<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">El 02/05/14 10:49, Alex Villací­s Lasso
      escribió:<br>
    </div>
    <blockquote cite="mid:5363BEA1.2010508@palosanto.com" type="cite">
      <meta content="text/html; charset=ISO-8859-1"
        http-equiv="Content-Type">
      <div class="moz-cite-prefix">El 27/04/14 07:47, Barry Flanagan
        escribió:<br>
      </div>
      <blockquote
cite="mid:CALJb54--1kUaxbWG+Yr-zZnfw6u_yYyZM5cAUDbY_OgNd8F0Uw@mail.gmail.com"
        type="cite">
        <div dir="ltr">
          <div class="gmail_extra">
            <div class="gmail_quote">On 26 April 2014 00:29, Alex
              Villací­s Lasso <span dir="ltr"><<a
                  moz-do-not-send="true"
                  href="mailto:a_villacis@palosanto.com" target="_blank">a_villacis@palosanto.com</a>></span>
              wrote:<br>
              <blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
                <div text="#000000" bgcolor="#FFFFFF">
                  <div style="font-family:-moz-fixed;font-size:14px"
                    lang="x-western">I am currently preparing a
                    kamailio-asterisk combination. The asterisk
                    installation uses realtime for SIP. The kamailio
                    configuration was based on the reference at <a
                      moz-do-not-send="true"
href="http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb"
                      target="_blank">http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb</a>
                    but has been heavily modified. Currently asterisk
                    runs on localhost and only listens on SIP/RTP at
                    127.0.0.1 . Therefore, all of the SIP traffic
                    appears to come from localhost, from the point of
                    view of asterisk. <br>
                    <br>
                    Currently I have a model on which internal SIP
                    phones get identified by the authentication
                    username, and then the contact names at From: and
                    To: get massaged to incorporate the SIP domain, in
                    order to emulate multiple-domain support. The 'sip'
                    table in Asterisk defines all such contacts as SIP
                    accounts of the form <a moz-do-not-send="true"
                      href="http://name_domain.com" target="_blank">name_domain.com</a>,
                    and the SIP phones are configured to use 'name' as
                    authentication username for domain '<a
                      moz-do-not-send="true" href="http://domain.com"
                      target="_blank">domain.com</a>'. However, SIP
                    providers that register on the server with
                    authentication names are left with their original
                    names, since in the model, SIP trunks are available
                    to all domains. <br>
                    <br>
                    Now I have to add support for SIP providers which
                    are to be authorized on the basis of IP only.
                    Apparently, the kamailio module permissions.so
                    (WITH_IPAUTH) is made for just this purpose, so I
                    enabled it. After authentication, I need to route
                    the INVITE to asterisk, and asterisk must somehow
                    match the account for the SIP trunk from the
                    available information on the INVITE request. <br>
                    <br>
                  </div>
                </div>
              </blockquote>
              <div><br>
              </div>
              <div><br>
              </div>
              <div>What I have done in a similar situation is to use
                 force_send_socket in Kamailio when sending INVITEs from
                your trusted host (your trunks) so that it is coming in
                to Asterisk from a different port (say 5070), and then
                in your Asterisk sip.conf settings create a new peer for
                this like so:</div>
              <div><br>
              </div>
              <div>[peer-incoming]</div>
              <div>
                <div style="font-family:arial,sans-serif;font-size:13px">context=peercontext</div>
                <div style="font-family:arial,sans-serif;font-size:13px">type=peer</div>
                <div style="font-family:arial,sans-serif;font-size:13px">
                  host=127.0.0.1</div>
              </div>
              <div style="font-family:arial,sans-serif;font-size:13px">port=5070</div>
              <div style="font-family:arial,sans-serif;font-size:13px"><br>
              </div>
