[asterisk-dev] "Security denial" error in calls from H323 trunk (ooh323.c)
Gabriele Odone
gabriele.odone at gmail.com
Fri Oct 18 03:57:51 CDT 2013
Dears,
Environment: Asterisk 11.4
Objective: attempting H.323 trunk integration with "Polycom CMA" using
ooh323 module.
When placing H323 calls from the Polycom CMA, the call goes through the
trunk (as shown by tcpdump) but is rejected by Asterisk with the following
error in /var/log/asterisk/h323_log
==================
10:40:28:564 ERROR: Security denial remote sig IP isn't a socket ip,
10.44.1.156 not 10.71.0.55 (incoming, ooh323c_1)
10:40:28:565 ERROR:Failed ooH2250Receive - Clearing call (incoming,
ooh323c_1)
==================
(In the log, 10.44.1.156 being IP address of H323 client registered to
Polycom CMA, 10.71.0.55 being the address of Polycom CMA).
tcpdump shows "disengageRequest" H.225 sent by Asterisk to Polycom CMA.
I solved this problem by commenting these lines in ooh323.c and recompiling:
=======================
if (strncmp(remoteIP, call->remoteIP, strlen(remoteIP))) {
OOTRACEERR5("ERROR: Security denial remote sig IP isn't a socket ip, %s not
%s "
"(%s, %s)\n", remoteIP, call->remoteIP, call->callType,
call->callToken);
return OO_FAILED;
}
=======================
I am not sure if the above code is correct at all, how can the trunk work
with it? I suppose there might be a way to disable the check, in a more
clean way, but I found no option like that.
Thanks
Kind Regards
Gabriele Odone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20131018/205a62df/attachment-0001.html>
More information about the asterisk-dev
mailing list