[OpenSIPS-Users] IP Based Authentication on Asterisk with OpenSIP (Bogdan-Andrei Iancu)

Muhammad Zulqarnain mzulqarnain2002 at yahoo.com
Sat Dec 12 20:31:35 CET 2009


Hello!

Thanks Bodgan! 

I have added following to sip header which add source IP in sip packet before sending to asterisk.
        append_hf("X-customer-ip: $si\r\n");
Sip trace got following packet which add X-customer-ip: x.x.x.x to sip header but I am wondering how to told/setup asterisk to read source IP from additional sip header instead of network level. Also I have another switch named Voipswitch on which I would not be able to customize any thing to honor incoming sip header for source ip validation so solution should work for all GW/Server other then asterisk only.

U 2009/12/12 18:58:32.829652 y.y.y.y:5060 -> z.z.z.z:5060
INVITE sip:123456789 at y.y.y.y SIP/2.0.
Record-Route: <sip:y.y.y.y;lr;ftag=a16f2b41;did=882.11d0f5f>.
To: <sip:123456789 at y.y.y.y>.
From: hello<sip:hello at y.y.y.y>;tag=a16f2b41.
Via: SIP/2.0/UDP y.y.y.y;branch=z9hG4bKfb2e.a79595a4.0.
Via: SIP/2.0/UDP x.x.x.x:7266;received=x.x.x.x;branch=z9hG4bK-d87543-197592634-1--d87543-;rport=7266.
Call-ID: 9867b13bdc3a4f30.
CSeq: 1 INVITE.
Contact: <sip:hello at x.x.x.x:7266>.
Max-Forwards: 69.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO.
Content-Type: application/sdp.
User-Agent: eyeBeam release 3007n stamp 17816.
Content-Length: 237.
X-customer-ip: x.x.x.x.

Please suggest solution with sample configs.

Thanks
Regards
Muhammad Zulqarnain



>Hi Muhammad,
>
>What you can do (and I know for sure it works with
Asterisk), is to configure opensips (LB) to add the real src IP (IP of
the client) >into a SIP header (in the request) and send it to Asterisk
- asterisk will do IP based auth but will take IP from that header
(custom >name) instead of taking it from network level.

>Regards,
>Bogdan

Muhammad Zulqarnain wrote:
> Hello!
> 
>
This is Zulqarnain and my first post to this mailing list. I just start
using OpenSIP and trying to get myself familiar with OpenSIP and it's
config files, method etc.
> 
> Well, I am trying to achieve following:
> Client IP: x.x.x.x
> OpenSIP: y.y.y.y
> Asterisk: z.z.z.z
> 
> 1) Client -> OpenSIP (Load_balancer) -> Asterisk1, Asterisk2....
> 
  a) If Client Request is Register -> Relay to Asterisk (It is
working fine as peer is defined with user/passwd auth, host=dynamic)
> 
  b) If Client Request is INVITE -> Relay to Asterisk (Asterisk
Reject as peer is defined as IP Auth, type=peer, host=x.x.x.x)
> 
>
"b" scenario failed as Asterisk read OpenSIP IP y.y.y.y and reject the
call as Asterisk is expecting Source IP x.x.x.x instead of y.y.y.y
> 
> I tried following to fix but no success:
> 
>
1) 302 Redirect for GW Clients, who can only authenticate by IP and
don't support registration with user/passwd. But my DID Provider don't
support 302 redirect although i have tested with Eyebeam Client in peer
to peer mode and it works. But as it didn't work with my provider so I
tried another way:
> 
> 2) uac_replace_from &
uac_replace_to function of uac.so module, I tried to replace from/to
field with client IP but still Invite is from OpenSIP IP y.y.y.y and
again Asterisk/Voipswitch (another switch) reject call.
> 
>
If required I can post my config file as well here or pastebin for your
expert reviews. I would like to know if it is possible to achive above
scenario with OpenSIP, if Yes then how, any example would appreciated.
> 
>
Another small problem is that while setting up 302 redirect I wanted to
pass $du value to rewritehost("") as $du have the address return by
load_balancer of destination IP and rewritehost() only accept string.
Looking for suggestion on this as well.
> 
> Hopefully to receive positive reply by community.
> 
> Thanks
> Regards,
> Muhammad Zulqarnain
> MSN: zulqarnain at globalitvision.com
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>  


-- Bogdan-Andrei Iancu
www.voice-system.ro



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20091212/20fa7b4e/attachment.htm 


More information about the Users mailing list