[Users] pstn-to-openser, 403 Forbiden

Atle Samuelsen clona at cyberhouse.no
Thu Nov 9 14:35:30 CET 2006





if(!is_user_in("From","PSTN")){
        sl_send_reply("403","HAHAH, Pay your bill");
        break;
];
* Mike Williams <mike at mikebwilliams.com> [061109 14:28]:
> Ion,
> 
> I believe the group module (grp, I think) has this capability. Just add a user 
> to a specific group such as "pstn" and then check if they are in it when they 
> try to call the pstn.
> 
> Mike Williams
> 
> 
> On Thursday 09 November 2006 02:36, Ion Minzu wrote:
> > Hello Norman,
> >   thanks, Norman
> >   after I have closed the domain authorisation (proxy_authorize),
> > everything works. It looks for me too sophisticated to use permission and
> > domain module. I will try another method. now I want to make restrictions
> > for voip users, I mean who has the right to make a call to pstn and who has
> > not. someone has some ideeas?
> >
> > Wednesday, November 8, 2006, 2:35:34 PM, you wrote:
> > > Hello Ion,
> > >
> > > Perhaps the "pstn" device is not responding to the authorization
> > > request.  A SIP trace will show you if this is happening.
> > >
> > > "ngrep -W byline port 5060" should be all you need to trace SIP messages
> > > (if you're listening on eth1, then you might want to add "-d eth1" when
> > > invoking ngrep).  Older versions of ngrep did not have the "-W byline"
> > > option.  If this is your case, you probably should upgrade ngrep.
> > >
> > > A possible solution to you problem might be to use the "permissions"
> > > module and the "trusted" table.  Then, instead of
> > > (www_authorize/www_challenge or in addition to, depending on your
> > > particular situation) you might want to use the "allow_trusted()"
> > > command to authenticate incoming INVITEs.
> > >
> > > Below is a little example
> > >
> > > <snip>
> > >
> > >       if (!is_from_local() && !allow_trusted()) {
> > >         if (!proxy_authorize("","subscriber")) {
> > >           proxy_challenge("","0");
> > >           exit;
> > >         } else if (!check_from()) {
> > >           sl_send_reply("403", "Use From=ID");
> > >           exit;
> > >         };
> > >       };
> > >
> > > </snip>
> > >
> > > Regards,
> > > Norm
> > >
> > > Ion Minzu wrote:
> > >> Hello ,
> > >>
> > >> I have connected openser with pstn through cisco. when I make a
> > >> call from voip network to pstn it's ok.
> > >> but from pstn to voip I have a problem:openser answers 403 forbiden.
> > >> in openser I do the authorisation on mysql, I have disabled
> > >> authorisation on sip gateway:
> > >>
> > >> if (src_ip!=X.X.X.X) {
> > >>         if (!www_authorize("DOMAIN.COM","subscriber")) {
> > >>         www_challenge("DOMAIN.COM","0");
> > >>         exit;
> > >>         }
> > >>         };
> > >>
> > >> What is the problem?
> > >>
> > >>  X.X.X.X is cisco
> > >>
> > >> U X.X.X.X:54177 -> 172.17.6.2:5060
> > >>   INVITE sip:820022 at 172.17.6.2:5060 SIP/2.0..Via: SIP/2.0/UDP
> > >>   X.X.X.X:5060..From:
> > >> <sip:022250699 at X.X.X.X>;tag=1A0FBC30-1472..To: <sip:820022 at 172.1
> > >>   7.6.2>..Date: Wed, 08 Nov 2006 11:03:14 GMT..Call-ID:
> > >>   906DA628-6E4F11DB-9034EA4F-E981BA1F at X.X.X.X..Supported:
> > >> timer,100rel..Min-SE:  1800..Cisco-Guid
> > >>
> > >>   : 2422905184-1850675675-2419190351-3917593119..User-Agent:
> > >>
> > >> Cisco-SIPGateway/IOS-12.x..Allow: INVITE, OPTIONS, BYE, CANCEL,
> > >> ACK, PRACK, COMET, REFER, SUBS
> > >>   CRIBE, NOTIFY, INFO..CSeq: 101 INVITE..Max-Forwards:
> > >> 6..Remote-Party-ID:
> > >> <sip:022250699 at X.X.X.X>;party=calling;screen=yes;privacy=off..Timestamp:
> > >> 116
> > >>   2983794..Contact: <sip:022250699 at X.X.X.X:5060>..Expires:
> > >> 180..Allow-Events: telephone-event..Content-Type:
> > >> application/sdp..Content-Length: 235....v=
> > >>   0..o=CiscoSystemsSIP-GW-UserAgent 1226 5023 IN IP4 X.X.X.X..s=SIP
> > >>   Call..c=IN IP4 X.X.X.X..t=0 0..m=audio 16642 RTP/AVP 18 19..c=IN IP4
> > >>   X.X.X.X..a=rtpmap:18 G729/8000..a=fmtp:18
> > >> annexb=no..a=rtpmap:19 CN/8000..a=ptime:20..
> > >> #
> > >> U 172.17.6.2:5060 -> X.X.X.X:5060
> > >>   SIP/2.0 403 Use From=ID..Via: SIP/2.0/UDP  X.X.X.X:5060..From:
> > >>   <sip:022250699 at X.X.X.X>;tag=1A0FBC30-1472..To:
> > >>
> > >> <sip:820022 at 172.17.6.2>;tag=329cfeaa6ded039da25ff8cbb8668bd2.13ec..Call-
> > >>ID: 906DA628-6E4F11DB-9034EA4F-E981BA1F at X.X.X.X..CSeq: 101
> > >> INVITE..Server: OpenSer (1.1.0-tls (x86_64/linux))..C
> > >>   ontent-Length: 0..Warning: 392 172.17.6.2:5060 "Noisy
> > >> feedback tells:  pid=32240 req_src_ip=X.X.X.X req_src_port=54177
> > >> in_uri=sip:820022 at 172.17.6.2:5
> > >>   060 out_uri=sip:820022 at 172.17.6.2:5060 via_cnt==1"....
> > >> #
> > >> U X.X.X.X:54177 -> 172.17.6.2:5060
> > >>   ACK sip:820022 at 172.17.6.2:5060 SIP/2.0..Via: SIP/2.0/UDP
> > >>   X.X.X.X:5060..From:
> > >> <sip:022250699 at X.X.X.X>;tag=1A0FBC30-1472..To: <sip:820022 at 172.17.6
> > >>   .2>;tag=329cfeaa6ded039da25ff8cbb8668bd2.13ec..Date: Wed, 08 Nov
> > >>   2006 11:03:14 GMT..Call-ID:
> > >>   906DA628-6E4F11DB-9034EA4F-E981BA1F at X.X.X.X..Max-Forward
> > >>   s: 6..Content-Length: 0..CSeq: 101 ACK....
> > >>
> > >>
> > >> Best regards,
> > >> Ion Minzu,
> > >> Specialist Tehnologii Informationale,
> > >> Administrator de sistem al Centrului de certificare,
> > >> Administrator VoIP,
> > >> I.S."Centrul de Telecomunicatii Speciale",
> > >> tel:250-517 (office), 069501208 (mob), 382869185 (ICQ)
> > >> mailto:ion.minzu at cts.md
> > >>
> > >>
> > >> _______________________________________________
> > >> Users mailing list
> > >> Users at openser.org
> > >> http://openser.org/cgi-bin/mailman/listinfo/users
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users




More information about the Users mailing list