VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
t.rechberger at gmail.com
Guest
|
 Posted: Sat Mar 29, 2014 5:13 am Post subject: [asterisk-users] additional range parameter for sip peer |
 |
|
Many ITSP are using loadbalancers, so if somebody registers on a sip
peer with specific dns host, an incoming call may be received from a
different ip and the host value in peer section doesnt match, so it will
go to default context.
For example Telekom or 1&1, biggest providers in Germany are using too
many different addresses that its not practical to define them all (up
to 50 hosts and they still add!), as this will also generate too much
traffic (especially with qualify and multiple registrations) and they
may even lock you out as untrusted, which may even result in that they
will block asterisk permanently for everybody. Thats not really desirable.
I think its also not recommended in terms of security to use default
context with allowguest=yes and sort the incoming calls by header,
because this can be faked easily.
From my understanding the permit/deny parameters are only used for
incoming calls if host is set to dynamic and then there will be no
outgoing registration to remote peer possible. permit/deny is used for
access, not for matching.
How about an additional parameter where an range of ip addresses can be
defined in peer section, which will be used for matching calls?
hostmatchrange=x.x.x.x/24
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
 |
t.rechberger at gmail.com
Guest
|
| Posted: Mon Apr 07, 2014 9:36 am Post subject: [asterisk-users] additional range parameter for sip peer |
|
|
Am 29.03.2014 11:12, schrieb Thomas Rechberger:
| Quote: | Many ITSP are using loadbalancers, so if somebody registers on a sip
peer with specific dns host, an incoming call may be received from a
different ip and the host value in peer section doesnt match, so it will
go to default context.
For example Telekom or 1&1, biggest providers in Germany are using too
many different addresses that its not practical to define them all (up
to 50 hosts and they still add!), as this will also generate too much
traffic (especially with qualify and multiple registrations) and they
may even lock you out as untrusted, which may even result in that they
will block asterisk permanently for everybody. Thats not really desirable.
I think its also not recommended in terms of security to use default
context with allowguest=yes and sort the incoming calls by header,
because this can be faked easily.
From my understanding the permit/deny parameters are only used for
incoming calls if host is set to dynamic and then there will be no
outgoing registration to remote peer possible. permit/deny is used for
access, not for matching.
How about an additional parameter where an range of ip addresses can be
defined in peer section, which will be used for matching calls?
hostmatchrange=x.x.x.x/24
|
anyone here?
What do you think about using permit/deny for host matching?
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