              <div style="font-family:arial,sans-serif;font-size:13px">
                Now, when Asterisk receives an INVITE from <a
                  moz-do-not-send="true" href="http://127.0.0.1:5070">127.0.0.1:5070</a>
                it will match this peer, whereas the rest, coming from <a
                  moz-do-not-send="true" href="http://127.0.0.1:5060">127.0.0.1:5060</a>,
                will match your other subscribers.</div>
              <div style="font-family:arial,sans-serif;font-size:13px"><br>
              </div>
              <div style="font-family:arial,sans-serif;font-size:13px">Here

                is a bit of the Kamailio config:</div>
              <div style="font-family:arial,sans-serif;font-size:13px">
                <br>
              </div>
              <div style="font-family:arial,sans-serif;font-size:13px">
                <div>if (is_method("INVITE"))</div>
                <div>    {</div>
                <div>        # If call is coming from a trusted source
                  (Trunk/PSTN) then we send it to Asterisk from port
                  5070</div>
                <div>        # so that Asterisk knows this is not coming
                  from a subscriber. The peer in Asterisk needs to be
                  set with port=5070</div>
                <div>        # as well as the host=<ip address></div>
                <div>        if (allow_trusted())</div>
                <div>        {</div>
                <div>            xlog("L_INFO","Inbound to Asterisk from
                  Trusted Source IP $si, Caller: $fU, Callee: $rU with
                  Call-ID $hdr(Call-ID)");</div>
                <div>            force_send_socket(<a
                    moz-do-not-send="true" href="http://127.0.0.1:5070">127.0.0.1:5070</a>);</div>
                <div>        } else {</div>
                <div>            # This is a call from a registered
                  subscriber.</div>
                <div>            xlog("L_INFO","Inbound to Asterisk from
                  $fU to $rU with Call-ID $hdr(Call-ID)");</div>
                <div>         }   </div>
                <div>    }</div>
                <div>    route(RELAY);</div>
                <div>    exit;</div>
                <div>}</div>
                <div><br>
                </div>
              </div>
              <div>NOTE: Kamailio must be set to listen on <a
                  moz-do-not-send="true" href="http://127.0.0.1:5070">127.0.0.1:5070</a>
                as well as your usual ports for this to work! Also, your
                SIP Trunk trusted peers need to be in the Kamailio
                trusted table, or explicitly test for the src_ip rather
                than use allow_trusted().</div>
              <br>
            </div>
          </div>
        </div>
      </blockquote>
      I would rather have a solution that does not involve allocating a
      new UDP port every time a new IP-trusted SIP trunk is configured.<br>
      <br>
      I tried appending a P-Asserted Identity header to the incoming
      INVITE before routing it to asterisk, like this:<br>
      <br>
      #!ifdef WITH_IPAUTH<br>
          if((!is_method("REGISTER")) && allow_source_address()
      && $au == "")<br>
          {<br>
              # Attempt to create a P-Asserted-Identity if none exists,
      to preserve<br>
              # incoming Caller-ID<br>
              if (!is_present_hf("P-Asserted-Identity"))<br>
              {<br>
                  append_hf("P-Asserted-Identity:
      <sip:$fU@$fd>\r\n");<br>
              }<br>
      <br>
              # Loading $fU from database using IP<br>
              sql_pvquery("elxpbx", "SELECT name FROM sip WHERE host =
      '$si' AND sippasswd IS NULL", "$fU");<br>
              <br>
              # source IP allowed<br>
              return;<br>
          }<br>
      #!endif<br>
      <br>
      With tcpdump, I can see that the header is indeed appended to the
      SIP headers of the INVITE, but there is no effect in Asterisk.
      From examination of the Asterisk 11.8.1 source code, I see that
      channels/chan_sip.c contains a get_pai() function that is supposed
      to process P-Asserted-Identity and extract a caller ID. I am still
      studying the code, but I would appreciate help on this issue, to
      see why my attempt is not working.<br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
    </blockquote>
    By placing debugging statements, I think get_pai() is not being
    called when receiving an incoming INVITE, corresponding to an
    incoming call from the IP-authenticated trunk being handled by an
    IVR, but not yet routed to an internal extension. Why is this so? Is
    this by design?<br>
  </body>
</html>