VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
mike at reachme.com
Guest
|
 Posted: Mon Mar 24, 2008 11:04 pm Post subject: [asterisk-users] Sip exten matching based on contact: sip he |
 |
|
Asterisk: 1.4.17 with sip realtime
Openser 1.3.x
Hi,
I had this setup working fine until I try putting OpenSER in the picture as
a proxy.
Unauthenticated calls go to a PRI based app via a ZAP channel, calls to sip
users get send to them etc. Now with a proxy in the picture asterisk asks
the incoming calls for authentication "407 Proxy Authentication Required".
It seems that the sip channel matching is based only on source IP address
instead of also checking the contact: header as mentioned in the O'Reilly
book.
According to Asterisk 2nd edition it says about insecure "... If you set
insecure=invite, you'll determine which peer to match on by comparing the IP
address or hostname and port number to those provided in the contact field
of the SIP header with the host and port options in sip.conf. If a match is
found, authentication will not be required on the initial INVITE, and the
call will be allowed."
The funny thing is that if I do a 'sip reload' and receive a call from one
my DIDs through the provider it goes to the default context when received
through OpenSER as expected. But once a sip realtime user makes a call it
will match their peer instead of the one specified with the provider's Ip
address.
I've seen this in my logs after turning on sip debugging, it looks like
different users get matched based on the sort of the sip peers list (which
can change based on how long ago a reload was done and who has been active
because of sip realtime).
[Mar 24 17:04:23] Sending to 74.x.x.x : 5060 (no NAT)
[Mar 24 17:04:23] Using INVITE request as basis request - blahblah at 64.x.x.x
[Mar 24 17:04:23] Found peer 'some_peer'
The sip users have their host=ip_of_openser so I can understand why it would
get confused if it didn't check the contact header for clairification since
a call is also coming from that source IP address when proxied through
openser.
Maybe I'm approaching this from the wrong direction, anyone have any ideas?
Mike
[privider1a]
type=peer
host=67.x.x.x
insecure=invite,port
context=default
qualify=999
[provider1a]
type=peer
host=67.x.x.x
insecure=invite,port
context=default
qualify=999
[provider2]
type=peer
;host=sip.provider2.com
host=64.x.x.x
insecure=invite,port
context=default
qualify=999 |
|
| Back to top |
|
 |
greymanvoip at gmail.com
Guest
|
| Posted: Tue Mar 25, 2008 12:21 am Post subject: [asterisk-users] Sip exten matching based on contact: sip he |
|
|
| Quote: | On Tue, Mar 25, 2008 at 4:04 AM, Mike Fedyk <mike at reachme.com> wrote:
It seems that the sip channel matching is based only on source IP address
instead of also checking the contact: header as mentioned in the O'Reilly
book.
According to Asterisk 2nd edition it says about insecure "... If you set
insecure=invite, you'll determine which peer to match on by comparing the IP
address or hostname and port number to those provided in the contact field
of the SIP header with the host and port options in sip.conf. If a match is
found, authentication will not be required on the initial INVITE, and the
call will be allowed."
|
Hi Mike,
I've never heard of Asterisk authenticating based on the Contact
header. The Contact header set by client side user agents will often
contain a private IP address and it's also possible it could contain a
hostname so authenticating based on it would be a tricky proposition.
My understanding of using insecure=invite was that ONLY the host and
port would be used for matching the INVITE requests to an Asterisk SIP
account entry rather than the username and secret. You could also use
insecure=port to specify that the port, username and secret would all
be ignored and only the host used when matching.
Regards,
Greyman. |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
