[Asterisk-Users] RE: SIP permit/deny

Douglas Garstang dgarstang at oneeighty.com
Fri Dec 23 10:26:01 MST 2005


Hi Aaron.

Well, I now understand something I didn't before. When a user is not granted access because their host is denied (and maybe when they fail to authenticate?), Asterisk tries to allow them into the context as defined by context= in the [general] section if allowguest=yes. Something to watch out for.

Doug.

-----Original Message-----
From: Aaron Daniel [mailto:amdtech at shsu.edu]
Sent: Friday, December 23, 2005 10:21 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [Asterisk-Users] RE: SIP permit/deny


What are your default settings configured to in the general configuration?


Douglas Garstang wrote:
> Good grief. Even this doesn't work...
>
> [a00090101]
> type=friend
> deny=0.0.0.0/0.0.0.0
>
> Asterisk is allowing extension a00090101 to connect from 192.168.10.123. I must really be missing something here...
>
> Doug
>
>
> -----Original Message-----
> From: Douglas Garstang 
> Sent: Friday, December 23, 2005 9:19 AM
> To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
> Subject: SIP permit/deny
>
>
> I have the following in sip.conf. It was my understanding that this configuration (ie with deny/permit) would only allow connections from hosts 192.168.10.4 and 192.168.10.5. That doesn't seem to be the case. Asterisk is accepting INVITE's from other addresses. 
>
> [a00090101]
> type=friend
> context=Company1
> username=a00090101
> ;secret=180
> ;insecure=very
> host=dynamic
> mailbox=company1 at vmusers
> deny=0.0.0.0/0.0.0.0
> permit=192.168.10.4/255.255.255.0
> permit=192.168.10.5/255.255.255.0
> accountcode=a00090101
> subscribecontext=status
> ;qualify=yes
> canreinvite=yes
>
> I'm trying to configure Asterisk to accept connections (ie invites) from two trusted hosts without asking for a password. If it gets an invite from somewhere else, send back Forbidden. Anyone know how to do this?
>
> Thanks,
> Doug.
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> Asterisk-Users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>   

_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

Asterisk-Users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users



More information about the asterisk-users mailing list