VoIP Mailing List Archives :: View topic - [asterisk-users] Update peer IP address

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[asterisk-users] Update peer IP address

Goto page Previous 1, 2

VoIP Mailing List Archives Forum Index -> Asterisk Users

View previous topic :: View next topic

Author

Message

sgriepentrog at digium...
Guest

Posted: Thu Apr 02, 2015 3:00 pm Post subject: [asterisk-users] Update peer IP address

Actually, the IP address is still used to identify the incoming invite. With the insecure=port option set, Asterisk will presume the invite to still match the trunk account even if the NAT router has mangled (changed) the port number. My suspicion is that when the new register goes out, it's creating a new state in the firewall, resulting in a new port number, which is why you would have to allow anonymous calls to then accept it without insecure=port. The other possibility is that you have a port forward in the router set, which is similarly mangling the port number. With a valid registration being held, and assuming the router does not drop UDP states faster than 30 minutes, and also assuming that the provider is sending you invites on the registered port rather than always on 5060, there should not be a need for an inbound port forward to Asterisk, and you should not need insecure=port.

The invite option disables authentication - which means only that Asterisk will not force a check of the password on the other end. Where the IP address is well known and trusted, the extra overhead and delay of authenticating incoming INVITEs is not needed.

On Thu, Apr 2, 2015 at 2:28 PM, Daniel Heckl <daniel.heckl@gmail.com (daniel.heckl@gmail.com)> wrote:

Quote:

Scott, I have changed the configuration as said it and will test it. I’m curious.

Can you briefly explain what insecure=invite,port does?

;insecure=port ; Allow matching of peer by IP address without
; matching port number
;insecure=invite ; Do not require authentication of incoming INVITEs
;insecure=port,invite ; (both)

Do I understand correctly that in this mode the IP address is not checked and no authentication is required?

Quote:

Am 02.04.2015 um 20:11 schrieb Scott Griepentrog <sgriepentrog@digium.com (sgriepentrog@digium.com)>:

I'd be curious if setting

insecure=invite,port

makes any difference either (without alllowguest on).

On Thu, Apr 2, 2015 at 9:03 AM, Daniel Heckl <daniel.heckl@gmail.com (daniel.heckl@gmail.com)> wrote:

Quote:

Am 01.04.2015 um 19:23 schrieb Sebastian Kemper <sebastian_ml@gmx.net (sebastian_ml@gmx.net)>:

On Wed, Apr 01, 2015 at 11:00:56AM -0400, Andres wrote:

Quote:

On 4/1/15 10:48 AM, Daniel Heckl wrote:

Quote:

John,

thank you four your answer. I think you have misunderstood the
problem. It’s about a ip address change of the sip trunk, not of my
asterisk server.

You would probably benefit by enabling the DNS Manager to allow for
dynamic IP changes:

# cat dnsmgr.conf [general] enable=yes ; enable creation
of managed DNS lookups ; default is 'no' refreshinterval=180 ;
refresh managed DNS lookups every <n> seconds ; default is 300 (5
minutes)

Hello Andres,

I read that same suggestion elsewhere in connection with Deutsche
Telekom, so it seems there's some benefit in it.

Daniel, did you try it out already?

Kind regards,
Sebastian

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

Scott Griepentrog
Digium, Inc · Software Developer
445 Jan Davis Drive NW · Huntsville, AL 35806 · US
direct/fax: +1 256 428 6239 · mobile: +1 256 580 6090
Check us out at: http://digium.com · http://asterisk.org

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

daniel.heckl at gmail.com
Guest

Posted: Thu Apr 02, 2015 3:23 pm Post subject: [asterisk-users] Update peer IP address

Okay, Scott, I think we are on the wrong path. Maybe I'm wrong though.

I will summarize again briefly the problems together:

The peer ip address could be another than the ip address of incoming invites
After an re-register the REGISTER is send to the new SIP server, answered with OK. But the peer ip address is still the old one (sip show peers).
If now is a INVITE, the request is answered with 401 Unauthorized.

