[OpenSIPS-Users] Help with Inbound PSTN, and Inbound SIP URI Authentication Sub-Routine

Kennard_White at logitech.com Kennard_White at logitech.com
Tue Sep 14 17:44:14 CEST 2010 

Hi Brett,

For what it is worth, I do it the other way around: I check the source IP,
and if from a PSTN provider process the telephone number as appropriate for
them; otherwise I do user auth.

A question: if you're allowing "outside" users to call in, why authenticate
any INVITE traffic? (Ok, you have to authenticate traffic going to PSTN
from your subscribers, but other than that...)?

Regards,
Kennard



From:	Brett Woollum <brett at woollum.com>
To:	OpenSIPS users mailling list <users at lists.opensips.org>
Date:	09/14/2010 02:26 AM
Subject:	Re: [OpenSIPS-Users] Help with Inbound PSTN, and Inbound SIP
            URI Authentication Sub-Routine
Sent by:	users-bounces at lists.opensips.org



David,

The "is_from_local" function is just what I needed. It will allow me to
decipher whether or not the user appears local or not, and authenticate
them if so (ie: a subscriber), or check their IP if not (ie: from my gw).

Thanks!

Brett Woollum
Brett at Woollum.com


----- Original Message -----
From: "David J." <david at styleflare.com>
To: "OpenSIPS users mailling list" <users at lists.opensips.org>
Sent: Tuesday, September 14, 2010 1:08:38 AM GMT -08:00 US/Canada Pacific
Subject: Re: [OpenSIPS-Users] Help with Inbound PSTN, and Inbound SIP URI
Authentication Sub-Routine

It depends on your configuration.

You can place it before or after.

Because you dont want to authenticate inbound calls, you can have a simple
if statement that checks if the user is not local and alias exists, then
relay to that alias.

Not real code:

if(not_from_local){
    if(alias()){
        relay;
    }
}

On 9/14/10 3:32 AM, Brett Woollum wrote:


      Hi David,

      As far as I can tell, the alias module is independent of how the call
      is authenticated. My understanding is that it will look for a
      replacement URI based on the current one, and replace if a new one is
      found. It appears as though this "function" would go into the config
      file somewhere after the section I'm working on now.

      Is my understanding correct?

      I'll need some way to determine if this is an inbound call (i.e.; not
      originating from a subscriber's phone) prior to mapping it to the
      alias module. Also, I'd like to determine if the incoming call is
      from my PSTN gateway and give different aliases than if the call was
      a SIP URI call.

      Brett Woollum
      Brett at Woollum.com


      ----- Original Message -----
      From: "David J." <david at styleflare.com>
      To: "OpenSIPS users mailling list" <users at lists.opensips.org>
      Sent: Tuesday, September 14, 2010 12:20:23 AM GMT -08:00 US/Canada
      Pacific
      Subject: Re: [OpenSIPS-Users] Help with Inbound PSTN, and Inbound SIP
      URI Authentication Sub-Routine

      Hi Brett,

      The common practice is to use the alias module for inbound routing.

      You can look at the docs for its usage, but essentially you can map
      DID's to local users.



      On 9/14/10 3:18 AM, Brett Woollum wrote:

            Hello!

            I have an OpenSIPS 1.6.3 installation that is working well. I
            have subscribers registering to OpenSIPS, and they can dial
            between each other and outside of my domain (to my media
            servers and to the PSTN). All is well.

            I am now beginning to write the configuration that will process
            inbound calls - meaning calls from non-subscribers. This will
            include calls from the PSTN gateway, as well as direct SIP URI
            calls to the OpenSIPS subscribers. For example, a person can
            call 515-555-1212 from a regular phone, and the call will come
            to OpenSIPS as an un-authenticated call from my PSTN gateway.
            Also, I'd like to accept SIP URI's for incoming calls. For
            example, calling mycompany at mysipdomain.com from a soft phone
            might route the call to subscriber A's phone.

            The code I have that applies to this is: (This is currently
            configured to authenticate all outbound calls from subscribers
            only.)
                # authenticate if from local subscriber
                if (!(method=="REGISTER")) {
                        if (!proxy_authorize("", "subscriber")) {

                            proxy_challenge("", "0");
                            exit;
                        }
                        if (!db_check_from()) {
                            send_reply("403","Forbidden auth ID");
                            exit;
                        }

                        consume_credentials();
                        # caller authenticated
                }

            I am looking for direction on how to expand this to determine
            if the call is A) from a subscriber calling outbound, B)
            inbound from the PSTN, or C) inbound from any other user
            calling my SIP URI's. Once I am able to determine this
            information, I'll be able to route the call appropriately
            within the rest of my scripts.

            My problem is that my SIP phones usually attempt to place calls
            without including authorization in the header (because they are
            registered already), then OpenSIPS replies requiring proxy
            authentication. The SIP phones will then try the call again
            including the credentials in the header, which works. How can I
            re-write this section of code to allow inbound SIP URI calls
            and calls from my PSTN gateway, while still asking my
            subscribers to authenticate? Or, is there a method that might
            work better?

            Notes:
            - Each of my PSTN gateway's has a static IP.
            - It's safe to assume a single-domain setup (mysipdomain.com).

            Thanks in advance!

            Brett Woollum
            Brett at Woollum.com


            _______________________________________________
            Users mailing list
            Users at lists.opensips.org
            http://lists.opensips.org/cgi-bin/mailman/listinfo/users



      _______________________________________________ Users mailing list
      Users at lists.opensips.org
      http://lists.opensips.org/cgi-bin/mailman/listinfo/users

      _______________________________________________
      Users mailing list
      Users at lists.opensips.org
      http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________ Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20100914/2039e084/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
Url : http://lists.opensips.org/pipermail/users/attachments/20100914/2039e084/attachment.gif

More information about the Users mailing list