14 Sep
2016
14 Sep
'16
3:49 a.m.
Hello!
I am new to kamailio and trying to use it vanilla config.
Now main question is how to use ip based auth.
I found recent post of Daniel-Constantin Mierla:
http://lists.sip-router.org/pipermail/sr-users/2011-December/071147.html
Here he recommends to use 'address' table from permissions module,
I try yo use advice and add this lines at config begin:
#!define WITH_MYSQL
#!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
#!define WITH_AUTH
#!define WITH_IPAUTH
#!define WITH_USRLOCDB
Database is created and kamailio can access it.
I am add user 1000 to kamailio via kamctl and successful register it with
soft-phone.
I create trunk without registration to kamailio on asterisk server. And
trying to call from asterisk to user 1000. Call is successful. I try to
create file /etc/kamailio/permissions.deny with content 'ALL : ALL'. And
retry previous call. It still sucessful. I try to add record with asterisk
address to 'address' table with group 1. And retry previous call. It still
sucessful.
I am confused. I do not now how to disable any address for ip_auth except
if it in the
'address' table. And allow any address with if it request kamailio with
registration.
--
Best Regards,
Ivan Dudko
14 Sep
14 Sep
7:41 a.m.
Hi Ivan,
What Kamailio version are you using? If 4.4.2 maybe take a look at the thread I started a
few weeks back: http://lists.sip-router.org/pipermail/sr-users/2016-July/093682.html
TL;DR: The 4.4.2 release of the permissions module contains some bugs which are already
fixed by Daniel in the repository. So in case you are also dealing with issues caused by
this bug you can either manually compile the latest GIT version or just use 4.4.1 for now
and wait for the 4.4.3 release.
Best Regards,
Tim Balmer
Van: sr-users [mailto:sr-users-bounces@lists.sip-router.org] Namens Ivan Dudko
Verzonden: woensdag 14 september 2016 09:49
Aan: sr-users(a)lists.sip-router.org
Onderwerp: [SR-Users] Permissions module question
Hello!
I am new to kamailio and trying to use it vanilla config.
Now main question is how to use ip based auth.
I found recent post of Daniel-Constantin Mierla:
http://lists.sip-router.org/pipermail/sr-users/2011-December/071147.html
Here he recommends to use 'address' table from permissions module,
I try yo use advice and add this lines at config begin:
#!define WITH_MYSQL
#!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
#!define WITH_AUTH
#!define WITH_IPAUTH
#!define WITH_USRLOCDB
Database is created and kamailio can access it.
I am add user 1000 to kamailio via kamctl and successful register it with soft-phone.
I create trunk without registration to kamailio on asterisk server. And trying to call
from asterisk to user 1000. Call is successful. I try to create file
/etc/kamailio/permissions.deny with content 'ALL : ALL'. And retry previous call.
It still sucessful. I try to add record with asterisk address to 'address' table
with group 1. And retry previous call. It still sucessful.
I am confused. I do not now how to disable any address for ip_auth except if it in the
'address' table. And allow any address with if it request kamailio with
registration.
--
Best Regards,
Ivan Dudko
9:30 a.m.
Hi Tim,
I think in this thread you talk about this commit:
https://github.com/kamailio/kamailio/commit/5d285e90b0f145410acd15a7abf96d3…
But i talk about work of function allow_source_address() which have to
check if ip address in the 'address' table.
Like in vanilla config:
#!ifdef WITH_IPAUTH
if((!is_method("REGISTER")) && allow_source_address()) {
# source IP allowed
return;
}
#!endif
I think this is another problem.
Best Regards,
Ivan Dudko
ср, 14 сент. 2016 г. в 15:41, Tim Balmer <t.balmer(a)edutel.nl>nl>:
Hi Ivan,
What Kamailio version are you using? If 4.4.2 maybe take a look at the
thread I started a few weeks back:
http://lists.sip-router.org/pipermail/sr-users/2016-July/093682.html
TL;DR: The 4.4.2 release of the permissions module contains some bugs
which are already fixed by Daniel in the repository. So in case you are
also dealing with issues caused by this bug you can either manually compile
the latest GIT version or just use 4.4.1 for now and wait for the 4.4.3
release.
Best Regards,
Tim Balmer
*Van:* sr-users [mailto:sr-users-bounces@lists.sip-router.org] *Namens *Ivan
Dudko
*Verzonden:* woensdag 14 september 2016 09:49
*Aan:* sr-users(a)lists.sip-router.org
*Onderwerp:* [SR-Users] Permissions module question
Hello!
I am new to kamailio and trying to use it vanilla config.
Now main question is how to use ip based auth.