That’s why I would say, the problem is not the port or a needed authentication. My Asterisk works behind a NAT without port forwarding and nat=no, I have qualify=yes that it does not come to a NAT timeout.

Here is an example. The peer ip address was at this time 217.0.23.100, the INVITE came from 217.0.23.68 an was rejected with 401 Unauthorized:

INVITE [url=sip:06123456789@80.000.111.222:45061]sip:06123456789@80.000.111.222:45061[/url] SIP/2.0
Max-Forwards: 58
Via: SIP/2.0/UDP 217.0.23.68:5060;branch=z9hG4bKg3Zqkv7ib7h2smv8whryjnos88srot1i7
To: <[url=sip:6123456789@telekom.de]sip:6123456789@telekom.de[/url]>
From: <[url=sip:+49123456789@tel.t-online.de;user=phone]sip:+49123456789@tel.t-online.de;user=phone[/url]>;tag=h7g4Esbg_44c62525
Call-ID: af71bbfbf269b895@62.155.0.75 (af71bbfbf269b895@62.155.0.75)
CSeq: 3950540 INVITE
Contact: <[url=sip:sgc_c@217.0.23.68;transport=udp]sip:sgc_c@217.0.23.68;transport=udp[/url]>
Record-Route: <[url=sip:217.0.23.68;transport=udp;lr]sip:217.0.23.68;transport=udp;lr[/url]>
Min-Se: 900
P-Asserted-Identity: <[url=sip:+49123456789@tel.t-online.de;user=phone]sip:+49123456789@tel.t-online.de;user=phone[/url]>
Session-Expires: 3600
Supported: histinfo
Supported: timer
Supported: norefersub
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 204
Allow: ACK, BYE, CANCEL, INFO, INVITE, OPTIONS, PRACK, REFER, REGISTER, UPDATE

v=0
o=- 0 0 IN IP4 217.0.23.68
s=-
c=IN IP4 217.0.4.134
t=0 0
m=audio 36480 RTP/AVP 9 8 102
a=rtpmap:9 G722/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:102 telephone-event/8000
a=maxptime:20
a=ptime:20

Quote:

Am 02.04.2015 um 22:00 schrieb Scott Griepentrog <sgriepentrog@digium.com (sgriepentrog@digium.com)>:
Actually, the IP address is still used to identify the incoming invite. With the insecure=port option set, Asterisk will presume the invite to still match the trunk account even if the NAT router has mangled (changed) the port number. My suspicion is that when the new register goes out, it's creating a new state in the firewall, resulting in a new port number, which is why you would have to allow anonymous calls to then accept it without insecure=port. The other possibility is that you have a port forward in the router set, which is similarly mangling the port number. With a valid registration being held, and assuming the router does not drop UDP states faster than 30 minutes, and also assuming that the provider is sending you invites on the registered port rather than always on 5060, there should not be a need for an inbound port forward to Asterisk, and you should not need insecure=port.

The invite option disables authentication - which means only that Asterisk will not force a check of the password on the other end. Where the IP address is well known and trusted, the extra overhead and delay of authenticating incoming INVITEs is not needed.

On Thu, Apr 2, 2015 at 2:28 PM, Daniel Heckl <daniel.heckl@gmail.com (daniel.heckl@gmail.com)> wrote:

Quote:

Am 02.04.2015 um 20:11 schrieb Scott Griepentrog <sgriepentrog@digium.com (sgriepentrog@digium.com)>:
I'd be curious if setting

insecure=invite,port

makes any difference either (without alllowguest on).

