[Serusers] partially restrict access
Jan Janak
jan at iptel.org
Thu Nov 13 23:22:59 CET 2003
Hello,
the error messages below indicate some problem with routing of replies,
probably ser received a reply with just one Via. Make message dumps
using ngrep and send them to us along with full config file.
Jan.
On 13-11 15:25, Daniel Medina wrote:
> We're configuring ser to allow any calls made to local extensions go to
> the local PBX, but restrict 10-digit calls via the gateway from
> non-registered users. This is the config.
>
> if (uri=~"^sip:(.+@)?mydomain.edu") {
> if (method=="REGISTER") {
> log(1, "REGISTER received\n");
> if (!www_authorize("mydomain.edu", "subscriber")) {
> www_challenge("mydomain.edu", "0");
> break;
> };
> save("location");
> break;
> };
>
> # 5-digit local call
> if (uri=~"^sip:[0-9]{5}@mydomain.edu") {
> rewritehostport("CISCO_GW:5060");
> log(1,"5 digit local call");
> route(2);
> break;
> };
>
> # 10 Digit dialing with outside line (93 +1 +number)
> if (uri=~"^sip:931[0-9]{10}@mydomain.edu") {
> if(!(src_ip=="CISCO_GW") &
> !(proxy_authorize("mydomain.edu","subscriber"))) {
> proxy_challenge("mydomain.edu", "1");
> break;
> } else {
> rewritehostport("CISCO_GW:5060");
> log(1,"Outside line")
> route(2);
> break;
> };
> };
>
> I've seen other configs posted which appeared to be more strict than
> this, specifically they would only allow registered users to may calls,
> and not accept calls from anonymous sources to local numbers.
>
> This above appears to work, sort of. While it doesn't allow anonymous
> callers to register, I think it's also not allowing them a chance to
> authenticate. The logs say
>
> ERROR: forward_msg: no 2nd via found in reply
> (repeated a few times)
> Outside line
> (Indicating that the caller actually passed)
> route[2]:SIP-to-PSTN call routed
> ERROR: reply cannot be parsed
>
> and repeat.
>
> Any clues?
>
> --
> Dan
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list