[OpenSIPS-Users] Problem with Un-authenticated calls coming from a Asterisk gateway : need to restrict access
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Wed Apr 14 14:44:55 CEST 2010
yes, use the xlog() statement and print whatever you want - it is just
to see (in logs) that the execution got to the source checking:
if (!(method=="REGISTER") && is_from_local())
{
xlog("--- before doing check_source_address\n");
if (!check_source_address("0"))
{
if (!proxy_authorize("", "subscriber"))
{
proxy_challenge("", "0");
exit;
}
}
else if (!db_check_from())
{
sl_send_reply("403","Forbidden
auth ID");
exit;
}
}
Regards,
Bogdan
Roberto Ovani wrote:
> Il martedì 13/04/10 14.12, Bogdan-Andrei Iancu ha scritto:
>> maybe your call does not get to the check_source_address() check -
>> put some xlog to see if the script execution gets in that part.
>>
>> Regards,
>> Bogdan
>>
>> Roberto Ovani wrote:
>>> Sorry, there is a mistake in what I wrote:
>>>
>>> I did:
>>> osipsconsole
>>> address add 0 192.168.1.19 255.255.255.*255* UDP 5060 (not
>>> 255.255.255.0)
>>>
>>> and opensips makes the call pass the same, from 192.168.1.20.....
>>>
>>> I had a look into the db entries: there is something like
>>> address=192.168.1.19 mask = 32 ....
>>>
>>> Any advice?
>>> Asterisk tricks?
>>> Or an opensips problem?
>>> If you want, I can give you ssh accesses....
>>>
>>> Roberto
>>>
>>>
>>> Il martedì 13/04/10 12.08, Bogdan-Andrei Iancu ha scritto:
>>>> Hello Roberto,
>>>>
>>>> I think the problem is with the network mask you used when adding
>>>> the IP :
>>>> IP : 192.168.1.19
>>>> Mask: 255.255.255.0
>>>>
>>>> This rule will allow 192.168.1.xxx block of IPs - this is why the
>>>> second asterisk works too ;)
>>>>
>>>> Try using the 255.255.255.255 mask (of course remove the existing
>>>> entry)
>>>>
>>>> Regards,
>>>> Bogdan
>>>>
>>>> Roberto Ovani wrote:
>>>>> I'm using opensips 1.6.1, on Ubuntu 9.10 server (192.168.1.12)
>>>>> I configured an asterisk box (192.168.1.19) to for PSTN.
>>>>>
>>>>> I'm trying to restrict access, to prevent false authentication
>>>>> from unauthorized users except the gateway I set up.
>>>>>
>>>>> from the terminal, i wrote :
>>>>> /osipsconsole
>>>>> address add 0 192.168.1.19 255.255.255.0 UDP 5060
>>>>> /to add the gateway data into the db
>>>>> So, i want ONLY that asterisk box to send calls to opensips
>>>>> bypassing authentication (this is what I found on the book by
>>>>> Gonçalves, about opensips 1.6, nd it says I can do it).
>>>>>
>>>>> But if itry with another asterisk box, on another Ip address e.g.
>>>>> 192.168.1.20 , opensips makes the call pass, even if I didn't put
>>>>> this entry in my Db.... I want to restrict access to
>>>>> UN-authenticated calls ONLY to 192.168.1.19
>>>>>
>>>>> this is a piece of code I found on the book and I used to restric
>>>>> the access only to 192.168.1.19:
>>>>>
>>>>> if (!(method=="REGISTER") && is_from_local())
>>>>> {
>>>>> if (!check_source_address("0"))
>>>>> {
>>>>> if (!proxy_authorize("", "subscriber"))
>>>>> {
>>>>> proxy_challenge("", "0");
>>>>> exit;
>>>>> }
>>>>> }
>>>>> else if (!db_check_from())
>>>>> {
>>>>>
>>>>> sl_send_reply("403","Forbidden auth ID");
>>>>> exit;
>>>>> }
>>>>>
>>>>> }
>>>>>
>>>>>
>>>>> Is it right?
>>>>> What do you think I have to check ?
>>>>> Could you please help me ? I can't solve this problem....but i
>>>>> need it !
>>>>> Thanks in advance
>>>>> Best regards
>>>>> Roberto
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at lists.opensips.org
>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>
>>
> What would you write in the xlog statement ?
>
> xlog (" ????");
>
> any advice ?
> R
>
--
Bogdan-Andrei Iancu
www.voice-system.ro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20100414/08e725f5/attachment-0001.htm
More information about the Users
mailing list