I found recent post of Daniel-Constantin Mierla:
http://lists.sip-router.org/pipermail/sr-users/2011-December/071147.html
Here he recommends to use 'address' table from permissions module,
I try yo use advice and add this lines at config begin:
#!define WITH_MYSQL
#!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
#!define WITH_AUTH
#!define WITH_IPAUTH
#!define WITH_USRLOCDB
Database is created and kamailio can access it.
I am add user 1000 to kamailio via kamctl and successful register it with
soft-phone.
I create trunk without registration to kamailio on asterisk server. And
trying to call from asterisk to user 1000. Call is successful. I try to
create file /etc/kamailio/permissions.deny with content 'ALL : ALL'. And
retry previous call. It still sucessful. I try to add record with asterisk
address to 'address' table with group 1. And retry previous call. It still
sucessful.
I am confused. I do not now how to disable any address for ip_auth except
if it in the
'address' table. And allow any address with if it request kamailio with
registration.
--
Best Regards,
Ivan Dudko
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
15 Sep
15 Sep
7:06 a.m.
Hello,
On 14/09/16 09:49, Ivan Dudko wrote:
Hello!
I am new to kamailio and trying to use it vanilla config.
Now main question is how to use ip based auth.
I found recent post of Daniel-Constantin Mierla:
http://lists.sip-router.org/pipermail/sr-users/2011-December/071147.html
Here he recommends to use 'address' table from permissions module,
I try yo use advice and add this lines at config begin:
#!define WITH_MYSQL
#!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
#!define WITH_AUTH
#!define WITH_IPAUTH
#!define WITH_USRLOCDB
Database is created and kamailio can access it.
I am add user 1000 to kamailio via kamctl and successful register it
with soft-phone.
I create trunk without registration to kamailio on asterisk server.
And trying to call from asterisk to user 1000. Call is successful. I
try to create file /etc/kamailio/permissions.deny with content 'ALL :
ALL'. And retry previous call. It still sucessful. I try to add record
with asterisk address to 'address' table with group 1. And retry
previous call. It still sucessful.
I am confused. I do not now how to disable any address for ip_auth
except if it in the
'address' table. And allow any address with if it request kamailio
with registration.
forget about the /etc/kamailio/*.deny or *.allow files, they are not
related to IP matching with address table at all.
If you want to deny traffic from ip addresses stored in address table
with grp 10, then do:
if(allow_source_address("10")) {
send_reply("403", "Forbidden");
exit;
}
If you want to allow traffic only from ip addresses stored in address
table with grp 10, then negate the condition, do:
if( ! allow_source_address("10")) {
send_reply("403", "Forbidden");
exit;
}
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://www.asipto.com - http://www.kamailio.org
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
11 Oct
11 Oct
6:57 a.m.
Daniel,
Thank you. It works.
чт, 15 сент. 2016 г. в 15:07, Daniel-Constantin Mierla <miconda(a)gmail.com>om>:
Hello,
On 14/09/16 09:49, Ivan Dudko wrote:
Hello!
I am new to kamailio and trying to use it vanilla config.
Now main question is how to use ip based auth.
I found recent post of Daniel-Constantin Mierla:
http://lists.sip-router.org/pipermail/sr-users/2011-December/071147.html
Here he recommends to use 'address' table from permissions module,
I try yo use advice and add this lines at config begin:
#!define WITH_MYSQL
#!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
#!define WITH_AUTH
#!define WITH_IPAUTH
#!define WITH_USRLOCDB
Database is created and kamailio can access it.
I am add user 1000 to kamailio via kamctl and successful register it with
soft-phone.
I create trunk without registration to kamailio on asterisk server. And
trying to call from asterisk to user 1000. Call is successful. I try to
create file /etc/kamailio/permissions.deny with content 'ALL : ALL'. And
retry previous call. It still sucessful. I try to add record with asterisk
address to 'address' table with group 1. And retry previous call. It still
sucessful.
I am confused. I do not now how to disable any address for ip_auth except
if it in the
'address' table. And allow any address with if it request kamailio with
registration.
forget about the /etc/kamailio/*.deny or *.allow files, they are not
related to IP matching with address table at all.
If you want to deny traffic from ip addresses stored in address table with
grp 10, then do:
if(allow_source_address("10")) {
send_reply("403", "Forbidden");
exit;
}
If you want to allow traffic only from ip addresses stored in address
table with grp 10, then negate the condition, do:
if( ! allow_source_address("10")) {
send_reply("403", "Forbidden");
exit;
}
Cheers,
Daniel
--
Daniel-Constantin Mierlahttp://www.asipto.com -
http://www.kamailio.orghttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
2999
days inactive
3026
days old
4 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
Ivan Dudko -
Tim Balmer