Thank you. Looks like it is ok now. My mistake was to use uac_repace_from in request route first time. Then i rewrite script to call replace only from branch route everything become fine. But anyway uac_repace_from works strange way, should maybe write something in logs.
so result is: if we need to use uac_repace_from more then once in a transaction it should be called from branch_route only. not from request route.
i also noted that my clients send proxy auth info on all ACK and BYE, so i cut them in the beginning of a route:
# we now not authenticating ACKs and BYE, just to prevent relay # of auth data to external providers if ( is_method("ACK|BYE") && is_present_hf("Proxy-Authorization")) remove_hf("Proxy-Authorization");
consume_credentials doesn't help here
Maybe i should use normal (not proxy) authentication on their INVITE?