[Serusers] Advice needed

Michael Ulitskiy mdu113 at acedsl.com
Sat May 21 20:18:01 CEST 2005 

On Saturday 21 May 2005 02:31 am, you wrote:
> I would say SER is what you need, except that you struggle with the 
> authentication.  You have the following scenarios:
> 1. PSTN termination with IP-based access control (easiest)
> 2. PSTN termination with authentication of all INVITEs (yes, that's the UAC 
> module. You should contact the maintainer,  Ramona-Elena Modroiu about the 
> status. I thought it was reported to work, but haven't tried myself)
> 3. PSTN termination with registration and authentication of REGISTER (but 
> not INVITEs).  Use sipsak to generate a REGISTER for your box.
> 
> #2 requires that all INVITEs are sent twice and is not a very good option. 
> I would seek out PSTN providers who will give you #1.
> g-)
 
UAC module doesn't work and I think won't work unless ser is made call-statefull,
'cause it needs to adjust cseq within dialog. I posted my findings to this list
several days ago (UAC module (backport to 0.9.0). Nobody replied so I guess
nobody knows the way to make it work.
As for ip auth I guess it's just not good enough. UDP invites don't require any handshake
it's not hard at all to spoof ip address. I believe sending 2 invites worth the security it
actually adds.
Also I don't understand what you mean by #3. Taking ip address from authenticated REGISTER
and then doing IP auth on that?
Thanks,

Michael
 
> Michael Ulitskiy wrote:
> > Hello,
> >
> > I'd like ask for advice on what is in your opinion the best solution
> > in the following scenario.
> > I have a bunch of sip servers (asterisk boxes as my users need pbx
> > functionality) that can make sip call to each other and my PSTN
> > gateway. Now I want to purchase PSTN terminitaion in several
> > different markets (and probably more in the future). All those
> > terminations will require authentication.
> > I want all my boxes when they see non-local call to send it to a
> > central routing server that would determine where this call should
> > be sent and authenticate to the appropriate provider so that I don't
> > have to configure all credentials on all asterisk boxes. Also I want
> > it not to deal with the media at all. All media streams should go
> > directly from asterisk box to the PSTN termination provider.
> > So basically it should be central SIP router that is able to
> > authenticate calls if neccessary.
> > I thought I could do it with SER and its UAC module, but it appears
> > UAC module doesn't work and probably won't work (see my previous
> > post in this list about UAC backport to 0.9.0).
> > Also I don't want to use asterisk in this place as asterisk always
> > wants to stay in media path and I'd really like to avoid of getting
> > into hassle with re-invites.
> > So the question is what are my options and what you would advice
> > as a solution. Are there any software out there that can do it
> > (preferably open-source, of course) or what else you could suggest to
> > do to get desired results.
> > Thanks a lot, 
> 
> 

-- 
See you later,
                    Michael


-------------------------------------------------------

-- 
See you later,
                    Michael

More information about the sr-users mailing list