[asterisk-users] SIP - Authenticated vs Unauthenticated Calls

Olle E. Johansson oej at edvina.net
Thu Nov 1 10:32:33 CDT 2012


1 nov 2012 kl. 15:13 skrev Joshua Colp <jcolp at digium.com>:

> Tim Nelson wrote:
>> 
>> Thanks Joshua-
>> 
>> In this case, we're using SIP registration to peer the remote systems to the 'central system'. In option #1 above, the 'user' portion is always the CID we set for the outbound call, but the actual SIP user is something different like 'site12' for example. So, it would appear #1 is not a match...
> 
> Registration just tells the remote system what your IP address/port is for sending calls.
> 
> You don't *have* to send CID like you are. You can override using fromuser to ensure that the specific peer is *always* matched and authenticated. CID can be conveyed in an alternate header, like Remote-Party-ID. The options involved for RPID are "sendrpid=yes" on the caller box and "trustrpid=yes" on the receiving box.
> 
>> That leaves us with option #2. We're using 'qualify=yes' on both sides of the SIP peering. If a peer becomes unreachable (fast UDP state table timeout on a remote firewall for example) as seen by the central system, and an outbound call is made from the remote system, that would mean the call is coming from an unknown IP:port. Would this then make sense Asterisk would simply throw it into the from-sip-external context as an unknown/unauthenticated call? And of course, when the peer *is* registered, and a call is made, Asterisk on the central system allows the call as authenticated due to the source IP/port being known via the registration status?
> 
> It's possible, without logs and such it's only a guess.
Agree, all comments are pure speculations at this point.

Try removing the user object to simplify. If you have type=friend, change to type=peer and you will *only* get IP/port-based matching and can configure your system in a controlled way. There are just a few situations where you actually benefit from having type=friend and match object names with Caller ID numbers.

/O


--
* Olle E. Johansson - oej at edvina.net
* Kamailio & SIP Masterclass Miami FL December 2012
* http://edvina.net/training/







More information about the asterisk-users mailing list