<p class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">Hi
List,<br>
I am using kamailio 1.4 and authenticating INVITE if the source ip address is
not in trusted table but one of the IP which is not in the trusted
table was able to bypass INVITE authentication, . I don’t have SIP traces saved from
the called but when that was happening I could see that the INVITE didn’t have
auth credentials but caller was able to bypass authentication and was sending
calls to my upstream gateway.</span></p>
<p class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">Caller’s
IP is definitely not in the trusted table, I am just wondering is it something wrong
in my script or similar issue has reported before ;<br>
</span></p><p class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">Thanks in Advance</span></p><p class="MsoNormal" style="line-height: normal;">
<span style="font-size: 12pt; font-family: "Times New Roman","serif";">Asim<br></span></p><p class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">
route[2] {<br>
xlog("L_INFO",
"[ROUTE-2] Received initial INVITE from $si\n");<br>
<br>
setflag(2);<br>
setflag(3);<br>
<br>
if(is_from_local()) {<br>
if(!allow_trusted()) {<br>
xlog("L_INFO", "[ROUTE-2 !] Issuing proxy challenge\n");<br>
<br>
if(!proxy_authorize("", "subscriber")) {<br>
proxy_challenge("", "1");<br>
exit;<br>
}<br>
<br>
else if(!check_from()) {<br>
xlog("L_INFO", "[ROUTE-2 !] From URI denied\n");<br>
sl_send_reply("403", "Forbidden");<br>
exit;<br>
}<br>
}<br>
<br>
else {<br>
xlog("L_INFO", "[ROUTE-2 !] From URI domain not local -
denied\n");<br>
sl_send_reply("403", "Forbidden");<br>
exit;<br>
}<br>
}<br>
consume_credentials();<br>
<br>
xlog("L_INFO",
"[ROUTE-2 ->] Authentication credentials valid\n");<br>
<br>
if(nat_uac_test("1")) {<br>
xlog("L_INFO", "[ROUTE-2 ->] RFC1918 contact found - fixing
up\n");<br>
fix_nated_contact();<br>
force_rport();<br>
setbflag(7);<br>
}<br>
<br>
<br>
if(nat_uac_test("8")
&& search("Content-Type: application/sdp")) {<br>
xlog("L_INFO", "[ROUTE-2 ->] RFC1918 SDP endpoint found -
fixing up\n");<br>
fix_nated_sdp("10");<br>
}<br>
<br>
<br>
# Apply outbound translations and
figure out where to route the call.<br>
<br>
route(4); # this route the calls to
upstream gateway.<br>
}<br>
<br>
<br>
These messages i was getting in syslog</span></p>
<p class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">[ROUTE-2] Received initial INVITE
from xxx.xxx.xxx.xxx(Caller_IP)</span></p>
<p class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">ERROR:auth:consume_credentials: no
authorized credentials found (error in scripts) </span></p>
<p class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";"> [ROUTE-2 ->] Authentication
credentials valid </span></p>
<p class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";"> [ROUTE-4] Applying outbound translations
to: 0022334455</span></p>
<p class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";"> [ROUTE-4 ->] Translated
RURI user part to: 22334455</span></p>
<p class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";"> [ROUTE-4 ->] Gateway
election: my_upstream_gateway</span></p>
<p class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";"> [ROUTE-5] Accounting
translation: sip:0022334455@my_upstream_gateway</span></p>
<p class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";"> [ROUTE-2 ->] Relaying</span></p>
<p class="MsoNormal"> </p>