Dear,

I enabled two softphone with ADDRESS.

- codec1 : ip 192.168.30.241/32 5060 - codec2 : ip 192.168.30.242/32 5060

I enable one softphone with SUBSCRIBER

- codec3 : is registered (login/passwd)

codec4 is not part of the domain, is not subriber and address.

Kamailio proxy

- kamailio : ip 192.168.30.240/32 5060

In the kamailio.cfg

ROUTE[AUTH]# IP authorization and user authenticationroute[AUTH] {#!ifdef WITH_AUTH #!ifdef WITH_IPAUTH    if((!is_method("REGISTER")) && allow_source_address()) {        # source IP allowed        return;    }#!endif     if (is_method("REGISTER") || from_uri==myself) {        # authenticate requests        if (!auth_check("$fd", "subscriber", "1")) {            auth_challenge("$fd", "0");            exit;        }        # user authenticated - remove auth header        if(!is_method("REGISTER|PUBLISH"))            consume_credentials();    }    # if caller is not local subscriber, then check if it calls    # a local destination, otherwise deny, not an open relay here    if (from_uri!=myself && uri!=myself) {        sl_send_reply("403","Not relaying");        exit;    } #!else     # authentication not enabled - do not relay at all to foreign networks    if(uri!=myself) {        sl_send_reply("403","Not relaying");        exit;    } #!endif    return;} Regarding the condition  #!ifdef WITH_IPAUTH    if((!is_method("REGISTER")) && allow_source_address()) {        # source IP allowed        return;    }#!endif

USE CASE :

If codec4 (not registered or same domain) tries to INVITE codec3 (in subscriber) the codec, an INVITE MESSAGE is sent and the codec3 could ACK.

- But I don't want to allow the INVITE, I 'd like to not allow the codec4 to reach codec3. - But if codec1 or codec2 tries to reach codec3, kamailio will allow the INVITE.

Best Regards,

-- Youssef BOUJRAF