[asterisk-users] Restrict SIP registration to one ip address only?

JD jdupuy-list at socket.net
Wed Sep 17 16:13:19 CDT 2008


It will syntactically take that definition, but it's nearly pointless. I 
suspect he is encountering a problem I have found:

It doesn't do full support static and registration simultaneously.

Most notably, at least in 1.2 (and probably 1.4) if you create a 
registrable peer it is NOT monitorable (using 'qualify=yes'). So, you 
have no idea if the phone is really offline or simply registered to one 
of the other servers in your server farm. And, no, 'defaultip=x.x.x.x' 
doesn't help either. You would think it would.

If you create a purely static peer, it rejects registration (even if 
it's from the right address). That makes sense.

This complicates things in a distributed environment.

I'd love to be wrong about this.

John

Mr Shunz wrote:
>> Maybe a bit silly question, but why doesn't Asterisk accept if you set
>> both a username&password as well as an ip address for a phone?
>>     
>
> but it does accept!
>
> in a peer definition:
>
> [user]
> type=user (or better friend)
> username=user
> secret=secret
> host=10.0.0.1
>
> [snip]
>
>   
>> It's obvious that the more phones you have the more successful a brute
>> force attack on the server will be, so i would only like to allow access
>> to he 2 Nokia phones from "any" ip.
>>     
>
> just set host=dynamic for those peers only
>
> cheers
>
>   




More information about the asterisk-users mailing list