[OpenSIPS-Users] Problem with Un-authenticated calls coming from a Asterisk gateway : need to restrict access

Roberto Ovani roberto.ebay at gmail.com
Tue Apr 13 14:10:36 CEST 2010


Il martedì 13/04/10 14.12, Bogdan-Andrei Iancu ha scritto:
> maybe your call does not get to the check_source_address() check - put 
> some xlog to see if the script execution gets in that part.
>
> Regards,
> Bogdan
>
> Roberto Ovani wrote:
>> Sorry, there is a mistake in what I wrote:
>>
>> I did:
>> osipsconsole
>> address add 0 192.168.1.19 255.255.255.*255* UDP 5060 (not 
>> 255.255.255.0)
>>
>>   and opensips makes the call pass the same, from 192.168.1.20.....
>>
>> I had a look into the db entries: there is something like 
>> address=192.168.1.19 mask = 32 ....
>>
>> Any advice?
>> Asterisk tricks?
>> Or an opensips problem?
>> If you want, I can give you ssh accesses....
>>
>> Roberto
>>
>>
>> Il martedì 13/04/10 12.08, Bogdan-Andrei Iancu ha scritto:
>>> Hello Roberto,
>>>
>>> I think the problem is with the network mask you used when adding 
>>> the IP :
>>>     IP : 192.168.1.19
>>>     Mask: 255.255.255.0
>>>
>>> This rule will allow 192.168.1.xxx block of IPs - this is why the 
>>> second asterisk works too ;)
>>>
>>> Try using the 255.255.255.255 mask (of course remove the existing 
>>> entry)
>>>
>>> Regards,
>>> Bogdan
>>>
>>> Roberto Ovani wrote:
>>>> I'm using opensips 1.6.1, on Ubuntu 9.10 server (192.168.1.12)
>>>> I configured an asterisk box (192.168.1.19) to for PSTN.
>>>>
>>>> I'm trying to restrict access, to prevent false authentication from 
>>>> unauthorized users except the gateway I set up.
>>>>
>>>> from the terminal, i wrote :
>>>> /osipsconsole
>>>> address add 0 192.168.1.19 255.255.255.0 UDP 5060
>>>> /to add the gateway data into the db
>>>> So, i want ONLY that asterisk box to send calls to opensips 
>>>> bypassing authentication (this is what I found on the book by 
>>>> Gonçalves, about opensips 1.6, nd it says I can do it).
>>>>
>>>> But if itry with another asterisk box, on another Ip address e.g. 
>>>> 192.168.1.20 , opensips makes the call pass, even if I didn't put 
>>>> this entry in my Db.... I want to restrict access to 
>>>> UN-authenticated calls ONLY to 192.168.1.19
>>>>
>>>> this is a piece of code I found on the book and I used to restric 
>>>> the access only to 192.168.1.19:
>>>>
>>>>  if (!(method=="REGISTER") && is_from_local())
>>>>         {
>>>>                        if (!check_source_address("0"))
>>>>                 {
>>>>                         if (!proxy_authorize("", "subscriber"))
>>>>                         {
>>>>                                 proxy_challenge("", "0");
>>>>                                 exit;
>>>>                         }
>>>>                 }
>>>>                 else if (!db_check_from())
>>>>                 {
>>>>                                        
>>>> sl_send_reply("403","Forbidden auth ID");
>>>>                                         exit;
>>>>                 }
>>>>
>>>>         }
>>>>
>>>>
>>>> Is it right?
>>>> What do you think I have to check ?
>>>> Could you please help me ? I can't solve this problem....but i need 
>>>> it !
>>>> Thanks in advance
>>>> Best regards
>>>> Roberto
>>>> ------------------------------------------------------------------------ 
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
What would you write in the xlog statement ?

xlog (" ????");

any advice  ?
R



More information about the Users mailing list