[OpenSIPS-Users] PBX sending calls to Opensips
Schneur Rosenberg
rosenberg11219 at gmail.com
Tue Jul 31 09:12:11 CEST 2012
Ali, problem is that some most customers have dynamic ip's
On Jul 31, 2012 5:06 AM, "Ali Pey" <alipey at gmail.com> wrote:
> Schneur,
>
> Not disagreeing with the way you are doing it, but you can use the
> permissions module for the pbxs only. This way you can add the ips in the
> address table and keep track of who is allowed and block any other
> requests. There won't be any script change or reload required. A new pbx
> would require a new ip address in the table and a reload command.
>
> Regards,
> Ali Pey
>
> On Mon, Jul 30, 2012 at 7:39 PM, Schneur Rosenberg <
> rosenberg11219 at gmail.com> wrote:
>
>> Ali I can't compare PBX addresses, we are a voip company and I can't
>> manually edit my script for every PBX our customer installs, I ended
>> up doing the avp_db_query() and then rewriting the from header with
>> uac_replace_from("","sip:$au@$si") which will retrieve the username
>> from the Proxy-Authorization: field, I had to use uac_replace_from
>> because $fu is read only.
>>
>> On Wed, Jul 25, 2012 at 11:58 PM, Ali Pey <alipey at gmail.com> wrote:
>> > This would work too. Here though you do a db query for each call and can
>> > slow down the performance if that's important to you. Examining
>> usernames'
>> > patterns can be faster.
>> >
>> > You can also use the registered function instead of a db query:
>> >
>> > if (registered("location","$fu")) {
>> > xlog("caller is registered\n");
>> > }
>> >
>> > http://www.opensips.org/html/docs/modules/1.8.x/registrar.html#id293162
>> >
>> > Regards,
>> > Ali Pey
>> >
>> >
>> > On Wed, Jul 25, 2012 at 4:23 PM, Schneur Rosenberg
>> > <rosenberg11219 at gmail.com> wrote:
>> >>
>> >> I already did something similar look at snippet bellow so any call
>> >> coming from a IP thats registered to our server will always do
>> >> proxy_authorize(), other calls will assume that its a unauthenticated
>> >> DID call or a call going to a local call
>> >>
>> >> if (!(method=="REGISTER"))
>> >> {
>> >> avp_db_query("select username from location where
>> >> contact regexp '$si' or received like
>> >> 'sip:$si%'","$avp(is_registered)");
>> >> }
>> >> if (!(method=="REGISTER") && avp_check("$avp(is_registered)",
>> >> "gt/1/g"))
>> >> {
>> >> if(!is_from_gw())
>> >> {
>> >> if (!proxy_authorize("sosglobal",
>> "subscriber"))
>> >> {
>> >> append_hf("P-hint: Proxy auth
>> >> failed\r\n");
>> >> proxy_challenge("sosglobal", "0");
>> >> exit;
>> >> }
>> >>
>> >>
>> >> }
>> >>
>> >>
>> >> On Wed, Jul 25, 2012 at 8:48 PM, Ali Pey <alipey at gmail.com> wrote:
>> >> > Schneur,
>> >> >
>> >> > You can examine the src_ip first to see if the call if from your pbx
>> or
>> >> > not.
>> >> > Then you can also examine to request-uri to distinguish the call
>> between
>> >> > a
>> >> > pstn call or a sip client - assuming your sip clients have a
>> different
>> >> > sip
>> >> > address/pattern than pstn numbers. Things like this:
>> >> >
>> >> > if ( src_ip == pbx1_ip || src_ip == pbx2_ip ){
>> >> > # From PBXs
>> >> > }
>> >> >
>> >> > if ($rU=~"^\+?[0-9]{3,18}") {
>> >> > # request-uri is for a PSTN number, send the message to whatever
>> >> > route(1)
>> >> > }
>> >> >
>> >> > Basically you need to find a difference between the call attributes
>> and
>> >> > examine that, it can be the src_ip, ruri pattern, etc.
>> >> >
>> >> > Regards,
>> >> > Ali Pey
>> >> >
>> >> > On Wed, Jul 25, 2012 at 9:41 AM, Schneur Rosenberg
>> >> > <rosenberg11219 at gmail.com> wrote:
>> >> >>
>> >> >> check_source_address won't work for me, my clients are behind
>> Dynamic
>> >> >> ip's, there is no way for me to know in advance their ip address
>> >> >>
>> >> >> On Mon, Jul 23, 2012 at 8:55 PM, Brett Nemeroff <brett at nemeroff.com
>> >
>> >> >> wrote:
>> >> >> > Scot,
>> >> >> > the function "is_from_local" uses the From URI and as such, will
>> not
>> >> >> > work if
>> >> >> > the originator mangles the from uri (as in the case of your
>> example
>> >> >> > below).
>> >> >> >
>> >> >> > A more secure way to do this that may suit your needs is to use
>> the
>> >> >> > permissions module and actually check the source IP of the
>> request:
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> http://www.opensips.org/html/docs/modules/1.8.x/permissions.html#id293503
>> >> >> >
>> >> >> > Look at the "check_source_address" and or "get_source_group".
>> Either
>> >> >> > of
>> >> >> > these can compare the source IP of the originator to a known list.
