Dear,

I enabled two softphone with ADDRESS.

- codec1 : ip 192.168.30.241/32 5060
- codec2 : ip 192.168.30.242/32 5060

I enable one softphone with SUBSCRIBER

- codec3 : is registered (login/passwd)

codec4 is not part of the domain, is not subriber and address.

Kamailio proxy

- kamailio : ip 192.168.30.240/32 5060

In the kamailio.cfg

ROUTE[AUTH]

# IP authorization and user authentication
route[AUTH] {
#!ifdef WITH_AUTH
#!ifdef WITH_IPAUTH
    if((!is_method("REGISTER")) && allow_source_address()) {
        # source IP allowed
        return;
    }
#!endif
    if (is_method("REGISTER") || from_uri==myself) {
        # authenticate requests
        if (!auth_check("$fd", "subscriber", "1")) {
            auth_challenge("$fd", "0");
            exit;
        }
        # user authenticated - remove auth header
        if(!is_method("REGISTER|PUBLISH"))
            consume_credentials();
    }
    # if caller is not local subscriber, then check if it calls
    # a local destination, otherwise deny, not an open relay here
    if (from_uri!=myself && uri!=myself) {
        sl_send_reply("403","Not relaying");
        exit;
    }
#!else
    # authentication not enabled - do not relay at all to foreign networks
    if(uri!=myself) {
        sl_send_reply("403","Not relaying");
        exit;
    }
#!endif
    return;
}

Regarding the condition

#!ifdef WITH_IPAUTH
    if((!is_method("REGISTER")) && allow_source_address()) {
        # source IP allowed
        return;
    }
#!endif

USE CASE :

If codec4 (not registered or same domain) tries to INVITE codec3 (in subscriber) the codec, an INVITE MESSAGE is sent and the codec3 could ACK.

- But I don't want to allow the INVITE, I 'd like to not allow the codec4 to reach codec3.
- But if codec1 or codec2 tries to reach codec3, kamailio will allow the INVITE.

Best Regards,

--
Youssef BOUJRAF