Re: [asterisk-users] allowguest = yes? no?
On Tue, 24 Jan 2012 09:26:26 -0600, "Kevin P. Fleming" wrote: >By definition this is impossible. If the caller is a 'stranger', that >means you have no knowledge of them prior to their INVITE request >arriving at your server. If you have no knowledge of them, then you >don't have any 'shared secret', and thus they cannot authenticate to >your server. Mmm, so if I want to allow strangers to call us over the Net, I must 1. allowgues=yes 2. make sure the context they enter will not allow them to make calls through the PSTN, either directly (through our plug in the wall) or indirectly (through an ITSP). Thank you. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] allowguest = yes? no?
On 01/24/2012 09:03 AM, Gilles wrote: On Tue, 24 Jan 2012 09:55:12 -0500, Jim DeVito wrote: What they are talking about is SIP URI dialling. Let say you have extension 1000 the rings a phone on your system. With allowguest=yes I would be allowed to dial SIP:/1...@yourdomain.com and assuming the context defined in your [General] section had access to exten 1000 I would connect to that phone. With alloweguest=no my call would be rejected. Thanks for the clarification. Provided I do want strangers to call extensions through an SIP URI instead of using the PSTN, how can I raise security by requiring that they authenticate? By definition this is impossible. If the caller is a 'stranger', that means you have no knowledge of them prior to their INVITE request arriving at your server. If you have no knowledge of them, then you don't have any 'shared secret', and thus they cannot authenticate to your server. -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies Jabber: kflem...@digium.com | SIP: kpflem...@digium.com | Skype: kpfleming 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at www.digium.com & www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] allowguest = yes? no?
On Tue, 24 Jan 2012 09:55:12 -0500, Jim DeVito wrote: >What they are talking about is SIP URI dialling. Let say you have >extension 1000 the rings a phone on your system. With allowguest=yes I >would be allowed to dial SIP:/1...@yourdomain.com and assuming the >context defined in your [General] section had access to exten 1000 I >would connect to that phone. With alloweguest=no my call would be rejected. Thanks for the clarification. Provided I do want strangers to call extensions through an SIP URI instead of using the PSTN, how can I raise security by requiring that they authenticate? Of do you mean that the choice is between - don't allow SIP URI at all (allowguest=no), so strangers can reach extensions only through the PSTN (but it's a waste of money) - allow SIP URI (allowguess=yes) and make sure the context doesn't allow making calls to the PSTN? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] allowguest = yes? no?
What they are talking about is SIP URI dialling. Let say you have extension 1000 the rings a phone on your system. With allowguest=yes I would be allowed to dial SIP:/1...@yourdomain.com and assuming the context defined in your [General] section had access to exten 1000 I would connect to that phone. With alloweguest=no my call would be rejected. That does not mean that strangers can not call an IVR and get to your 1000 extension or even a DID that point right to it. If you are going to allowguest=yes you need to take carfule note of your contexts so as not to allow strangers access to parts of your dial plan that have, lets say long distance routes. Does that help? Thanks!! Jim On 01/24/2012 09:34 AM, Gilles wrote: Hello I don't understand how I should use the "allowguest" item: If set to "yes", callers from the Net should authenticate, but then, how can I allow strangers to call extensions in my system? "allowguest If set to no, this disallows guest SIP connections. The default is to allow guest connections. SIP normally requires authentication, but you can accept calls from users who do not support authentication (i.e., do not have a secret field defined).Certain SIP appliances (such as the Cisco Call Manager v4.1) do not support authentication, so they will not be able to connect if you set allowguest=no: allowguest=no|yes" (from "Asterisk – The future of Telephony") Thank you. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] allowguest = yes? no?
Hello I don't understand how I should use the "allowguest" item: If set to "yes", callers from the Net should authenticate, but then, how can I allow strangers to call extensions in my system? "allowguest If set to no, this disallows guest SIP connections. The default is to allow guest connections. SIP normally requires authentication, but you can accept calls from users who do not support authentication (i.e., do not have a secret field defined).Certain SIP appliances (such as the Cisco Call Manager v4.1) do not support authentication, so they will not be able to connect if you set allowguest=no: allowguest=no|yes" (from "Asterisk The future of Telephony") Thank you. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
