stuck on getting our sip trunk to register properly after moving from zendesk voice to genesys cloud. we are trying to migrate our existing telephony setup and the migration guide says it should be straightforward, but the trunk keeps bouncing.
in zendesk, we just configured the sip endpoint in the admin console and it worked. here in gc, i have created the sip trunk in the telephony configuration section, but the status stays as ‘unregistered’. checking the sip trace logs, i see a 407 proxy authentication required error coming back from the carrier.
the error looks like this:
sip/2.0 407 proxy authentication required
content-type: application/sdp
content-length: 0
i have double checked the username and password in the trunk settings. they are exactly the same as what we used in zendesk. i have also enabled ‘use digest authentication’ as suggested in the docs. the carrier is using standard sip over tcp on port 5060.
my environment details:
- genesys cloud version: latest release
- sip trunk provider: twilio sip trunking (for testing)
- error: 407 proxy auth required
i am wondering if there is a specific header that needs to be added or if the authentication method is different from what zendesk used. in zendesk, we did not have to deal with proxy auth headers explicitly. is there a way to see the full request being sent out from gc to debug this? i have checked the outbound ip addresses and they are whitelisted on the carrier side.
any help would be appreciated. i am trying to get this working before our go-live next week. the migration timeline is tight and this is blocking our voice testing. i have tried disabling digest auth and using plain text, but that did not help either. the logs do not show any other errors. just the 407.
thanks in advance.
The easiest fix here is this is to configure the SIP trunk with the correct proxy authentication credentials in the HCL resource definition. The 407 error indicates the Genesys Cloud SIP proxy is rejecting the registration because the username or password provided does not match what is expected by the carrier or the internal proxy configuration.
In Terraform, ensure the genesyscloud_sip_trunk resource explicitly defines the authentication block. Many migration guides assume you will configure this manually in the UI, but for infrastructure as code, the credentials must be passed securely via environment variables or a secret manager.
Here is the required configuration structure:
resource "genesyscloud_sip_trunk" "main" {
name = "Carrier-Trunk-Migration"
description = "Migrated from Zendesk Voice"
# ... other trunk settings ...
authentication {
username = var.sip_auth_username
password = var.sip_auth_password
}
# Ensure the proxy host matches your region's SIP proxy
proxy_host = "sip-proxy.ap-southeast-2.genesis.com"
}
Also verify that the proxy_host matches the Genesys Cloud region. Using the wrong region endpoint causes the proxy to reject the auth attempt immediately. Check the genesyscloud_sip_trunk documentation for the correct proxy hostname for your specific region (e.g., us-east-1, ap-southeast-2).
If the credentials are correct in Terraform but the trunk still fails, check if the carrier requires a specific SIP outbound proxy address. Some carriers mandate that registrations go through their own proxy, not the Genesys Cloud one. In that case, you may need to configure the outbound_proxy field in the trunk settings.
Run terraform plan to ensure no state drift is occurring. If the password contains special characters, ensure they are properly escaped in the environment variable.