>> >> >> > From
>> >> >> > there, you can perform script logic based on where the request
>> came
>> >> >> > from.
>> >> >> >
>> >> >> > Hope that helps!
>> >> >> > -Brett
>> >> >> >
>> >> >> >
>> >> >> > On Mon, Jul 23, 2012 at 11:38 AM, Schneur Rosenberg
>> >> >> > <rosenberg11219 at gmail.com> wrote:
>> >> >> >>
>> >> >> >> I'm using opensips as a registrar server and as a loadbalancer,
>> all
>> >> >> >> phones are registered to opensips and all incoming and outgoing
>> >> >> >> calls
>> >> >> >> go to Asterisk boxes via load balancing, therefore I have 3
>> kinds of
>> >> >> >> calls going to opensips,
>> >> >> >> 1) outgoing calls coming from one of the phones Registered to
>> >> >> >> opensips,
>> >> >> >> 2) incoming calls (we allow all incoming calls no matter from
>> where
>> >> >> >> they come, I call them unauthenticated DID)
>> >> >> >> 3) Calls ringing to a phone registered to opensips, the Asterisk
>> >> >> >> boxes
>> >> >> >> will send the calls to the phone either after getting a call
>> from a
>> >> >> >> DID, or when a internal user wants to call another internal user
>> >> >> >>
>> >> >> >> The way I differentiate between the calls is I do a if
>> >> >> >> (!(method=="REGISTER") && is_from_local()) this will check
>> >> >> >> credentials
>> >> >> >> and send call to asterisk to process outgoing call, then I do a
>> >> >> >> else
>> >> >> >> if ((method=="INVITE")) which will check if the call is going
>> to a
>> >> >> >> local phone by doing if (!lookup("location", "m")) if that fails
>> >> >> >> that
>> >> >> >> it assumes its a incoming did call, and it will send it to
>> asterisk
>> >> >> >> with a prefix so asterisk knows its a unauthenticated incoming
>> call,
>> >> >> >> bellow I pasted a skeleton of the code I'm using.
>> >> >> >>
>> >> >> >> Everything worked fine, until I connected a PBX to my opensips,
>> then
>> >> >> >> the from came in with the address of the PBX and the
>> >> >> >> is_from_local()
>> >> >> >> test was not true, so it did not work, I had the same problem
>> when
>> >> >> >> sending a call from a SPA3000 and blocking caller id, in that
>> case
>> >> >> >> it
>> >> >> >> also obscured the from address, as follows "From: Anonymous
>> >> >> >> <sip:anonymous at localhost>;tag=ea3ee097cd947aeeo0." , the only
>> >> >> >> reference of the user or domain was in the RPID field and calls
>> did
>> >> >> >> not go through.
>> >> >> >>
>> >> >> >> Is there anyway to check if a source IP is registered to our
>> system
>> >> >> >> and only then it should send a 407? this way if I have a BPX
>> >> >> >> registered it will then ask for credentials, all others it will
>> >> >> >> assume
>> >> >> >> that either a call to the local phone or unauthenticated DID, I
>> >> >> >> understand that I wont be able to send calls to the system only
>> if
>> >> >> >> registration was done before, but I have no problem with that, I
>> >> >> >> could do it with avp_db_query() on the subscriber table, but I
>> want
>> >> >> >> to
>> >> >> >> know if there is a better way.
>> >> >> >>
>> >> >> >> If there is there a better solution then the above solution
>> please
>> >> >> >> let
>> >> >> >> me
>> >> >> >> know
>> >> >> >>
>> >> >> >> if (!(method=="REGISTER") && is_from_local())
>> >> >> >> {
>> >> >> >> #check credentials
>> >> >> >> }
>> >> >> >> else if ((method=="INVITE")) #unathenticated did or
>> call
>> >> >> >> going to phone registered to opensips
>> >> >> >> {
>> >> >> >>
>> >> >> >> if (!lookup("location", "m")) #calling local
>> phone
>> >> >> >> {
>> >> >> >> #send to phone registered to opensips
>> >> >> >> }
>> >> >> >> else
>> >> >> >> {
>> >> >> >> #incoming did send call to asterisk to
>> >> >> >> process
>> >> >> >> }
>> >> >> >> }
>> >> >> >> else
>> >> >> >> {
>> >> >> >> #outgoing calls route continues here
>> >> >> >> }
>> >> >> >> ...................................
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> Users mailing list
>> >> >> >> Users at lists.opensips.org
>> >> >> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > _______________________________________________
>> >> >> > Users mailing list
>> >> >> > Users at lists.opensips.org
>> >> >> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> >> >> >
>> >> >>
>> >> >> _______________________________________________
>> >> >> Users mailing list
>> >> >> Users at lists.opensips.org
>> >> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> >> >
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> > Users mailing list
>> >> > Users at lists.opensips.org
>> >> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> >> >
>> >>
>> >> _______________________________________________
>> >> Users mailing list
>> >> Users at lists.opensips.org
>> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> >
>> >
>> >
>> > _______________________________________________
>> > Users mailing list
>> > Users at lists.opensips.org
>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> >
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20120731/2f4de606/attachment.htm>
More information about the Users
mailing list