On Thu, Apr 2, 2015 at 9:03 AM, Daniel Heckl <daniel.heckl@gmail.com (daniel.heckl@gmail.com)> wrote:

Quote:

Ok, I have tested dnsmgr. This is not a solution, the situation has not changed. With dnsmgr I can not place outbound calls. I do not know why and what dnsmgr really do. My current solution is as follows: Say allowguest=yes, configure the default context that there can not be placed outbound calls. Use iptables to DROP all at your SIP port and allow only your local phones and the sip trunk ip range. I think srvlookup must be set to yes to place outbound calls if there is an ip address change. I think with the restriction of the firewall that should be a secure solution. > Am 01.04.2015 um 19:23 schrieb Sebastian Kemper <sebastian_ml@gmx.net (sebastian_ml@gmx.net)>: > > On Wed, Apr 01, 2015 at 11:00:56AM -0400, Andres wrote: >> On 4/1/15 10:48 AM, Daniel Heckl wrote: >>> John, >>> >>> thank you four your answer. I think you have misunderstood the >>> problem. It’s about a ip address change of the sip trunk, not of my >>> asterisk server. >> You would probably benefit by enabling the DNS Manager to allow for >> dynamic IP changes: >> >> # cat dnsmgr.conf [general] enable=yes ; enable creation >> of managed DNS lookups ; default is 'no' refreshinterval=180 ; >> refresh managed DNS lookups every <n> seconds ; default is 300 (5 >> minutes) > > Hello Andres, > > I read that same suggestion elsewhere in connection with Deutsche > Telekom, so it seems there's some benefit in it. > > Daniel, did you try it out already? > > Kind regards, > Sebastian > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

Scott GriepentrogDigium, Inc · Software Developer445 Jan Davis Drive NW · Huntsville, AL 35806 · USdirect/fax: +1 256 428 6239 · mobile: +1 256 580 6090Check us out at: http://digium.com · http://asterisk.org

-- _____________________________________________________________________-- Bandwidth and Colocation Provided by http://www.api-digital.com --New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/helloasterisk-users mailing listTo UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

Scott GriepentrogDigium, Inc · Software Developer445 Jan Davis Drive NW · Huntsville, AL 35806 · USdirect/fax: +1 256 428 6239 · mobile: +1 256 580 6090Check us out at: http://digium.com · http://asterisk.org

-- _____________________________________________________________________-- Bandwidth and Colocation Provided by http://www.api-digital.com --New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/helloasterisk-users mailing listTo UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

sgriepentrog at digium...
Guest

Posted: Thu Apr 02, 2015 4:22 pm Post subject: [asterisk-users] Update peer IP address

That sounds like asterisk was working 100% correctly. If you receive an INVITE from an unknown IP address, then it should fail. Unless you want to allow anonymous, which is genearlly a very bad idea.

If you are registering to IP X, but the provider may be transmitting invites from any number of other IP addresses, then you need a list of IP addresses, and have a trunk configuration set up for each one so that they are all recognized (with insecure=port,invite).

If the provider is requiring you to accept invites from random IP addresses, get a new provider.

On Thu, Apr 2, 2015 at 3:23 PM, Daniel Heckl <daniel.heckl@gmail.com (daniel.heckl@gmail.com)> wrote:

Quote:

Okay, Scott, I think we are on the wrong path. Maybe I'm wrong though.

I will summarize again briefly the problems together:

The peer ip address could be another than the ip address of incoming invites
After an re-register the REGISTER is send to the new SIP server, answered with OK. But the peer ip address is still the old one (sip show peers).
If now is a INVITE, the request is answered with 401 Unauthorized.

That’s why I would say, the problem is not the port or a needed authentication. My Asterisk works behind a NAT without port forwarding and nat=no, I have qualify=yes that it does not come to a NAT timeout.

Here is an example. The peer ip address was at this time 217.0.23.100, the INVITE came from 217.0.23.68 an was rejected with 401 Unauthorized:

INVITE sip:06123456789@80.000.111.222:45061 SIP/2.0
Max-Forwards: 58
Via: SIP/2.0/UDP 217.0.23.68:5060;branch=z9hG4bKg3Zqkv7ib7h2smv8whryjnos88srot1i7
To: <sip:6123456789@telekom.de>
From: <sip:+49123456789@tel.t-online.de;user=phone>;tag=h7g4Esbg_44c62525
Call-ID: af71bbfbf269b895@62.155.0.75 (af71bbfbf269b895@62.155.0.75)
CSeq: 3950540 INVITE
Contact: <sip:sgc_c@217.0.23.68;transport=udp>
Record-Route: <sip:217.0.23.68;transport=udp;lr>
Min-Se: 900
P-Asserted-Identity: <sip:+49123456789@tel.t-online.de;user=phone>
Session-Expires: 3600
Supported: histinfo
Supported: timer
Supported: norefersub
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 204
Allow: ACK, BYE, CANCEL, INFO, INVITE, OPTIONS, PRACK, REFER, REGISTER, UPDATE

