[SR-Users] Setting up uacreg

Arsen Semenov arsperger at gmail.com
Thu Jul 29 11:41:54 CEST 2021


Hi Duncan,

There are plenty of options here.

I think here is good place to start:
https://www.kamailio.org/wiki/tutorials/security/kamailio-security

You also can check https://www.apiban.org/doc.html


Regards,

On Thu, Jul 29, 2021 at 8:37 AM Duncan Turnbull <duncan at turnbull.co.nz>
wrote:

> Hi Arsen
>
> Thanks very much, I am looking at that now
>
> Is there an easy way to control the extensions that are proxied through to
> asterisk so that we restrict the ability of outside scanning of extension
> lists. I would like to limit the registrations for extensions passed
> through to asterisk that come from an unknown / external ips.
>
> Thanks again
>
> Cheers Duncan
>
> On Wed, Jul 28, 2021 at 11:11 PM Arsen Semenov <arsperger at gmail.com>
> wrote:
>
>> You can check how Path works, it is described in rfc3327, this is
>> probably what you need.
>> From the Asterisk side; however, I can't tell whether it is supported by
>> pjsip, there was some issue as I know, but at least chan_sip should support
>> it.
>> Also docs for kamailio registrar module.
>> What do you mean by "limit the user ids that go through to asterisk"?
>>
>> On Wed, Jul 28, 2021 at 12:50 PM Duncan Turnbull <duncan at turnbull.co.nz>
>> wrote:
>>
>>> Hi Arsen
>>>
>>> Thanks very much for your reply
>>>
>>> We were using repro which does that but are interested in the wider
>>> capabilities of kamailio.
>>>
>>> We are wanting to limit the user ids that go through to asterisk and
>>> eventually have two kamailio servers that provide some failover
>>>
>>> I saw a slide pack from Fred Posner talking about fronting asterisk with
>>> kamailio and I probably jumped to uac without fully understanding what it’s
>>> purpose is
>>>
>>> I also saw that shared line appearance can be simulated using kamailio,
>>> and perhaps it needs the uac module to achieve that.
>>>
>>> My general understanding is new and growing so I am grateful for all
>>> advice or questions
>>>
>>> Thanks again
>>>
>>> Cheers Duncan
>>>
>>> On 28/07/2021, at 3:34 PM, Arsen Semenov <arsperger at gmail.com> wrote:
>>>
>>> 
>>> Hi Duncan,
>>>
>>> This scenario is quite new for me, not sure I got it right.. but why
>>> have you decided not to proxying requests to asterisks?
>>> By leveraging Path and Record-route headers Asterisk will know how to
>>> route the response back as well as new requests.
>>> And the proxy will know how to handle them.
>>> This is how kamailio is usually set as a front-end for media servers.
>>>
>>>
>>>
>>> On Wed, Jul 28, 2021 at 8:35 AM Duncan Turnbull <duncan at turnbull.co.nz>
>>> wrote:
>>>
>>>> Hi there
>>>>
>>>> I am a new user of Kamailio and we are trying to use it to be as a
>>>> front end for our asterisk pbx. We are running on Ubuntu 18.04 and Kamailio
>>>> 5.3.8 with Siremis
>>>>
>>>> Rather than proxying the request through to asterisk we are trying to
>>>> use uacreg to send a login to asterisk. Asterisk will think all the users
>>>> are appear from the proxy but thats okay. Initially this is just for
>>>> external users but eventually all phones etc will register via Kamailio and
>>>> we will have the trunks there (and split them across another kamailio but
>>>> thats another job)
>>>>
>>>> If I add a user to the uacreg then when I register to Kamailio it sends
>>>> a register request but to the realm in the uacreg table and the matching
>>>> port Kamailio is running on.
>>>>
>>>> Is this because somewhere we have set Kamailio to directly proxy on and
>>>> we need to turn that off first?
>>>>
>>>> This is our uacreg table
>>>>
>>>> mysql> select * from uacreg;
>>>>
>>>> +----+--------+------------+------------+------------+-----------+-----------+---------------+---------------+----------+--------------------+---------+-------+-----------+--------+
>>>> | id | l_uuid | l_username | l_domain   | r_username | r_domain  |
>>>> realm     | auth_username | auth_password | auth_ha1 | auth_proxy         |
>>>> expires | flags | reg_delay | socket |
>>>>
>>>> +----+--------+------------+------------+------------+-----------+-----------+---------------+---------------+----------+--------------------+---------+-------+-----------+--------+
>>>> |  1 | testuser | testuser     | ourdomain.com | 88         |
>>>> 10.8.8.20 | 10.8.8.20 | 88            | password  | ''       | sip:
>>>> 10.8.8.20:5060 |     360 |     0 |         3 |        |
>>>>
>>>> +----+--------+------------+------------+------------+-----------+-----------+---------------+---------------+----------+--------------------+---------+-------+-----------+--------+
>>>> 1 row in set (0.00 sec)
>>>>
>>>> All pointer, guides and recommendations will be welcome
>>>>
>>>> Thanks very much
>>>>
>>>> Cheers Duncan
>>>>
>>>>
>>>>
>>>>
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>   * sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only
>>>> to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>
>>>
>>> --
>>> Arsen Semenov
>>>
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>  * sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>>  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>   * sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>
>>
>> --
>> Arsen Semenov
>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>>   * sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>


-- 
Arsen Semenov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210729/4bf888ac/attachment.htm>


More information about the sr-users mailing list