoming_call = &on_incoming_call;

config.cb.on_call_media_state = &on_call_media_state;

config.cb.on_call_state = &on_call_state;

config.cb.on_reg_state2 = &on_reg_state2;

pjsua_logging_config logConfig;

pjsua_logging_config_default(&logConfig);

logConfig.console_level = 3;

status = pjsua_init(&config, &logConfig, NULL);

if (status != PJ_SUCCESS)

{

failure (status, @"Error in pjsua_init");

return;

}

// Add UDP transport

pjsua_transport_config udpTransportConfig;

pjsua_transport_config_default(&udpTransportConfig);

udpTransportConfig.port = 5080;

status = pjsua_transport_create(PJSIP_TRANSPORT_UDP, &udpTransportConfig, NULL);

if (status != PJ_SUCCESS)

{

failure (status, @"Error adding UDP transport");

return;

}

// Add TCP transport.

pjsua_transport_config tcpTransportConfig;

pjsua_transport_config_default(&tcpTransportConfig);

tcpTransportConfig.port = 5080;

status = pjsua_transport_create(PJSIP_TRANSPORT_TCP, &tcpTransportConfig, NULL);

if (status != PJ_SUCCESS)

{

failure (status, @"Error adding TCP transport");

return;

}

// Startup PJSUA

status = pjsua_start();

if (status != PJ_SUCCESS)

{

failure (status, @"Error starting PJSUA");

return;

}

// UnRegister with SIP Server First

if (pjsua_acc_get_count() > 0)

{

[self unregisterAccount];

}

// Register with SIP Server

pjsua_acc_config accountConfig;

pjsua_acc_config_default(&accountConfig);

// Account ID

char sipAccount [MAX_SIP_ACCOUNT_LENGTH];

sprintf (sipAccount, "sip:%s@%s", [sipUser UTF8String], [sipDomain UTF8String]);

accountConfig.id = pj_str(sipAccount);

// Register URI

char regUri[MAX_SIP_REGISTER_URI_LENGTH];

sprintf(regUri, "sip:%s", [sipDomain UTF8String]);

accountConfig.reg_uri = pj_str(regUri);

// Set the accountConfig with the credentials.

accountConfig.cred_count = 1;

accountConfig.cred_info[0].scheme = pj_str("digest");

accountConfig.cred_info[0].realm = pj_str("asterisk");

accountConfig.cred_info[0].username = pj_str((char *)[sipUser UTF8String]);

accountConfig.cred_info[0].data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;

accountConfig.cred_info[0].data = pj_str((char *)[password UTF8String]);

pjsua_acc_id accID;

status = pjsua_acc_add(&accountConfig, PJ_TRUE, &accID);

[PJSIPInterfaceManager sharedInstance].accountID = accID;

if (status != PJ_SUCCESS)

{

failure (status, @"Error registering account with server");

return;

}

// Shutdown audio for PJSIP since we are using CallKit.

pjsua_set_no_snd_dev();

success();

}

Also I know this isn’t related to PJSIP directly but I’ve included my config settings here on Asterisk for reference…

SIP Settings

sip show settings

Global Settings:

----------------

  UDP Bindaddress:        0.0.0.0:5060

  TCP SIP Bindaddress:    0.0.0.0:5060

  TLS SIP Bindaddress:    Disabled

  Videosupport:           No

  Textsupport:            No

  Ignore SDP sess. ver.:  No

  AutoCreate Peer:        Off

  Match Auth Username:    No

  Allow unknown access:   Yes

  Allow subscriptions:    Yes

  Allow overlap dialing:  Yes

  Allow promisc. redir:   No

  Enable call counters:   No

  SIP domain support:     No

  Path support :          No

  Realm. auth:            No

  Our auth realm          asterisk

  Use domains as realms:  No

  Call to non-local dom.: Yes

  URI user is phone no:   No

  Always auth rejects:    Yes

  Direct RTP setup:       No

  User Agent:             Mozilla

  SDP Session Name:       Asterisk PBX 13.7.2

  SDP Owner Name:         root

  Reg. context:           (not set)

  Regexten on Qualify:    No

  Trust RPID:             No

  Send RPID:              No

  Legacy userfield parse: No

  Send Diversion:         Yes

  Caller ID:              Unknown

  From: Domain:           

  Record SIP history:     Off

  Auth. Failure Events:   Off

  T.38 support:           No

  T.38 EC mode:           Unknown

  T.38 MaxDtgrm:          4294967295

  SIP realtime:           Disabled

  Qualify Freq :          60000 ms

  Q.850 Reason header:    No

  Store SIP_CAUSE:        No

Network QoS Settings:

---------------------------

  IP ToS SIP:             CS3

  IP ToS RTP audio:       EF

  IP ToS RTP video:       AF41

  IP ToS RTP text:        CS0

  802.1p CoS SIP:         4

  802.1p CoS RTP audio:   5

  802.1p CoS RTP video:   6

  802.1p CoS RTP text:    5

  Jitterbuffer enabled:   No

Network Settings:

