[OpenSIPS-Users] Problem with Un-authenticated calls coming from a Asterisk gateway : need to restrict access

Bogdan-Andrei Iancu bogdan at voice-system.ro
Tue Apr 13 12:08:37 CEST 2010


Hello Roberto,

I think the problem is with the network mask you used when adding the IP :
    IP : 192.168.1.19
    Mask: 255.255.255.0

This rule will allow 192.168.1.xxx block of IPs - this is why the second 
asterisk works too ;)

Try using the 255.255.255.255 mask (of course remove the existing entry)

Regards,
Bogdan

Roberto Ovani wrote:
> I'm using opensips 1.6.1, on Ubuntu 9.10 server (192.168.1.12)
> I configured an asterisk box (192.168.1.19) to for PSTN.
>
> I'm trying to restrict access, to prevent false authentication from 
> unauthorized users except the gateway I set up.
>
> from the terminal, i wrote :
> /osipsconsole
> address add 0 192.168.1.19 255.255.255.0 UDP 5060
> /to add the gateway data into the db
> So, i want ONLY that asterisk box to send calls to opensips bypassing 
> authentication (this is what I found on the book by Gonçalves, about 
> opensips 1.6, nd it says I can do it).
>
> But if itry with another asterisk box, on another Ip address e.g. 
> 192.168.1.20 , opensips makes the call pass, even if I didn't put this 
> entry in my Db.... I want to restrict access to UN-authenticated calls 
> ONLY to 192.168.1.19
>
> this is a piece of code I found on the book and I used to restric the 
> access only to 192.168.1.19:
>
>  if (!(method=="REGISTER") && is_from_local())
>         {
>        
>                 if (!check_source_address("0"))
>                 {
>                         if (!proxy_authorize("", "subscriber"))
>                         {
>                                 proxy_challenge("", "0");
>                                 exit;
>                         }
>                 }
>                 else if (!db_check_from())
>                 {
>                                        sl_send_reply("403","Forbidden 
> auth ID");
>                                         exit;
>                 }
>
>         }
>
>
> Is it right?
> What do you think I have to check ?
> Could you please help me ? I can't solve this problem....but i need it !
> Thanks in advance
> Best regards
> Roberto
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>   


-- 
Bogdan-Andrei Iancu
www.voice-system.ro




More information about the Users mailing list