<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">El 27/04/14 07:47, Barry Flanagan
escribió:<br>
</div>
<blockquote
cite="mid:CALJb54--1kUaxbWG+Yr-zZnfw6u_yYyZM5cAUDbY_OgNd8F0Uw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">On 26 April 2014 00:29, Alex
Villacís Lasso <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:a_villacis@palosanto.com" target="_blank">a_villacis@palosanto.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div style="font-family:-moz-fixed;font-size:14px"
lang="x-western">I am currently preparing a
kamailio-asterisk combination. The asterisk
installation uses realtime for SIP. The kamailio
configuration was based on the reference at <a
moz-do-not-send="true"
href="http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb"
target="_blank">http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb</a>
but has been heavily modified. Currently asterisk runs
on localhost and only listens on SIP/RTP at 127.0.0.1
. Therefore, all of the SIP traffic appears to come
from localhost, from the point of view of asterisk. <br>
<br>
Currently I have a model on which internal SIP phones
get identified by the authentication username, and
then the contact names at From: and To: get massaged
to incorporate the SIP domain, in order to emulate
multiple-domain support. The 'sip' table in Asterisk
defines all such contacts as SIP accounts of the form
<a moz-do-not-send="true"
href="http://name_domain.com" target="_blank">name_domain.com</a>,
and the SIP phones are configured to use 'name' as
authentication username for domain '<a
moz-do-not-send="true" href="http://domain.com"
target="_blank">domain.com</a>'. However, SIP
providers that register on the server with
authentication names are left with their original
names, since in the model, SIP trunks are available to
all domains. <br>
<br>
Now I have to add support for SIP providers which are
to be authorized on the basis of IP only. Apparently,
the kamailio module permissions.so (WITH_IPAUTH) is
made for just this purpose, so I enabled it. After
authentication, I need to route the INVITE to
asterisk, and asterisk must somehow match the account
for the SIP trunk from the available information on
the INVITE request. <br>
<br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div><br>
</div>
<div>What I have done in a similar situation is to use
force_send_socket in Kamailio when sending INVITEs from
your trusted host (your trunks) so that it is coming in to
Asterisk from a different port (say 5070), and then in
your Asterisk sip.conf settings create a new peer for this
like so:</div>
<div><br>
</div>
<div>[peer-incoming]</div>
<div>
<div style="font-family:arial,sans-serif;font-size:13px">context=peercontext</div>
<div style="font-family:arial,sans-serif;font-size:13px">type=peer</div>
<div style="font-family:arial,sans-serif;font-size:13px">
host=127.0.0.1</div>
</div>
<div style="font-family:arial,sans-serif;font-size:13px">port=5070</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:13px">
Now, when Asterisk receives an INVITE from <a
moz-do-not-send="true" href="http://127.0.0.1:5070">127.0.0.1:5070</a>
it will match this peer, whereas the rest, coming from <a
moz-do-not-send="true" href="http://127.0.0.1:5060">127.0.0.1:5060</a>,
will match your other subscribers.</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:13px">Here
is a bit of the Kamailio config:</div>
<div style="font-family:arial,sans-serif;font-size:13px">
<br>
</div>
<div style="font-family:arial,sans-serif;font-size:13px">
<div>if (is_method("INVITE"))</div>
<div> {</div>
<div> # If call is coming from a trusted source
(Trunk/PSTN) then we send it to Asterisk from port 5070</div>
<div> # so that Asterisk knows this is not coming
from a subscriber. The peer in Asterisk needs to be set
with port=5070</div>
<div> # as well as the host=<ip address></div>
<div> if (allow_trusted())</div>
<div> {</div>
<div> xlog("L_INFO","Inbound to Asterisk from
Trusted Source IP $si, Caller: $fU, Callee: $rU with
Call-ID $hdr(Call-ID)");</div>
<div> force_send_socket(<a
moz-do-not-send="true" href="http://127.0.0.1:5070">127.0.0.1:5070</a>);</div>
<div> } else {</div>
<div> # This is a call from a registered
subscriber.</div>
<div> xlog("L_INFO","Inbound to Asterisk from
$fU to $rU with Call-ID $hdr(Call-ID)");</div>
<div>
} </div>
<div> }</div>
<div> route(RELAY);</div>
<div> exit;</div>
<div>}</div>
<div><br>
</div>
</div>
<div>NOTE: Kamailio must be set to listen on <a
moz-do-not-send="true" href="http://127.0.0.1:5070">127.0.0.1:5070</a>
as well as your usual ports for this to work! Also, your
SIP Trunk trusted peers need to be in the Kamailio trusted
table, or explicitly test for the src_ip rather than use
allow_trusted().</div>
<br>
</div>
</div>
</div>
</blockquote>
I would rather have a solution that does not involve allocating a
new UDP port every time a new IP-trusted SIP trunk is configured.<br>
<br>
I tried appending a P-Asserted Identity header to the incoming
INVITE before routing it to asterisk, like this:<br>
<br>
#!ifdef WITH_IPAUTH<br>
if((!is_method("REGISTER")) && allow_source_address()
&& $au == "")<br>
{<br>
# Attempt to create a P-Asserted-Identity if none exists, to
preserve<br>
# incoming Caller-ID<br>
if (!is_present_hf("P-Asserted-Identity"))<br>
{<br>
append_hf("P-Asserted-Identity:
<sip:$fU@$fd>\r\n");<br>
}<br>
<br>
# Loading $fU from database using IP<br>
sql_pvquery("elxpbx", "SELECT name FROM sip WHERE host =
'$si' AND sippasswd IS NULL", "$fU");<br>
<br>
# source IP allowed<br>
return;<br>
}<br>
#!endif<br>
<br>
With tcpdump, I can see that the header is indeed appended to the
SIP headers of the INVITE, but there is no effect in Asterisk. From
examination of the Asterisk 11.8.1 source code, I see that
channels/chan_sip.c contains a get_pai() function that is supposed
to process P-Asserted-Identity and extract a caller ID. I am still
studying the code, but I would appreciate help on this issue, to see
why my attempt is not working.<br>
</body>
</html>