[asterisk-dev] chan_sip SIP Authentication

asterisk at ntplx.net asterisk at ntplx.net
Tue Jan 27 15:16:11 CST 2009


I have the same old problem that has come up before, I know this
has asked before.

I use a cisco AS5300 PRI gateway to connect the PSTN to asterisk 1.4
with SIP. When a call comes into the PRI, the cisco sends it to
asterisk with a from of the CID which is normally a 10 digit phone
number. The cisco gateway is configured as a peer in the sip.conf file
and setup as insecure so asterisk can match the IP address.

I also have some SIP ATA devices where the user name/device name is
set as just the 10 digit phone number. This causes a problem for
asterisk when one of the users calls back into the same system.
The cisco box sends a SIP from with the 10 digit number and asterisk
matches the username in sip.conf and says the authentication does
not match (I want it to match the insecure gateway IP).

If I change check_user_full in chan_sip.c to match IP peers first then
this seems to solve the problem for the cisco/asterisk system, but seems
it may cause future authentication issues for users. When a user connects
it matches the username and then later requests match the IP in the peer
list. Are authenticated uses added as peers? Do they expire?

Other then not using the 10 digit number as a name for authentication
to solve this issue, is there a real problem matching IP peers first?
Why is this not done now? Why does asterisk not match peers by IP after
an authentication failure?

Does any/all of this change in version 1.6/trunk?

    Andrew






More information about the asterisk-dev mailing list