[SR-Users] Unknown caller gets online user's identity
g.aloitus at gmail.com
g.aloitus at gmail.com
Wed Jul 16 08:44:47 CEST 2014
Hello,
Has anybody any solution or suggestion?
If I for example launch MicroSIP (no doubt it could be some other SIP
client), and simply call:
sip:some_extension at my.public.ip.address
call is established, if there is online user/users. Naturally this
incoming call should be handled by Asterisk in context where I have
defined unauthorized calls are handled, but in stead, the call goes
online user's context.
To get this situation I don't need to define any account information in
MicroSIP.
I have not set passwords for users in Asterisk to avoid double
authorization. May this cause the behavior? I have not set default user
or from user in my peer definitions. I am not registering Kamailio to
Asterisk - I mean I have no peer definition for Kamailio in sip.conf.
I do not know what direction to go to. I would be happy, if I should not
go to the trial and error path so any help is welcome.
Thanks in advance,
Teijo
14.7.2014 9:06, g.aloitus at gmail.com kirjoitti:
> Hello,
>
> If one places call, and tell that "my from domain is your Kamailio's
> IP", call is established, because Asterisk accepts requests from
> Kamailio. One problem is that it's unpredictable in this case what is
> the context where thiskind of call is handled by Asterisk.
>
> This situation requires that I change something in my setup. If I decide
> accept calls only from my users, I suppose that it can be quite easily
> done by modifying if statement referred below or at least by applying
> instructions found here:
>
> http://www.kamailio.org/dokuwiki/doku.php/examples:restrict-calls-to-registered-users
>
>
> However, I'm somewhat unsure what should I do, if I decide to accept
> calls from any caller - not only from my users.
>
> Best,
>
> Teijo
>
> 12.7.2014 19:36, Muhammad Shahzad kirjoitti:
>> Well, this
>>
>> *if (from_uri!=myself && uri!=myself)*
>>
>> Means neither source nor destination is our user. Which implies that
>> if our
>> domain is A, then call from domain "B to C" is not possible. However,
>> calls
>> from "B or C to A" and "A to B or C" are possible. That is way an
>> unauthorized user gets passed and reaches asterisk. Asterisk accepts it
>> since call is coming from kamailio and tries to route it back to
>> kamailio,
>> where kamailio finds user online and thus it goes through.
>>
>> You should really break down this,
>>
>> *if (from_uri!=myself && uri!=myself)*
>>
>> into something like this for clarity,
>>
>>
>> *if (from_uri!=myself) { *
>> * if (uri!=myself) {*
>> * # neither source nor destination is our user*
>> * } else {*
>> * # source is not our user but destination is our user*
>> * };*
>> *} else {*
>> * if (uri!=myself) {*
>> * # source is our user but destination is not our user*
>> * } else {*
>> * # both source and destination are our users*
>> * };*
>> *};*
>>
>> Hope this helps.
>>
>> Thank you.
>>
>>
>>
>>
>> On Fri, Jul 11, 2014 at 5:36 PM, <g.aloitus at gmail.com> wrote:
>>
>>> Hello,
>>>
>>> I'm using Kamailio version 4.1.4+precise (amd64).
>>>
>>> I have followed "Kamailio 4.0.x and Asterisk 11.3.0 Realtime Integration
>>> using Asterisk Database" (http://kb.asipto.com/
>>> asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb). One main
>>> difference in my setup compared to that one is that I continued use of
>>> Kamailio's database.
>>>
>>> The problem is as follows:
>>>
>>> I decided to put Kamailio and through it Asterisk reachable from
>>> internet.
>>> I have tried to configure Asterisk so that only calls of registered
>>> users
>>> would be possible, and they could only call to other registered users or
>>> conference rooms and echo test number.
>>>
>>> Then I took the following steps:
>>>
>>> I ensured that there was no online users with kamctl online. Then I
>>> launched MicroSIP (www.microsip.org), but I did not defined account, I
>>> simply set the protocol to tls and media encryption to mandatory,
>>> because
>>> I'm using these.
>>>
>>> I called to extension with xxx at my.public.ip.address (where xxx is
>>> extension) getting "unauthorized". And that was what I wanted.
>>>
>>> But if there is online users, calls go through, and incoming call is
>>> coming from Asterisk (in syslog I can find out that src_user=asterisk).
>>>
>>> Kamailio and Asterisk are listening the same IP address, but different
>>> port. I have refused connections to the Asterisk's port with iptables.
>>>
>>> I have defined my public IP address as domain in sip.conf. There is also
>>> other domain defined which corresponds to users' domain I am using in
>>> Kamailio's database.
>>>
>>> In kamailio.cfg there is if statement which prevents Kamailio not to be
>>> open relay:
>>>
>>> if (from_uri!=myself && uri!=myself)
>>> ...
>>>
>>> If I change this for example:
>>>
>>> if (from_uri!=myself || uri!=myself)
>>>
>>> I get what I want this time: no calls from outside, but I somewhat think
>>> that this is not a final solution.
>>>
>>> I have not found from log files such information which would have helped
>>> me. I have not yet investigated this problem so much that I could
>>> tell the
>>> logic behind the selection of online user's identity which is used.
>>> However, if I make a call to conference room I notice that Asterisk is
>>> thinking that one of online users has joined the conference.
>>>
>>> If I can recall correctly, I started with Kamailio version 3.2, and
>>> integrated it with Asterisk 11 (currently 11.10.2). Is there something
>>> which has changed in Kamailio, but what I have not changed in my setup
>>> which could explain this.
>>>
>>> Best,
>>>
>>> Teijo
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>>
>>> Tämä viestin rungon osa siirretään pyydettäessä.
More information about the sr-users
mailing list