v=0
o=- 0 0 IN IP4 217.0.23.68
s=-
c=IN IP4 217.0.4.134
t=0 0
m=audio 36480 RTP/AVP 9 8 102
a=rtpmap:9 G722/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:102 telephone-event/8000
a=maxptime:20
a=ptime:20

Quote:

Am 02.04.2015 um 22:00 schrieb Scott Griepentrog <sgriepentrog@digium.com (sgriepentrog@digium.com)>:

Actually, the IP address is still used to identify the incoming invite. With the insecure=port option set, Asterisk will presume the invite to still match the trunk account even if the NAT router has mangled (changed) the port number. My suspicion is that when the new register goes out, it's creating a new state in the firewall, resulting in a new port number, which is why you would have to allow anonymous calls to then accept it without insecure=port. The other possibility is that you have a port forward in the router set, which is similarly mangling the port number. With a valid registration being held, and assuming the router does not drop UDP states faster than 30 minutes, and also assuming that the provider is sending you invites on the registered port rather than always on 5060, there should not be a need for an inbound port forward to Asterisk, and you should not need insecure=port.

The invite option disables authentication - which means only that Asterisk will not force a check of the password on the other end. Where the IP address is well known and trusted, the extra overhead and delay of authenticating incoming INVITEs is not needed.

On Thu, Apr 2, 2015 at 2:28 PM, Daniel Heckl <daniel.heckl@gmail.com (daniel.heckl@gmail.com)> wrote:

Quote:

Am 01.04.2015 um 19:23 schrieb Sebastian Kemper <sebastian_ml@gmx.net (sebastian_ml@gmx.net)>:

On Wed, Apr 01, 2015 at 11:00:56AM -0400, Andres wrote:

Quote:

On 4/1/15 10:48 AM, Daniel Heckl wrote:

Quote:

John,

thank you four your answer. I think you have misunderstood the
problem. It’s about a ip address change of the sip trunk, not of my
asterisk server.

daniel.heckl at gmail.com
Guest

Posted: Thu Apr 02, 2015 4:34 pm Post subject: [asterisk-users] Update peer IP address

I do not want set allowguest=yes. The problem is, there is no official list with ip addresses of Telekom Germany. But I think all ip addresses comes from the ip range 217.0.0.0/13.
I have now the following addition to sip.conf. I think it is the only safe option. Or what would you say?

[telekom](!)
context=from-trunk
type=peer
defaultuser=
authuser=
remotesecret=
fromdomain=tel.t-online.de
qualify=no
dtmfmode=rfc2833
directmedia=no
sendrpid=pai
trustrpid=no
insecure=port,invite
disallow=all
allow=g722
allow=alaw
allow=gsm
deny=0.0.0.0/0
permit=217.0.0.0/13

[DTAG-IP_IN18_016](telekom)
host=217.0.18.16

[DTAG-IP_IN18_036](telekom)
host=217.0.18.36

etc.

Quote:

Am 02.04.2015 um 23:21 schrieb Scott Griepentrog <sgriepentrog@digium.com (sgriepentrog@digium.com)>:
That sounds like asterisk was working 100% correctly. If you receive an INVITE from an unknown IP address, then it should fail. Unless you want to allow anonymous, which is genearlly a very bad idea.

If you are registering to IP X, but the provider may be transmitting invites from any number of other IP addresses, then you need a list of IP addresses, and have a trunk configuration set up for each one so that they are all recognized (with insecure=port,invite).

If the provider is requiring you to accept invites from random IP addresses, get a new provider.

