On 12/10/14 16:26, Manuel Camarg wrote:
Following this asipto guide:
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
I've found that no auth is required to create a communication: Invites are sent regardless of a previously done auth with the kam's auth_db
I've used this sip checker: http://www.sinologic.net/proyectos/asterisk/checkSecurity/
Result:
Uh oh! you allow external calls... Configure better your sip configuration to avoid this calls
SIP/2.0 100 trying -- your call is important to us
What is missing in the config file explained in the guide?
By default with kamailio.cfg we are open for interconnect, thus allowing calls from users of external voip services to local users and from local users to users of external voip services.
If you want to block that, you can change the config so only users with local domains are allowed to use the service.
Also, the tutorial is more like getting started with kamailio and asterisk, you have to tailor it to your needs and constraints you want to have. You can take the tutorials as a basis to build another one which is more restrictive and publish it for people that will have same interests.
Cheers, Daniel