[asterisk-users] Restrict SIP registration to one ip address only?
JD
jdupuy-list at socket.net
Wed Sep 17 16:13:19 CDT 2008
It will syntactically take that definition, but it's nearly pointless. I
suspect he is encountering a problem I have found:
It doesn't do full support static and registration simultaneously.
Most notably, at least in 1.2 (and probably 1.4) if you create a
registrable peer it is NOT monitorable (using 'qualify=yes'). So, you
have no idea if the phone is really offline or simply registered to one
of the other servers in your server farm. And, no, 'defaultip=x.x.x.x'
doesn't help either. You would think it would.
If you create a purely static peer, it rejects registration (even if
it's from the right address). That makes sense.
This complicates things in a distributed environment.
I'd love to be wrong about this.
John
Mr Shunz wrote:
>> Maybe a bit silly question, but why doesn't Asterisk accept if you set
>> both a username&password as well as an ip address for a phone?
>>
>
> but it does accept!
>
> in a peer definition:
>
> [user]
> type=user (or better friend)
> username=user
> secret=secret
> host=10.0.0.1
>
> [snip]
>
>
>> It's obvious that the more phones you have the more successful a brute
>> force attack on the server will be, so i would only like to allow access
>> to he 2 Nokia phones from "any" ip.
>>
>
> just set host=dynamic for those peers only
>
> cheers
>
>
More information about the asterisk-users
mailing list