[asterisk-users] Sip exten matching based on contact: sip header?

Mike Fedyk mike at reachme.com
Mon Mar 24 23:04:32 CDT 2008 

Asterisk: 1.4.17 with sip realtime
Openser 1.3.x

Hi,

I had this setup working fine until I try putting OpenSER in the picture as
a proxy.  

Unauthenticated calls go to a PRI based app via a ZAP channel, calls to sip
users get send to them etc.  Now with a proxy in the picture asterisk asks
the incoming calls for authentication "407 Proxy Authentication Required".

It seems that the sip channel matching is based only on source IP address
instead of also checking the contact: header as mentioned in the O'Reilly
book.

According to Asterisk 2nd edition it says about insecure "... If you set
insecure=invite, you'll determine which peer to match on by comparing the IP
address or hostname and port number to those provided in the contact field
of the SIP header with the host and port options in sip.conf.  If a match is
found, authentication will not be required on the initial INVITE, and the
call will be allowed."

The funny thing is that if I do a 'sip reload' and receive a call from one
my DIDs through the provider it goes to the default context when received
through OpenSER as expected.  But once a sip realtime user makes a call it
will match their peer instead of the one specified with the provider's Ip
address.

I've seen this in my logs after turning on sip debugging, it looks like
different users get matched based on the sort of the sip peers list (which
can change based on how long ago a reload was done and who has been active
because of sip realtime).

[Mar 24 17:04:23] Sending to 74.x.x.x : 5060 (no NAT)
[Mar 24 17:04:23] Using INVITE request as basis request - blahblah at 64.x.x.x
[Mar 24 17:04:23] Found peer 'some_peer'

The sip users have their host=ip_of_openser so I can understand why it would
get confused if it didn't check the contact header for clairification since
a call is also coming from that source IP address when proxied through
openser.

Maybe I'm approaching this from the wrong direction, anyone have any ideas?

Mike

[privider1a]
type=peer
host=67.x.x.x
insecure=invite,port
context=default
qualify=999

[provider1a]
type=peer
host=67.x.x.x
insecure=invite,port
context=default
qualify=999

[provider2]
type=peer
;host=sip.provider2.com
host=64.x.x.x
insecure=invite,port
context=default
qualify=999

More information about the asterisk-users mailing list