Telecom

Asterisk PJSIP: Registratiom SIP Providers (Latest Versions)

MYLINEHUB Team • 2026-02-10 • 10 min

Updated guide for modern Asterisk (PJSIP era): registratiom sip providers with real configs, common mistakes, and troubleshooting steps.

Asterisk PJSIP: Registratiom SIP Providers (Latest Versions)

Many SIP providers require Asterisk to authenticate using a username and password. This process is called SIP registration.

Registration is not just “login”. It tells the provider: “This is the IP and port where you can send inbound calls for my DID numbers.”

Until registration succeeds (and remains alive):

  • Inbound calls may not be delivered to your server
  • Outbound calls may be rejected or rate-limited
  • Providers may return authentication or routing errors

What Happens During SIP Registration (Real Flow)

A typical registration sequence looks like this:

  1. Asterisk sends REGISTER to provider
  2. Provider responds 401 Unauthorized (challenge with nonce)
  3. Asterisk sends REGISTER again with Authorization header
  4. Provider responds 200 OK (registration accepted)
  5. Provider now knows where to send inbound calls

Important: seeing a 401 once is normal. Seeing repeated 401 loops is a failure.

Provider Requirements You Must Collect First

Before writing any config, collect these details from your SIP provider:

  • Server domain/IP (example: sip.provider.com)
  • Port (usually 5060 UDP; sometimes TLS 5061)
  • Username (may be DID number or account ID)
  • Password
  • Auth realm (some providers require exact realm)
  • Allowed codecs (often PCMU/PCMA only)
  • Inbound DID routing method (To header / Request-URI / P-Called-Party-ID)

Production-Safe PJSIP Registration Configuration (Full Example)

This is a practical working template. Replace values marked with ALL CAPS. 

[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0

; If Asterisk is behind NAT, you MUST set these (see NAT section below)
; local_net=192.168.0.0/16
; external_signaling_address=YOUR_PUBLIC_IP
; external_media_address=YOUR_PUBLIC_IP


[provider-auth]
type=auth
auth_type=userpass
username=PROVIDER_USERNAME
password=PROVIDER_PASSWORD


[provider-aor]
type=aor
; Some providers want a contact URI like sip:sip.provider.com
; Others want it empty (registration manages contacts)
contact=sip:sip.provider.com
max_contacts=1
remove_existing=yes


[provider-endpoint]
type=endpoint
transport=transport-udp
context=inbound-provider
disallow=all
allow=ulaw,alaw

; Link to AOR
aors=provider-aor

; Outbound auth for calls (and sometimes required for registration)
outbound_auth=provider-auth

; Good defaults for trunks
direct_media=no
rtp_symmetric=yes
force_rport=yes
rewrite_contact=yes

; Optional: send your DID / trunk name in From / Contact if provider requires
; from_user=YOUR_DID
; from_domain=sip.provider.com

Registration Object (The Actual Login)

This object is what triggers Asterisk to send REGISTER requests. 

[provider-registration]
type=registration
transport=transport-udp
outbound_auth=provider-auth

server_uri=sip:sip.provider.com

; client_uri should represent your trunk identity
client_uri=sip:PROVIDER_USERNAME@sip.provider.com

; Some providers require a specific "contact_user" (especially when username != DID)
; contact_user=PROVIDER_USERNAME

retry_interval=60
forbidden_retry_interval=300
fatal_retry_interval=600

expiration=3600

If your provider gives a different server for registration vs calling, they may provide a separate register hostname.

Verify Registration in Asterisk CLI (What Good Looks Like)

asterisk -rvvv
pjsip show registrations

Healthy status should show something like: 

<Registration/ServerURI..............................>  <Auth....................>  <Status.....>
provider-registration/sip:sip.provider.com              provider-auth            Registered

If you see:

  • Registered → login succeeded
  • Rejected → credentials/realm/provider policy problem
  • No Response → network/firewall/NAT issue

Enable SIP Logging (Must-Know Debug Command)

pjsip set logger on

Now attempt registration again (restart Asterisk or wait retry interval), and watch the REGISTER + responses.

Tip: Keep this enabled only during debugging in production, because logs can grow fast.

Failure Case 1: Infinite 401 Loop (Most Common)

One 401 is normal (challenge). Repeated 401 means your Authorization is not accepted.

Typical causes:

  • Password incorrect
  • Username incorrect (auth username differs from SIP user)
  • Provider expects a specific realm
  • Provider expects auth user = DID (or account ID)

Debug method:

  1. Enable pjsip set logger on
  2. Check the realm in the 401 response
  3. Confirm your provider credentials match that realm/account

Failure Case 2: 403 Forbidden (Credentials OK But Provider Blocks)

If you see: 

403 Forbidden

common reasons:

  • Provider blocked your IP (security policy)
  • Account disabled / not activated
  • Too many failed auth attempts triggered a ban
  • Provider allows registration only from whitelisted IP

Fix: confirm with provider support whether your server IP must be whitelisted.

Failure Case 3: No Response / Timeout (Network or NAT)

This looks like:

  • No SIP response packets arrive
  • CLI shows “No Response”

Most common causes:

  • Firewall blocks UDP 5060
  • Incorrect route / DNS resolution
  • NAT replies going to private IP not public IP

NAT Requirements for Registration (Critical in Real Deployments)

If Asterisk is behind NAT (common in office networks), the provider may respond to the wrong address unless you configure: 

[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0
local_net=192.168.0.0/16
external_signaling_address=YOUR_PUBLIC_IP
external_media_address=YOUR_PUBLIC_IP

If these values are wrong, registration may “work sometimes” and fail randomly, especially after NAT mapping changes.

Firewall Ports Checklist

You need BOTH signaling and media ports: 

sudo ufw allow 5060/udp
sudo ufw allow 10000:20000/udp

If SIP is open but RTP blocked, registration may work and calls may connect, but audio will fail.

Confirm Provider Responses Using tcpdump (Example)

If Asterisk shows “No Response”, confirm whether packets are returning: 

sudo tcpdump -i any -n udp port 5060

To capture for Wireshark: 

sudo tcpdump -i any -s 0 -w reg_debug.pcap udp port 5060

Open reg_debug.pcap in Wireshark and check:

  • Is REGISTER leaving the server?
  • Is provider replying?
  • If reply exists, is it reaching Asterisk?

Key Takeaway

SIP registration is a live telecom contract between Asterisk and the provider: it establishes trust, routes inbound calls, and enables outbound calling.

When registration fails, the root cause is almost always one of:

  • Credentials / realm mismatch (401 loops)
  • Provider policy / IP whitelist (403)
  • NAT or firewall blocking responses (No Response)

Use PJSIP logger + tcpdump + Wireshark to prove the truth of what is happening on the network.

Try it

Want to see API-driven CRM + Telecom workflows in action? Try the WhatsApp bot or explore the demos.

💬 Try WhatsApp Bot ▶️ Watch CRM YouTube Demos
Tip: Comment “Try the bot” on our YouTube videos to see automation in action.
M
MYLINEHUB Team
Published: 2026-02-10
Quick feedback
Was this helpful? (Yes 0 • No 0)
Reaction

Comments (0)

Be the first to comment.