[asterisk-dev] chan_sip SIP Authentication

Johansson Olle E oej at edvina.net
Thu Jan 29 02:05:20 CST 2009

29 jan 2009 kl. 08.54 skrev Klaus Darilion:

> asterisk at ntplx.net schrieb:
>> I know this is a can of worms and I'm just getting into a hornet's  
>> nest
>> with this. I understand that it's a bad idea to mix phone numbers
>> and device names. But I'm looking for some answers to internal  
>> asterisk
>> programming questions.... It is not my intent to drag everyone into  
>> this,
>> but this is the DEV list...
>> On my PRI gateway I an using RPID to transfer the CID info and I
>> force the "from" to just be "asterisk" to avoid auth issues. But this
>> is causing some issues when RPID does not work correctly.
>> But I am looking to solve this for my self. I am looking at two
>> ways to "solve" this issue. One is to match the peer first, the  
>> second
>> is to match the peer after an auth fail. If I match the peer first
>> then it seems to match a known "friend" as a peer...I guess because
>> a "friend" is a peer when it's known.
>> Correct? Known friends are IP peers in the too?????
>>> If you set type=peer it won't. type=friend will. But a friend
>>> is still a peer in memory. I have not changed configuration ...yet.
>> So if I match peers first, before user names, what problem am
>> am I going to cause when I match friends as peers?
> What for are you using "friends" at all?

Remember this: "friend" is not an object in the code at all, and has  
never been. It is just a configuration trick to declare a peer and a  
user with the same name. In 1.6.1 and trunk you won't really need it  
any more, since a peer has the same functionality and is only one  
object in memory, something that makes device states much more simple  
than in previous releases (the limitonpeer stuff is not needed any  

Type=user means matching on names only, and only takes incoming calls.  
In trunk and 1.6.1 a type=user can be used for outbound calls, but we  
won't match on IP for incoming calls. In memory, it's a peer with an  
attribute that says "don't match on IP for this peer'.

In trunk and 1.6.1, all phones can happily be declared type=peer. If  
you have connections where you need to separate inbound and outbound,  
You can still define type=user, but those cases are rather rare. It's  
a huge step forward towards a new model for SIP devices, but have  
costed a lot of work by me and the Digium developer team to sort out  
some issues in the code.

I think it's time to start working on type=service for services we  
register for now. There's a lot of bug reports in the bug tracker  
around that (thank you Nick!), which most of them are feature requests  
and are spot on, pinpointing the problems with registration and peers  
that we've had since the first release of chan_sip. I do hope some  
service providers will step forward and assist with funding for this  


More information about the asterisk-dev mailing list