On Thu, Apr 2, 2015 at 3:23 PM, Daniel Heckl <daniel.heckl@gmail.com (daniel.heckl@gmail.com)> wrote:

Quote:

Okay, Scott, I think we are on the wrong path. Maybe I'm wrong though.

I will summarize again briefly the problems together:

The peer ip address could be another than the ip address of incoming invites
After an re-register the REGISTER is send to the new SIP server, answered with OK. But the peer ip address is still the old one (sip show peers).
If now is a INVITE, the request is answered with 401 Unauthorized.

That’s why I would say, the problem is not the port or a needed authentication. My Asterisk works behind a NAT without port forwarding and nat=no, I have qualify=yes that it does not come to a NAT timeout.

Here is an example. The peer ip address was at this time 217.0.23.100, the INVITE came from 217.0.23.68 an was rejected with 401 Unauthorized:

INVITE sip:06123456789@80.000.111.222:45061 SIP/2.0
Max-Forwards: 58
Via: SIP/2.0/UDP 217.0.23.68:5060;branch=z9hG4bKg3Zqkv7ib7h2smv8whryjnos88srot1i7
To: <sip:6123456789@telekom.de>
From: <sip:+49123456789@tel.t-online.de;user=phone>;tag=h7g4Esbg_44c62525
Call-ID: af71bbfbf269b895@62.155.0.75 (af71bbfbf269b895@62.155.0.75)
CSeq: 3950540 INVITE
Contact: <sip:sgc_c@217.0.23.68;transport=udp>
Record-Route: <sip:217.0.23.68;transport=udp;lr>
Min-Se: 900
P-Asserted-Identity: <sip:+49123456789@tel.t-online.de;user=phone>
Session-Expires: 3600
Supported: histinfo
Supported: timer
Supported: norefersub
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 204
Allow: ACK, BYE, CANCEL, INFO, INVITE, OPTIONS, PRACK, REFER, REGISTER, UPDATE

v=0
o=- 0 0 IN IP4 217.0.23.68
s=-
c=IN IP4 217.0.4.134
t=0 0
m=audio 36480 RTP/AVP 9 8 102
a=rtpmap:9 G722/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:102 telephone-event/8000
a=maxptime:20
a=ptime:20

Quote:

Am 02.04.2015 um 20:11 schrieb Scott Griepentrog <sgriepentrog@digium.com (sgriepentrog@digium.com)>:
I'd be curious if setting

insecure=invite,port

makes any difference either (without alllowguest on).

On Thu, Apr 2, 2015 at 9:03 AM, Daniel Heckl <daniel.heckl@gmail.com (daniel.heckl@gmail.com)> wrote:

Quote:

Scott GriepentrogDigium, Inc · Software Developer445 Jan Davis Drive NW · Huntsville, AL 35806 · USdirect/fax: +1 256 428 6239 · mobile: +1 256 580 6090Check us out at: http://digium.com · http://asterisk.org

-- _____________________________________________________________________-- Bandwidth and Colocation Provided by http://www.api-digital.com --New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/helloasterisk-users mailing listTo UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

Scott GriepentrogDigium, Inc · Software Developer445 Jan Davis Drive NW · Huntsville, AL 35806 · USdirect/fax: +1 256 428 6239 · mobile: +1 256 580 6090Check us out at: http://digium.com · http://asterisk.org

-- _____________________________________________________________________-- Bandwidth and Colocation Provided by http://www.api-digital.com --New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/helloasterisk-users mailing listTo UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

Scott GriepentrogDigium, Inc · Software Developer445 Jan Davis Drive NW · Huntsville, AL 35806 · USdirect/fax: +1 256 428 6239 · mobile: +1 256 580 6090Check us out at: http://digium.com · http://asterisk.org

-- _____________________________________________________________________-- Bandwidth and Colocation Provided by http://www.api-digital.com --New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/helloasterisk-users mailing listTo UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

sebastian_ml at gmx.net
Guest

Posted: Tue Apr 14, 2015 1:26 am Post subject: [asterisk-users] Update peer IP address

On Thu, Apr 02, 2015 at 11:33:38PM +0200, Daniel Heckl wrote:

Quote:

I do not want set allowguest=yes. The problem is, there is no official
list with ip addresses of Telekom Germany. But I think all ip
addresses comes from the ip range 217.0.0.0/13.

