[SR-Users] Unknown caller gets online user's identity

Mon Jul 14 08:06:12 CEST 2014

Hello,

If one places call, and tell that "my from domain is your Kamailio's 
IP", call is established, because Asterisk accepts requests from 
Kamailio. One problem is that it's unpredictable in this case what is 
the context where thiskind of call is handled by Asterisk.

This situation requires that I change something in my setup. If I decide 
accept calls only from my users, I suppose that it can be quite easily 
done by modifying if statement referred below or at least by applying 
instructions found here:

http://www.kamailio.org/dokuwiki/doku.php/examples:restrict-calls-to-registered-users

However, I'm somewhat unsure what should I do, if I decide to accept 
calls from any caller - not only from my users.

Best,

Teijo

12.7.2014 19:36, Muhammad Shahzad kirjoitti:
> Well, this
>
> *if (from_uri!=myself && uri!=myself)*
>
> Means neither source nor destination is our user. Which implies that if our
> domain is A, then call from domain "B to C" is not possible. However, calls
> from "B or C to A" and "A to B or C" are possible. That is way an
> unauthorized user gets passed and reaches asterisk. Asterisk accepts it
> since call is coming from kamailio and tries to route it back to kamailio,
> where kamailio finds user online and thus it goes through.
>
> You should really break down this,
>
> *if (from_uri!=myself && uri!=myself)*
>
> into something like this for clarity,
>
>
> *if (from_uri!=myself) { *
> *   if (uri!=myself) {*
> *       # neither source nor destination is our user*
> *   } else {*
> *       # source is not our user but destination is our user*
> *   };*
> *} else {*
> *   if (uri!=myself) {*
> *       # source is our user but destination is not our user*
> *   } else {*
> *      # both source and destination are our users*
> *   };*
> *};*
>
> Hope this helps.
>
> Thank you.
>
>
>
>
> On Fri, Jul 11, 2014 at 5:36 PM, <g.aloitus at gmail.com> wrote:
>
>> Hello,
>>
>> I'm using Kamailio version 4.1.4+precise (amd64).
>>
>> I have followed "Kamailio 4.0.x and Asterisk 11.3.0 Realtime Integration
>> using Asterisk Database" (http://kb.asipto.com/
>> asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb). One main
>> difference in my setup compared to that one is that I continued use of
>> Kamailio's database.
>>
>> The problem is as follows:
>>
>> I decided to put Kamailio and through it Asterisk reachable from internet.
>> I have tried to configure Asterisk so that only calls of registered users
>> would be possible, and they could only call to other registered users or
>> conference rooms and echo test number.
>>
>> Then I took the following steps:
>>
>> I ensured that there was no online users with kamctl online. Then I
>> launched MicroSIP (www.microsip.org), but I did not defined account, I
>> simply set the protocol to tls and media encryption to mandatory, because
>> I'm using these.
>>
>> I called to extension with xxx at my.public.ip.address (where xxx is
>> extension) getting "unauthorized". And that was what I wanted.
>>
>> But if there is online users, calls go through, and incoming call is
>> coming from Asterisk (in syslog I can find out that src_user=asterisk).
>>
>> Kamailio and Asterisk are listening the same IP address, but different
>> port. I have refused connections to the Asterisk's port with iptables.
>>
>> I have defined my public IP address as domain in sip.conf. There is also
>> other domain defined which corresponds to users' domain I am using in
>> Kamailio's database.
>>
>> In kamailio.cfg there is if statement which prevents Kamailio not to be
>> open relay:
>>
>> if (from_uri!=myself && uri!=myself)
>> ...
>>
>> If I change this for example:
>>
>> if (from_uri!=myself || uri!=myself)
>>
>> I get what I want this time: no calls from outside, but I somewhat think
>> that this is not a final solution.
>>
>> I have not found from log files such information which would have helped
>> me. I have not yet investigated this problem so much that I could tell the
>> logic behind the selection of online user's identity which is used.
>> However, if I make a call to conference room I notice that Asterisk is
>> thinking that one of online users has joined the conference.
>>
>> If I can recall correctly, I started with Kamailio version 3.2, and
>> integrated it with Asterisk 11 (currently 11.10.2). Is there something
>> which has changed in Kamailio, but what I have not changed in my setup
>> which could explain this.
>>
>> Best,
>>
>> Teijo
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>>
>> TÃ¤mÃ¤ viestin rungon osa siirretÃ¤Ã¤n pyydettÃ¤essÃ¤.