[OpenSIPS-Users] Problem with Un-authenticated calls coming from a Asterisk gateway : need to restrict access

Roberto Ovani roberto.ebay at gmail.com
Tue Apr 13 12:26:28 CEST 2010 

Sorry, there is a mistake in what I wrote:

I did:
osipsconsole

address add 0 192.168.1.19 255.255.255.*255*  UDP 5060 (not 255.255.255.0)


and opensips makes the call pass the same, from 192.168.1.20.....

I had a look into the db entries: there is something like 
address=192.168.1.19 mask = 32 ....

Any advice?
Asterisk tricks?
Or an opensips problem?
If you want, I can give you ssh accesses....

Roberto


Il martedì 13/04/10 12.08, Bogdan-Andrei Iancu ha scritto:
> Hello Roberto,
>
> I think the problem is with the network mask you used when adding the IP :
>      IP : 192.168.1.19
>      Mask: 255.255.255.0
>
> This rule will allow 192.168.1.xxx block of IPs - this is why the second
> asterisk works too ;)
>
> Try using the 255.255.255.255 mask (of course remove the existing entry)
>
> Regards,
> Bogdan
>
> Roberto Ovani wrote:
>    
>> I'm using opensips 1.6.1, on Ubuntu 9.10 server (192.168.1.12)
>> I configured an asterisk box (192.168.1.19) to for PSTN.
>>
>> I'm trying to restrict access, to prevent false authentication from
>> unauthorized users except the gateway I set up.
>>
>> from the terminal, i wrote :
>> /osipsconsole
>> address add 0 192.168.1.19 255.255.255.0 UDP 5060
>> /to add the gateway data into the db
>> So, i want ONLY that asterisk box to send calls to opensips bypassing
>> authentication (this is what I found on the book by Gonçalves, about
>> opensips 1.6, nd it says I can do it).
>>
>> But if itry with another asterisk box, on another Ip address e.g.
>> 192.168.1.20 , opensips makes the call pass, even if I didn't put this
>> entry in my Db.... I want to restrict access to UN-authenticated calls
>> ONLY to 192.168.1.19
>>
>> this is a piece of code I found on the book and I used to restric the
>> access only to 192.168.1.19:
>>
>>   if (!(method=="REGISTER")&&  is_from_local())
>>          {
>>
>>                  if (!check_source_address("0"))
>>                  {
>>                          if (!proxy_authorize("", "subscriber"))
>>                          {
>>                                  proxy_challenge("", "0");
>>                                  exit;
>>                          }
>>                  }
>>                  else if (!db_check_from())
>>                  {
>>                                         sl_send_reply("403","Forbidden
>> auth ID");
>>                                          exit;
>>                  }
>>
>>          }
>>
>>
>> Is it right?
>> What do you think I have to check ?
>> Could you please help me ? I can't solve this problem....but i need it !
>> Thanks in advance
>> Best regards
>> Roberto
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>      
>
>    

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20100413/27cc7dfe/attachment.htm

More information about the Users mailing list