[asterisk-users] additional range parameter for sip peer

Thomas Rechberger t.rechberger at gmail.com
Sat Mar 29 05:12:38 CDT 2014

Many ITSP are using loadbalancers, so if somebody registers on a sip 
peer with specific dns host, an incoming call may be received from a 
different ip and the host value in peer section doesnt match, so it will 
go to default context.

For example Telekom or 1&1, biggest providers in Germany are using too 
many different addresses that its not practical to define them all (up 
to 50 hosts and they still add!), as this will also generate too much 
traffic (especially with qualify and multiple registrations) and they 
may even lock you out as untrusted, which may even result in that they 
will block asterisk permanently for everybody. Thats not really desirable.

I think its also not recommended in terms of security to use default 
context with allowguest=yes and sort the incoming calls by header, 
because this can be faked easily.

 From my understanding the permit/deny parameters are only used for 
incoming calls if host is set to dynamic and then there will be no 
outgoing registration to remote peer possible. permit/deny is used for 
access, not for matching.

How about an additional parameter where an range of ip addresses can be 
defined in peer section, which will be used for matching calls?


More information about the asterisk-users mailing list