[asterisk-users] Re: How to separate outgoing extens from the
contexts from sip.conf?
Eric "ManxPower" Wieling
eric at fnords.org
Wed Feb 21 19:28:00 MST 2007
Larry Alkoff wrote:
> Eric "ManxPower" Wieling wrote:
>> Larry Alkoff wrote:
>>> Eric "ManxPower" Wieling wrote:
>>>> Larry Alkoff wrote:
>>>>> Hello Eric.
>>>>>
>>>>> I don't fully understand your example.
>>>>>
>>>>> I _think_ you have in extensions.conf:
>>>>>
>>>>> [incoming]
>>>>> include => extensions
>>>>>
>>>>> [extensions]
>>>>> exten => 667
>>>>> more exten here
>>>>>
>>>>> [toll-trunks]
>>>>> exten => 91NXXNXXXXXX
>>>>> more exten here
>>>>>
>>>>> [toll-access]
>>>>> include => extensions
>>>>> include => toll-trunks
>>>>>
>>>>> My understanding of 'include' is it's as if the 'include'
>>>>> were typed line by line into the context.
>>>>>
>>>>> Since both extensions and toll-trunks are mixed together in
>>>>> [toll-access], doesn't that give anyone who gains access to extensions
>>>>> in [incoming] also access to toll-trunks? How does anyone on the
>>>>> inside gain access to [toll-access]?
>>>>>
>>>>> Also I don't understand the 'doubling' of [extensions] by including it
>>>>> in another context.
>>>>>
>>>>> I'm probably missing something here. Can you help me understand
>>>>> this better?
>>>>
>>>> No. Any device in the [incoming] context will only have access to
>>>> anything in the [incoming] and [extensions] context. i.e. it will
>>>> not have access to any exten => lines that allow dialing out of the
>>>> system. include => is only "one-way"
>>>
>>> I have a feeling that the answer is contained in your words but still
>>> don't quite get it.
>>>
>>> Let me ask this: How do inside devices get access to [toll-access]?
>>> I would like my inside devices to have access to everything unless I
>>> specifically deny access.
>>
>> Contexts are both one of the most important and most difficult
>> concepts to understand in Asterisk.
>>
>> Calls from inside devices land in the toll-access context in
>> extensions.conf. This is because of the context=toll-access line in
>> that device's section of sip.conf. This context in extensions.conf
>> include =>'s the toll-trunks context. Therefore, the inside device
>> gets access to the toll-trunks context.
>
> I _think_ we are getting somewhere.
>
> You are essentially saying that, in order to have access to
> [toll-access] I would need a line context=toll-access
> in a specific device(s).
>
> In my case, the system is for my house. So I have it setup to ring
> _all_ phones when a call comes in and would like my wife and I to be
> able to call _anywhere_. Since we never know which phone will be handy,
> it's necessary to give full access to all phones, which I think means
> context=toll-access in sip.conf for all phones.
>
> Doesn't that give access to any outside caller who can break into the
> system?
Yes, any phone you want to dialout would have a context=toll-access in
the device's sip.conf [section]. But that is not a security issue
because contexts are really something only used for calls from a device
to Asterisk. The context= line of a device is ignored when sending
calls to it.
My examples might be overly complex because I took them from my standard
context design for production systems in a corporate enviroment where we
also have contexts like [exten-access] (devices that can only dial
extensions and 911) and [local-access]/[local-trunks] (devices that can
only dial extensions, local calls, and 911)
More information about the asterisk-users
mailing list