[asterisk-users] Proper way to make Asterisk recognize SIP trunk of incoming INVITE when IP is not available

Alex Villací­s Lasso a_villacis at palosanto.com
Fri May 2 10:49:53 CDT 2014


El 27/04/14 07:47, Barry Flanagan escribió:
> On 26 April 2014 00:29, Alex Villací­s Lasso <a_villacis at palosanto.com <mailto:a_villacis at palosanto.com>> wrote:
>
>     I am currently preparing a kamailio-asterisk combination. The asterisk installation uses realtime for SIP. The kamailio configuration was based on the reference at http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb but has
>     been heavily modified. Currently asterisk runs on localhost and only listens on SIP/RTP at 127.0.0.1 . Therefore, all of the SIP traffic appears to come from localhost, from the point of view of asterisk.
>
>     Currently I have a model on which internal SIP phones get identified by the authentication username, and then the contact names at From: and To: get massaged to incorporate the SIP domain, in order to emulate multiple-domain support. The 'sip' table
>     in Asterisk defines all such contacts as SIP accounts of the form name_domain.com <http://name_domain.com>, and the SIP phones are configured to use 'name' as authentication username for domain 'domain.com <http://domain.com>'. However, SIP providers
>     that register on the server with authentication names are left with their original names, since in the model, SIP trunks are available to all domains.
>
>     Now I have to add support for SIP providers which are to be authorized on the basis of IP only. Apparently, the kamailio module permissions.so (WITH_IPAUTH) is made for just this purpose, so I enabled it. After authentication, I need to route the
>     INVITE to asterisk, and asterisk must somehow match the account for the SIP trunk from the available information on the INVITE request.
>
>
>
> What I have done in a similar situation is to use  force_send_socket in Kamailio when sending INVITEs from your trusted host (your trunks) so that it is coming in to Asterisk from a different port (say 5070), and then in your Asterisk sip.conf settings 
> create a new peer for this like so:
>
> [peer-incoming]
> context=peercontext
> type=peer
> host=127.0.0.1
> port=5070
>
> Now, when Asterisk receives an INVITE from 127.0.0.1:5070 <http://127.0.0.1:5070> it will match this peer, whereas the rest, coming from 127.0.0.1:5060 <http://127.0.0.1:5060>, will match your other subscribers.
>
> Here is a bit of the Kamailio config:
>
> if (is_method("INVITE"))
>     {
>         # If call is coming from a trusted source (Trunk/PSTN) then we send it to Asterisk from port 5070
>         # so that Asterisk knows this is not coming from a subscriber. The peer in Asterisk needs to be set with port=5070
>         # as well as the host=<ip address>
>         if (allow_trusted())
>         {
>             xlog("L_INFO","Inbound to Asterisk from Trusted Source IP $si, Caller: $fU, Callee: $rU with Call-ID $hdr(Call-ID)");
>             force_send_socket(127.0.0.1:5070 <http://127.0.0.1:5070>);
>         } else {
>             # This is a call from a registered subscriber.
>             xlog("L_INFO","Inbound to Asterisk from $fU to $rU with Call-ID $hdr(Call-ID)");
>         }
>     }
>     route(RELAY);
>     exit;
> }
>
> NOTE: Kamailio must be set to listen on 127.0.0.1:5070 <http://127.0.0.1:5070> as well as your usual ports for this to work! Also, your SIP Trunk trusted peers need to be in the Kamailio trusted table, or explicitly test for the src_ip rather than use 
> allow_trusted().
>
I would rather have a solution that does not involve allocating a new UDP port every time a new IP-trusted SIP trunk is configured.

I tried appending a P-Asserted Identity header to the incoming INVITE before routing it to asterisk, like this:

#!ifdef WITH_IPAUTH
     if((!is_method("REGISTER")) && allow_source_address() && $au == "")
     {
         # Attempt to create a P-Asserted-Identity if none exists, to preserve
         # incoming Caller-ID
         if (!is_present_hf("P-Asserted-Identity"))
         {
             append_hf("P-Asserted-Identity: <sip:$fU@$fd>\r\n");
         }

         # Loading $fU from database using IP
         sql_pvquery("elxpbx", "SELECT name FROM sip WHERE host = '$si' AND sippasswd IS NULL", "$fU");

         # source IP allowed
         return;
     }
#!endif

With tcpdump, I can see that the header is indeed appended to the SIP headers of the INVITE, but there is no effect in Asterisk. From examination of the Asterisk 11.8.1 source code, I see that channels/chan_sip.c contains a get_pai() function that is 
supposed to process P-Asserted-Identity and extract a caller ID. I am still studying the code, but I would appreciate help on this issue, to see why my attempt is not working.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140502/c642d1f7/attachment.html>


More information about the asterisk-users mailing list