[asterisk-users] action at registering or de-registering
Sherwood McGowan
sherwood.mcgowan at gmail.com
Wed Nov 24 16:49:31 CST 2010
On Wed, Nov 24, 2010 at 4:24 PM, Hans Witvliet <hwit at a-domani.nl> wrote:
> On Wed, 2010-11-24 at 15:47 -0600, Sherwood McGowan wrote:
>> On Wed, Nov 24, 2010 at 3:08 PM, Hans Witvliet <hwit at a-domani.nl> wrote:
>> > On Wed, 2010-11-24 at 08:29 -0500, Ryan Bullock wrote:
>> >> On Asterisk 1.8 when a SIP peer resgisters or unregisters it generates
>> >> a PeerStatus event. I don't know if this is in 1.4/1.6 as well, but
>> >> should be easy enough to test.
>> >>
>> >> Here is an example of what I see on the manager interface during a
>> >> register/unregister:
>> >>
>> >> Event: PeerStatus
>> >> Privilege: system,all
>> >> ChannelType: SIP
>> >> Peer: SIP/twinkle
>> >> PeerStatus: Registered
>> >> Address: 192.168.56.1:5068
>> >>
>> >> Event: PeerStatus
>> >> Privilege: system,all
>> >> ChannelType: SIP
>> >> Peer: SIP/twinkle
>> >> PeerStatus: Unregistered
>> >>
>> >> I think that should work for whatever you need to do.
>> >>
>> >
>> > I'm doing a fresh install, so 1.8 is what i'm going to use.
>> >
>> > What i want to check, is whether to person who is doing a register, is
>> > realy the person at the other end of a VPN-tunnel.
>> > With openvpn i'm absolutely sure which person is at a certain
>> > vpn-ip-addres. I must check if the registering is faked or not.
>> >
>> > As ong as linphone (or for that matter any other softphone) does not
>> > have a possibility for using the libraries from opensc, there is no
>> > other way...
>> >
>> > So next couple of weeks i'll start exploring AMI,
>> >
>> > Thanks!
>> >
>
>> >
>>
>> Well, if that's all you need (restricting registrations for a SIP
>> endpoint to a specific IP address), try one of the following
>> methods...
>>
>> Method 1:
>> In the endpoint definition, set the host to the vpn ip address, rather
>> than setting it to dynamic. This disallows registrations. Then, use
>> qualify=yes so Asterisk "knows" when the endpoint is available
>> (responding to OPTIONS requests).
>>
>> Method 2:
>> Use the permit,deny, and mask settings to define what ip address
>> and/or network the endpoint should be at, thereby locking out use from
>> another address.
>> (http://www.voip-info.org/wiki/view/Asterisk+sip+permit-deny-mask)
>>
>> Either of those should resolve your needs
>
>
> No, don't think so, (unless mistaken)
> Everybody got a dynamic address from openvpn, something in 10.225.0.0/16
> You never know what you wil get, so it got to be dynamic.
>
> Anybody within that range is a valid user (otherwise he could not set up
> the vpn-tunnel). But any rogue co-worker should not be able to register
> as another co-worker, so method-2 won't do either.
>
> sip/tls might have been a solution, but private keys are locked on a
> card, and can ony be reached with the pkcs11-libs from opensc.
>
> Hans
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
Ah, I see, sorry I misunderstood what you needed. Good luck
More information about the asterisk-users
mailing list