[Serusers] partially restrict access

Jan Janak jan at iptel.org
Thu Nov 13 23:22:59 CET 2003 

Hello,

the error messages below indicate some problem with routing of replies,
probably ser received a reply with just one Via. Make message dumps
using ngrep and send them to us along with full config file.

 Jan.

On 13-11 15:25, Daniel Medina wrote:
>  We're configuring ser to allow any calls made to local extensions go to
> the local PBX, but restrict 10-digit calls via the gateway from
> non-registered users.  This is the config.
> 
> if (uri=~"^sip:(.+@)?mydomain.edu") {
> 	if (method=="REGISTER") {
> 	log(1, "REGISTER received\n");
> 	if (!www_authorize("mydomain.edu", "subscriber")) {
> 		www_challenge("mydomain.edu", "0");
> 		break;
> 	};
> 	save("location");
> 	break;
> }; 
> 
> # 5-digit local call
> if (uri=~"^sip:[0-9]{5}@mydomain.edu") {
> 	rewritehostport("CISCO_GW:5060");
> 	log(1,"5 digit local call");
> 	route(2);
> 	break;
> };
> 
> # 10 Digit dialing with outside line (93 +1 +number)
> if (uri=~"^sip:931[0-9]{10}@mydomain.edu") {
> 	if(!(src_ip=="CISCO_GW") & 
> 	   !(proxy_authorize("mydomain.edu","subscriber"))) {
> 		proxy_challenge("mydomain.edu", "1");
> 		break;
> 	} else {
> 		rewritehostport("CISCO_GW:5060");
> 		log(1,"Outside line")
> 		route(2);
> 		break;
> 	};
> };
> 
>  I've seen other configs posted which appeared to be more strict than 
> this, specifically they would only allow registered users to may calls, 
> and not accept calls from anonymous sources to local numbers.
> 
>  This above appears to work, sort of.  While it doesn't allow anonymous 
> callers to register, I think it's also not allowing them a chance to 
> authenticate.  The logs say
> 
> ERROR: forward_msg: no 2nd via found in reply 
>  (repeated a few times)
> Outside line 
>  (Indicating that the caller actually passed)
> route[2]:SIP-to-PSTN call routed
> ERROR: reply cannot be parsed
> 
> and repeat.
> 
>  Any clues?
> 
> -- 
> Dan
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list