[OpenSIPS-Users] Problem with Un-authenticated calls coming from a Asterisk gateway : need to restrict access

Bogdan-Andrei Iancu bogdan at voice-system.ro
Tue Apr 13 14:12:20 CEST 2010 

maybe your call does not get to the check_source_address() check - put 
some xlog to see if the script execution gets in that part.

Regards,
Bogdan

Roberto Ovani wrote:
> Sorry, there is a mistake in what I wrote:
>
> I did:
> osipsconsole
> address add 0 192.168.1.19 255.255.255.*255* UDP 5060 (not 255.255.255.0)
>
>   
> and opensips makes the call pass the same, from 192.168.1.20.....
>
> I had a look into the db entries: there is something like 
> address=192.168.1.19 mask = 32 ....
>
> Any advice?
> Asterisk tricks?
> Or an opensips problem?
> If you want, I can give you ssh accesses....
>
> Roberto
>
>
> Il martedì 13/04/10 12.08, Bogdan-Andrei Iancu ha scritto:
>> Hello Roberto,
>>
>> I think the problem is with the network mask you used when adding the IP :
>>     IP : 192.168.1.19
>>     Mask: 255.255.255.0
>>
>> This rule will allow 192.168.1.xxx block of IPs - this is why the second 
>> asterisk works too ;)
>>
>> Try using the 255.255.255.255 mask (of course remove the existing entry)
>>
>> Regards,
>> Bogdan
>>
>> Roberto Ovani wrote:
>>   
>>> I'm using opensips 1.6.1, on Ubuntu 9.10 server (192.168.1.12)
>>> I configured an asterisk box (192.168.1.19) to for PSTN.
>>>
>>> I'm trying to restrict access, to prevent false authentication from 
>>> unauthorized users except the gateway I set up.
>>>
>>> from the terminal, i wrote :
>>> /osipsconsole
>>> address add 0 192.168.1.19 255.255.255.0 UDP 5060
>>> /to add the gateway data into the db
>>> So, i want ONLY that asterisk box to send calls to opensips bypassing 
>>> authentication (this is what I found on the book by Gonçalves, about 
>>> opensips 1.6, nd it says I can do it).
>>>
>>> But if itry with another asterisk box, on another Ip address e.g. 
>>> 192.168.1.20 , opensips makes the call pass, even if I didn't put this 
>>> entry in my Db.... I want to restrict access to UN-authenticated calls 
>>> ONLY to 192.168.1.19
>>>
>>> this is a piece of code I found on the book and I used to restric the 
>>> access only to 192.168.1.19:
>>>
>>>  if (!(method=="REGISTER") && is_from_local())
>>>         {
>>>        
>>>                 if (!check_source_address("0"))
>>>                 {
>>>                         if (!proxy_authorize("", "subscriber"))
>>>                         {
>>>                                 proxy_challenge("", "0");
>>>                                 exit;
>>>                         }
>>>                 }
>>>                 else if (!db_check_from())
>>>                 {
>>>                                        sl_send_reply("403","Forbidden 
>>> auth ID");
>>>                                         exit;
>>>                 }
>>>
>>>         }
>>>
>>>
>>> Is it right?
>>> What do you think I have to check ?
>>> Could you please help me ? I can't solve this problem....but i need it !
>>> Thanks in advance
>>> Best regards
>>> Roberto
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>   
>>>     
>>   
>


-- 
Bogdan-Andrei Iancu
www.voice-system.ro

More information about the Users mailing list