28 jun 2012 kl. 23:25 skrev Duncan Turnbull:

> Hi James
> 
> On 29/06/2012, at 6:19 AM, James Lamanna wrote:
> 
>> Hi,
>> I have a bunch of different customers on an Asterisk Box (the PBX).
>> This Asterisk Box is behind another Asterisk box that provides a PSTN
>> connection.
>> Up to this point I've been using IAX between the 2 Asterisk boxes, but
>> I would like to use SIP instead.
>> After doing some testing I have the following issue.
>> 
>> If customer A calls customer B, but the call goes out through the PSTN
>> and comes back in, the call is rejected at the PBX because it wants
>> authentication.
> 
> This raises the question of how calls come in from the PSTN in the first 
> place. I am guessing you route them out in order to bill them? I am guessing 
> you have more than one SIP trunk between the two boxes for different purposes 
> and what you are saying is the authentication is falling to the lowest common 
> denominator.
> 
> In this situation you could separately register two lines, raise your level 
> of security ( insecure = no option), you need to make sure there is an 
> incoming context that matches the supplied user name otherwise it will fall 
> back to the ip address and whatever context that matches
> 
> 
>> I can guess that this must be because it matches the "To" address to
>> the friend SIP trunk that provides registration for the phone.
>> (All phones are setup as type=friend, host=dynamic). Is there any way
>> to force matching against the peer SIP trunk to PSTN so as to not
>> require authentication for calls
>> coming in from the PSTN server?
>> 
> Using permit and deny directives for the ip address should help here

No.

This is probably because you are using phone numbers as names of devices with 
type=friend in sip.conf. 
That's generally a bad idea.

The SIP channel matches an incoming call this way:

1. Take the From: user name and match with the list of type=user and type=friend
2. Take the sender's IP and port and match with the list of peers
3. Send the call to the context defined in the [general] section of sip conf

In Asterisk 1.4 and hopefully 1.8 the last peer in sip.conf will match first. 
In 1.8 the internal strcutures
was changed, but I hope that this functionality was retained. We had a 
dicussion about it, but I personally
haven't tested the result. One needs to know the matching order, so if 1.8 
doesn't behave that way, we need
to fix it.

The recommended way is to NOT use anything that likely will end up as a caller 
ID as names 
of devices in sip.conf. The name is whatever you have within square brackets 
above definitions
of type=friend or type=user. The username= option is another option, not the 
name of the device.

The quick way to solve your problems is to stop using type=friend and start 
using type=peer
instead.

Regards,
/O
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to