[asterisk-dev] chan_sip SIP Authentication
Johansson Olle E
oej at edvina.net
Thu Jan 29 02:05:20 CST 2009
29 jan 2009 kl. 08.54 skrev Klaus Darilion:
> asterisk at ntplx.net schrieb:
>> I know this is a can of worms and I'm just getting into a hornet's
>> with this. I understand that it's a bad idea to mix phone numbers
>> and device names. But I'm looking for some answers to internal
>> programming questions.... It is not my intent to drag everyone into
>> but this is the DEV list...
>> On my PRI gateway I an using RPID to transfer the CID info and I
>> force the "from" to just be "asterisk" to avoid auth issues. But this
>> is causing some issues when RPID does not work correctly.
>> But I am looking to solve this for my self. I am looking at two
>> ways to "solve" this issue. One is to match the peer first, the
>> is to match the peer after an auth fail. If I match the peer first
>> then it seems to match a known "friend" as a peer...I guess because
>> a "friend" is a peer when it's known.
>> Correct? Known friends are IP peers in the too?????
>>> If you set type=peer it won't. type=friend will. But a friend
>>> is still a peer in memory. I have not changed configuration ...yet.
>> So if I match peers first, before user names, what problem am
>> am I going to cause when I match friends as peers?
> What for are you using "friends" at all?
Remember this: "friend" is not an object in the code at all, and has
never been. It is just a configuration trick to declare a peer and a
user with the same name. In 1.6.1 and trunk you won't really need it
any more, since a peer has the same functionality and is only one
object in memory, something that makes device states much more simple
than in previous releases (the limitonpeer stuff is not needed any
Type=user means matching on names only, and only takes incoming calls.
In trunk and 1.6.1 a type=user can be used for outbound calls, but we
won't match on IP for incoming calls. In memory, it's a peer with an
attribute that says "don't match on IP for this peer'.
In trunk and 1.6.1, all phones can happily be declared type=peer. If
you have connections where you need to separate inbound and outbound,
You can still define type=user, but those cases are rather rare. It's
a huge step forward towards a new model for SIP devices, but have
costed a lot of work by me and the Digium developer team to sort out
some issues in the code.
I think it's time to start working on type=service for services we
register for now. There's a lot of bug reports in the bug tracker
around that (thank you Nick!), which most of them are feature requests
and are spot on, pinpointing the problems with registration and peers
that we've had since the first release of chan_sip. I do hope some
service providers will step forward and assist with funding for this
More information about the asterisk-dev