Hello Daniel,

Judging by the lists I found I think it's more like this subnet:
217.0.16.0/255.255.248.0

Quote:

I have now the following addition to sip.conf. I think it is the only
safe option. Or what would you say?

[telekom](!)

<snip>

Quote:

[DTAG-IP_IN18_016](telekom)
host=217.0.18.16

[DTAG-IP_IN18_036](telekom)
host=217.0.18.36

etc.

This configuration is now running here:

[general]
context=unauthenticated
allowguest=no
srvlookup=no
udpbindaddr=0.0.0.0
tcpenable=no
localnet=172.16.28.0/24
alwaysauthreject=yes
directmedia=no
sdpsession=MyNewSessionString
useragent=MyNewUserAgent
language=de
tonezone=de
defaultexpiry=480

register => 0NUMBER2:PASS:USER@t-online.de@tel.t-online.de/NUMBER2
register => 0NUMBER3:PASS:USER@t-online.de@tel.t-online.de/NUMBER3
register => 0NUMBER4:PASS:USER@t-online.de@tel.t-online.de/NUMBER4

[my-codecs](!)
allow=!all,alaw

[home-phone](!,my-codecs)
acl=voice_vlan
type=friend
host=dynamic
context=LocalSets

[XXXXXXXXXXX](home-phone)
secret=XXXXXXXXXXXXX

[dtag_inbound](my-codecs)
acl=acl_dtag_inbound
type=peer
context=from_dtag
host=tel.t-online.de

[dtag_outbound](my-codecs)
acl=acl_dtag_outbound
type=peer
defaultuser=USER@t-online.de
remotesecret=PASS
host=tel.t-online.de
fromdomain=tel.t-online.de

The thing is, the provider's SIP server hasn't changed the IP yet. This
morning it's still the same as yesterday. And yesterday it was the same
the whole day.

Don't know why I didn't run into the "load balancer" issue (yet). I'm
starting to think it's because I'm "hiding" that I'm using Asterisk
(sdpsession, useragent, also custom systemname in asterisk.conf). But
probably that's not the reason. Anyway, I'm just going to wait until it
doesn't work and then worry about it.

Regards,
Sebastian

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

sebastian_ml at gmx.net
Guest

Posted: Tue Apr 14, 2015 2:56 pm Post subject: [asterisk-users] Update peer IP address

On Tue, Apr 14, 2015 at 09:38:22AM +0200, Daniel Heckl wrote:

Quote:

Sebastian,

Your code sounds good, I'm curious how it goes on.

First the linux machine had the Google Public DNS 8.8.8.8 as DNS
server. After I changed it to the via PPPoE assigned DNS servers, i
had no changes any more. But we should be prepared for changes.

You must enable the dnsmgr. If DNS resolves a new ip, the peer is
updated.

Hello Daniel,

Thanks for the tip. I've enabled the DNS manager. Let's see how it goes.

Kind regards,
Sebastian

Quote:

Am 14.04.2015 um 08:26 schrieb Sebastian Kemper <sebastian_ml@gmx.net>:

Quote:

On Thu, Apr 02, 2015 at 11:33:38PM +0200, Daniel Heckl wrote:
I do not want set allowguest=yes. The problem is, there is no official
list with ip addresses of Telekom Germany. But I think all ip
addresses comes from the ip range 217.0.0.0/13.

Hello Daniel,

Judging by the lists I found I think it's more like this subnet:
217.0.16.0/255.255.248.0

Quote:

I have now the following addition to sip.conf. I think it is the only
safe option. Or what would you say?

[telekom](!)

<snip>

Quote:

[DTAG-IP_IN18_016](telekom)
host=217.0.18.16

[DTAG-IP_IN18_036](telekom)
host=217.0.18.36

etc.

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> Asterisk Users	All times are GMT - 5 Hours Goto page Previous 1, 2
Page 2 of 2

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum