[Asterisk-Users] force SIP authentication

Wiley Siler wsiler at education2020.com
Tue Mar 8 11:40:25 MST 2005


Race, I think this only came to me.   

Great info none the less and a correction to my misunderstanding of SIP.
I was under the impression that my registrations actually protected my
machines.  Fortunately my * is behind a nice Cisco PIX but none the less
it opened my eyes.

Thanks,
Wiley





-----Original Message-----
From: Race Vanderdecken [mailto:asterisk at codetyrant.com] 
Sent: Tuesday, March 08, 2005 11:35 AM
To: Wiley Siler
Subject: RE: [Asterisk-Users] force SIP authentication

Florian,

The code basically allows any device that shows up to try and do a SIP
REGISTER.

Using a username and password setup in sip.conf only sets the
instructions for a phone try to REGISTER under a particular account.

 autocreatepeer=no will stop them from REGISTERING with your server so
calls can not be place through your SIP server to elsewhere, unless they
have an account and the can provided the secret= or md5secret=
passwords.

The secret= and md5secret= passwords are stored in the
phone/device/soft-phone that is making the registration attempt.

http://www.voip-info.org/wiki-Asterisk+sip+autocreatepeer

Authorization is part of Registration. Registration is not part of
Authorization. (I am slowly working on the release of code that will
require Authorization and Authentication of the incoming caller via
radius to only authenticated phones will be allowed to call in to the
server.)


Pretty much anyone can call to your Asterisk server. Asterisk will
answer and look for an extension that matches the number or pattern they
are calling.

If you want to block users from calling in to your asterisk extensions
then you have to setup extension.conf rules to send them to the trash if
the caller is unknown.

I am not an extension.conf macro expert so I can't give you much help on
that end. I have done extensive SIP programming in asterisk and know it
can be done by using RADIUS or other caller lookup methods to check a
database of number that are allowed to call in.

You might create a new list question that asks how to block incoming
calls, or how to black list callers it that is what you are looking for.

Race "The Tyrant" Vanderdecken

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Wiley
Siler
Sent: Tuesday, March 08, 2005 1:02 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: RE: [Asterisk-Users] force SIP authentication

???

The only way a SIP client can connect to Asterisk is if there is an
entry defined in sip.conf.  That unto itself requires passing the
extension name and the secret which is essentually username/password as
you are requesting.

Google sip.conf at the Wiki.

W


-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Florian
Effenberger
Sent: Tuesday, March 08, 2005 10:46 AM
To: asterisk-users at lists.digium.com
Subject: [Asterisk-Users] force SIP authentication

Hello,

is it possible with Asterisk to force SIP authentication? Right now, it
seesm that just any SIP client can at least connect to my PBX, which I
don't want. I want users to authenticate with username and password and
otherwise deny them access.

Thanks
Florian
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users





More information about the asterisk-users mailing list