[OpenSIPS-Users] opensips and asterisk

Brett Nemeroff brett at nemeroff.com
Tue May 4 23:58:13 CEST 2010


Sure, you can have opensips stuff the original IP of the client into a
custom header and then have asterisk check that header using a custom built
dialplan..

There may be a more sophisticated way to do it. Especially if you don't
consume credentials, but that seems kind of sloppy to me.

BTW, if you create a custom header, be sure to delete the header, before you
add it.. Just in case someone is trying to spoof that internal header on
invite..
-Brett


On Tue, May 4, 2010 at 4:19 PM, info <info at dcomms.net> wrote:

> Hi,
>
> I think this means you cannot use IP authentication on asterisk for several
> clients because asterisk sees Opensips as a single client.
>
> I have a similar problem. I have clients registering with Opensips. I have
> installed the load balancing module on Opensips
> and sending traffic on to asterisk. The asterisk is configured for IP
> authentication
>
>
> The problem is Asterisk sees the IP address off Opensips and not the end
> client
>
> **********
> Using INVITE request as basis request -
> 2b48506c1e10454d345aa7103921ded5 at asterisk_ip_address
> No matching peer for '04480991222' from 'opensips_ip_address:5060'
> **********
>
> I guess what i am trying to say is that is there a way to authenticate with
> the real ip off the client
>
>
> Thanks
>
>
>
>
> -----Original Message-----
> From: users-bounces at lists.opensips.org [mailto:
> users-bounces at lists.opensips.org] On Behalf Of David J.
> Sent: 04 May 2010 18:00
> To: OpenSIPS users mailling list
> Subject: Re: [OpenSIPS-Users] opensips and asterisk
>
> Sorry, The way I recommend doing this was assuming the user on the
> Asterisk box needed to be publicly reachable from anywhere.
>
> I think that approach makes sense when using DID's and inbound routing
> that does need authentication.
>
>
>
> On 5/4/10 12:55 PM, Olle E. Johansson wrote:
> > 4 maj 2010 kl. 18.30 skrev Brett Nemeroff:
> >
> >
> >> Carmelo,
> >> If you have an SIP peer that matches the host and port of the opensips
> server.. ie:
> >> [opensips]
> >> type=friend
> >> host=<ip of opensips.
> >> port=<port of opensips>  (can be omitted if port 5060)
> >>
> >> Then it'll match that.. typically if it's coming from opensips you'll
> want to add:
> >> insecure=invite
> >>
> >> so that opensips won't be challenged to authenticate. Also be sure there
> is no secret set.
> >>
> >> I personally wouldn't do this using the default context as the other
> posters had recommended as that will allow *anyone* to send traffic to your
> asterisk server. Which I don't believe is what you really want to do.
> Instead, create a peer that is limited by IP and PORT allowed to send
> invites without a secret.
> >>
> >> Also be sure that the context for that peer is set to the right context
> and that if from the asterisk CLI you type:
> >> dialplan show<RURI username>@<opensips context>
> >> that it matches something you'd expect.
> >>
> >> On another note, are you performing a consume credentials? I think it
> *might* be possible that opensips is forwarding your UAC's credentials on to
> Asterisk if you are not..
> >>
> >>
> > If you want to ONLY match on IP/port, you need to use "type=peer".
> >
> > regards,
> > /O
> >
> >
> >> -Brett
> >>
> >>
> >> On Tue, May 4, 2010 at 8:02 AM, wüber<leone81 at gmail.com>  wrote:
> >>
> >> Hi Bogdan,
> >>
> >> connecting Opensips with Asterisk I can see that if a client registered
> on
> >> Opensips server tries to make a call to a client in Asterisk domain,
> after
> >> the INVITE, it receives a "forbidden" message from asterisk. I have set
> the
> >> forwarding functionality in Opensips (rewriteuri function) and I'm
> pretty
> >> sure it's something related to asterisk.
> >>
> >> Perhaps this is not the right section, but anyway could you help me? Do
> you
> >> know what I should set in the sip.conf of Asterisk config file?
> >>
> >> Thanks a lot,
> >> Carmelo
> >> --
> >> View this message in context:
> http://opensips-open-sip-server.1449251.n2.nabble.com/opensips-and-asterisk-tp4962200p5003181.html
> >> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opensips.org
> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opensips.org
> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >>
> > ---
> > * Olle E Johansson - oej at edvina.net
> > * Cell phone +46 70 593 68 51, Office +46 8 96 40 20, Sweden
> >
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> >
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20100504/f8561cc3/attachment.htm 


More information about the Users mailing list