---------------------------

  SIP address remapping:  Enabled using externaddr

  Externhost:             <none>

  Externaddr:             [REDACTED]

  Externrefresh:          10

  Localnet:               10.200.0.72/255.255.0.0

Global Signalling Settings:

---------------------------

  Codecs:                 (ulaw|alaw|gsm|g726|g723|g729|speex|g722|g719)

  Relax DTMF:             No

  RFC2833 Compensation:   No

  Symmetric RTP:          Yes

  Compact SIP headers:    No

  RTP Keepalive:          0 (Disabled)

  RTP Timeout:            30 

  RTP Hold Timeout:       300 

  MWI NOTIFY mime type:   application/simple-message-summary

  DNS SRV lookup:         No

  Pedantic SIP support:   Yes

  Reg. min duration       60 secs

  Reg. max duration:      3600 secs

  Reg. default duration:  3600 secs

  Sub. min duration       60 secs

  Sub. max duration:      3600 secs

  Outbound reg. timeout:  120 secs

  Outbound reg. attempts: 0

  Outbound reg. retry 403:0

  Notify ringing state:   Yes

    Include CID:          No

  Notify hold state:      Yes

  SIP Transfer mode:      open

  Max Call Bitrate:       384 kbps

  Auto-Framing:           No

  Outb. proxy:            <not set> 

  Session Timers:         Accept

  Session Refresher:      uas

  Session Expires:        1800 secs

  Session Min-SE:         90 secs

  Timer T1:               500

  Timer T1 minimum:       100

  Timer B:                32000

  No premature media:     Yes

  Max forwards:           70

Default Settings:

-----------------

  Allowed transports:     UDP

  Outbound transport:   UDP

  Context:                from-sip-external

  Record on feature:      automon

  Record off feature:     automon

  Force rport:            Yes

  DTMF:                   rfc2833

  Qualify:                0

  Keepalive:              0

  Use ClientCode:         No

  Progress inband:        No

  Language:               

  Tone zone:              <Not set>

  MOH Interpret:          default

  MOH Suggest:            

  Voice Mail Extension:   *97

----

Here is the config for sip peer 100…

sip show peer 100

  * Name       : 100

  Description  : 

  Secret       : <Set>

  MD5Secret    : <Not set>

  Remote Secret: <Not set>

  Context      : from-internal

  Record On feature : automon

  Record Off feature : automon

  Subscr.Cont. : <Not set>

  Language     : 

  Tonezone     : <Not set>

  AMA flags    : Unknown

  Transfer mode: open

  CallingPres  : Presentation Allowed, Not Screened

  Callgroup    : 

  Pickupgroup  : 

  Named Callgr : 

  Nam. Pickupgr: 

  MOH Suggest  : 

  Mailbox      : 100@default

  VM Extension : *97

  LastMsgsSent : 32767/65535

  Call limit   : 2147483647

  Max forwards : 0

  Dynamic      : Yes

  Callerid     : "Pete" <100>

  MaxCallBR    : 384 kbps

  Expire       : -1

  Insecure     : no

  Force rport  : Yes

  Symmetric RTP: Yes

  ACL          : Yes

  DirectMedACL : No

  T.38 support : No

  T.38 EC mode : Unknown

  T.38 MaxDtgrm: 4294967295

  DirectMedia  : No

  PromiscRedir : No

  User=Phone   : No

  Video Support: No

  Text Support : No

  Ign SDP ver  : No

  Trust RPID   : Yes

  Send RPID    : Yes

  Path support : No

  Path         : N/A

  TrustIDOutbnd: Legacy

  Subscriptions: Yes

  Overlap dial : Yes

  DTMFmode     : rfc2833

  Timer T1     : 500

  Timer B      : 32000

  ToHost       : 

  Addr->IP     : (null)

  Defaddr->IP  : (null)

  Prim.Transp. : TCP

  Allowed.Trsp : UDP,TCP

  Def. Username: 100

  SIP Options  : (none)

  Codecs       : (ulaw|alaw|gsm|g726|g723|g729|speex|g722|g719)

  Auto-Framing : No

  Status       : UNKNOWN

  Useragent    : 

  Reg. Contact : sip:100@[REDACTED]:54641;ob

  Qualify Freq : 60000 ms

  Keepalive    : 0 ms

  Sess-Timers  : Accept

  Sess-Refresh : uas

  Sess-Expires : 1800 secs

  Min-Sess     : 90 secs

  RTP Engine   : asterisk

  Parkinglot   : 

  Use Reason   : No

  Encryption   : No

I’ve REDACTED any external IP’s for security reasons. 

Again, appreciate any thoughts or insights anyone might have. Much appreciated. 

Regards,

Peter

_______________________________________________
Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org