Hello,
I have:
allowguest=no
contactpermit=kamailio.ip.addr.ess
I also have tried the approach that I have peer kamailio, but then all
calls seems to go to to the context defined for kamailio peer. I do not
know how I could in that case handle individual calls - for example
determine if given phone can call to given number or not.
Best,
Teijo
17.7.2014 10:48, Cibin Paul kirjoitti:
Hello,
Try allow* allowguest=no *in sip.conf [general] context and create a
peer for kamailio in sip.comf
Regards
Cibin
On 17-Jul-2014, at 12:52 pm, g.aloi...@gmail.com
<mailto:g.aloi...@gmail.com> wrote:
Hello,
There is a message "Possible Security issue with Kamailio - Asterisk
Realtime integration" in Asterisk users mailing list:
http://lists.digium.com/pipermail/asterisk-users/2013-February/277633.html
I think the problem I have is somewhat similar.
Should I suppose that there is a security risk in Kamailio - Asterisk
realtime integration, and if this is a case what I can do to eliminate
this risk?
Best,
Teijo
16.7.2014 9:44, g.aloi...@gmail.com <mailto:g.aloi...@gmail.com>
kirjoitti:
Hello,
Has anybody any solution or suggestion?
If I for example launch MicroSIP (no doubt it could be some other SIP
client), and simply call:
sip:some_extens...@my.public.ip.address
call is established, if there is online user/users. Naturally this
incoming call should be handled by Asterisk in context where I have
defined unauthorized calls are handled, but in stead, the call goes
online user's context.
To get this situation I don't need to define any account information in
MicroSIP.
I have not set passwords for users in Asterisk to avoid double
authorization. May this cause the behavior? I have not set default user
or from user in my peer definitions. I am not registering Kamailio to
Asterisk - I mean I have no peer definition for Kamailio in sip.conf.
I do not know what direction to go to. I would be happy, if I should not
go to the trial and error path so any help is welcome.
Thanks in advance,
Teijo
14.7.2014 9:06, g.aloi...@gmail.com <mailto:g.aloi...@gmail.com>
kirjoitti:
Hello,
If one places call, and tell that "my from domain is your Kamailio's
IP", call is established, because Asterisk accepts requests from
Kamailio. One problem is that it's unpredictable in this case what is
the context where thiskind of call is handled by Asterisk.
This situation requires that I change something in my setup. If I decide
accept calls only from my users, I suppose that it can be quite easily
done by modifying if statement referred below or at least by applying
instructions found here:
http://www.kamailio.org/dokuwiki/doku.php/examples:restrict-calls-to-registered-users
However, I'm somewhat unsure what should I do, if I decide to accept
calls from any caller - not only from my users.
Best,
Teijo
12.7.2014 19:36, Muhammad Shahzad kirjoitti:
Well, this
*if (from_uri!=myself && uri!=myself)*
Means neither source nor destination is our user. Which implies that
if our
domain is A, then call from domain "B to C" is not possible. However,
calls
from "B or C to A" and "A to B or C" are possible. That is way an
unauthorized user gets passed and reaches asterisk. Asterisk accepts it
since call is coming from kamailio and tries to route it back to
kamailio,
where kamailio finds user online and thus it goes through.
You should really break down this,
*if (from_uri!=myself && uri!=myself)*
into something like this for clarity,
*if (from_uri!=myself) { *
* if (uri!=myself) {*
* # neither source nor destination is our user*
* } else {*
* # source is not our user but destination is our user*
* };*
*} else {*
* if (uri!=myself) {*
* # source is our user but destination is not our user*
* } else {*
* # both source and destination are our users*
* };*
*};*
Hope this helps.
Thank you.
On Fri, Jul 11, 2014 at 5:36 PM, <g.aloi...@gmail.com> wrote:
Hello,
I'm using Kamailio version 4.1.4+precise (amd64).
I have followed "Kamailio 4.0.x and Asterisk 11.3.0 Realtime
Integration
using Asterisk Database" (http://kb.asipto.com/
asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb). One main
difference in my setup compared to that one is that I continued use of
Kamailio's database.
The problem is as follows:
I decided to put Kamailio and through it Asterisk reachable from
internet.
I have tried to configure Asterisk so that only calls of registered
users
would be possible, and they could only call to other registered
users or
conference rooms and echo test number.
Then I took the following steps:
I ensured that there was no online users with kamctl online. Then I
launched MicroSIP (www.microsip.org), but I did not defined account, I
simply set the protocol to tls and media encryption to mandatory,
because
I'm using these.
I called to extension with x...@my.public.ip.address (where xxx is
extension) getting "unauthorized". And that was what I wanted.
But if there is online users, calls go through, and incoming call is
coming from Asterisk (in syslog I can find out that
src_user=asterisk).
Kamailio and Asterisk are listening the same IP address, but different
port. I have refused connections to the Asterisk's port with iptables.
I have defined my public IP address as domain in sip.conf. There is
also
other domain defined which corresponds to users' domain I am using in
Kamailio's database.
In kamailio.cfg there is if statement which prevents Kamailio not
to be
open relay:
if (from_uri!=myself && uri!=myself)
...
If I change this for example:
if (from_uri!=myself || uri!=myself)
I get what I want this time: no calls from outside, but I somewhat
think
that this is not a final solution.
I have not found from log files such information which would have
helped
me. I have not yet investigated this problem so much that I could
tell the
logic behind the selection of online user's identity which is used.
However, if I make a call to conference room I notice that Asterisk is
thinking that one of online users has joined the conference.
If I can recall correctly, I started with Kamailio version 3.2, and
integrated it with Asterisk 11 (currently 11.10.2). Is there something
which has changed in Kamailio, but what I have not changed in my setup
which could explain this.
Best,
Teijo
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Tämä viestin rungon osa siirretään pyydettäessä.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org <mailto:sr-users@lists.sip-router.org>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
