[SR-Users] Kamailio & Asterisk SIP Registration Forwarding - Asterisk replies 401 Unauthorized

Thu Jul 16 11:03:03 CEST 2015

On Wednesday 15 July 2015 16:42:31 Ben Fitzgerald wrote:
> Hi, I've been following this integration tutorial
> http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
> and have a successful registration and I can even make calls through my
> asterisk box.
> 
> However what is unusual to me is that every time a phone registers with
> Kamailio, that is forwarded to Asterisk (as expected), yet Asterisk replies
> with 401 Unauthorized. Oddly enough the phone registers and can still make
> calls. What worries me is that as we scale to 100's of cps, this seemingly
> erroneous message may slow down Asterisk because it's trying to handle
> authentication for users which have already been authenticated by Kamailio.
> If this behavior is expected, then that would be good to know as well.
[...]
> =========================
> 
> sip.conf for kamailio trunk:
> 
> [kamailio-inbound]
> type=friend
> dtmfmode=auto
> host=kamailioIP
> allow=all
> context=sipout
> insecure=port,invite
> canreinvite=no

Asterisk is a bit strange in figuring out which peer to use, this peer 
definition is not used in the way you think, see default sip.conf:

;------- Naming devices ------------------------------------------------------
;
; When naming devices, make sure you understand how Asterisk matches calls
; that come in.
;       1. Asterisk checks the SIP From: address username and matches against
;          names of devices with type=user 
;          The name is the text between square brackets [name]
;       2. Asterisk checks the From: addres and matches the list of devices
;          with a type=peer
;       3. Asterisk checks the IP address (and port number) that the INVITE
;          was sent from and matches against any devices with type=peer
;
; Don't mix extensions with the names of the devices. Devices need a unique
; name. The device name is *not* used as phone numbers. Phone numbers are
; anything you declare as an extension in the dialplan (extensions.conf).
; 
; When setting up trunks, make sure there's no risk that any From: username
; (caller ID) will match any of your device names, because then Asterisk 
; might match the wrong device.
;

You need to make sure the secret for users is empty in the view asterisk has 
on the usertable shared with kamailio.

It is explained with a bright yellow explamation mark on the kb url:

sipusers is the standard table required by Asterisk to store SIP user profile, 
with one extra column sippasswd where will be stored the password for SIP 
authentication. By default, Asterisk uses the column secret for SIP user 
password, but if that is filled in, Asterisk will ask for authentication 
again, resulting in double-authentication which we want to avoid.

sipregs is used to store SIP registrations. Registrations can be stored in 
sipusers tables as well, in case you do not want a separate table. Just omit 
the appropriate entry in /etc/asterisk/extconfig.conf. 