[OpenSIPS-Users] Help with Inbound PSTN, and Inbound SIP URI Authentication Sub-Routine
T.R. Missner
tr at voipjedi.com
Tue Sep 14 23:00:12 CEST 2010
I've used the permissions module for this in the past.
Essentially you can whitelist your carriers' IP addresses using permissions
module.
-tr
On Tue, Sep 14, 2010 at 4:52 PM, Brett Woollum <brett at woollum.com> wrote:
> Hi Kennard,
>
> I need to provide some level of authentication for incoming calls. This is
> because I need to allow my PSTN gateways to bring any calls for my DIDs into
> OpenSIPS, but I don't want to open the door and allow anybody from the
> internet to call any of my DIDs using a direct URI. I have a database table
> that contains incoming DIDs that I process calls from my gateway against,
> and a sepearate database table which contains incoming SIP URI's that I
> process completely unauthenticated calls against.
>
> In this scenario, my PSTN gateway can bring calls into sip:
> +13145551212 at mysipdomain.com, but an Internet user cannot call that
> number. On the other hand, an unauthenticated Internet user can call
> sip:mycompany at mysipdomain.com <sip%3Amycompany at mysipdomain.com>sucessfully.
>
> Does this make sense?
>
> Brett W
>
> Sent from my iPhone
>
> On Sep 14, 2010, at 8:44 AM, Kennard_White at logitech.com wrote:
>
> Hi Brett,
>
> For what it is worth, I do it the other way around: I check the source IP,
> and if from a PSTN provider process the telephone number as appropriate for
> them; otherwise I do user auth.
>
> A question: if you're allowing "outside" users to call in, why authenticate
> any INVITE traffic? (Ok, you have to authenticate traffic going to PSTN from
> your subscribers, but other than that...)?
>
> Regards,
> Kennard
>
> <graycol.gif>Brett Woollum ---09/14/2010 02:26:33 AM---David, The
> "is_from_local" function is just what I needed. It will allow me to decipher
> whether or
>
>
> From: Brett Woollum <brett at woollum.com>
> To: OpenSIPS users mailling list <users at lists.opensips.org>
> Date: 09/14/2010 02:26 AM
> Subject: Re: [OpenSIPS-Users] Help with Inbound PSTN, and Inbound SIP URI
> Authentication Sub-Routine
> Sent by: users-bounces at lists.opensips.org
>
> ------------------------------
>
>
>
> David,
>
> The "is_from_local" function is just what I needed. It will allow me to
> decipher whether or not the user appears local or not, and authenticate them
> if so (ie: a subscriber), or check their IP if not (ie: from my gw).
>
> Thanks!
>
> Brett Woollum
> <Brett at Woollum.com>Brett at Woollum.com
>
>
> ----- Original Message -----
> From: "David J." <david at styleflare.com>
> To: "OpenSIPS users mailling list" <users at lists.opensips.org>
> Sent: Tuesday, September 14, 2010 1:08:38 AM GMT -08:00 US/Canada Pacific
> Subject: Re: [OpenSIPS-Users] Help with Inbound PSTN, and Inbound SIP URI
> Authentication Sub-Routine
>
> It depends on your configuration.
>
> You can place it before or after.
>
> Because you dont want to authenticate inbound calls, you can have a simple
> if statement that checks if the user is not local and alias exists, then
> relay to that alias.
>
> Not real code:
>
> if(not_from_local){
> if(alias()){
> relay;
> }
> }
>
> On 9/14/10 3:32 AM, Brett Woollum wrote:
>
>
>
> Hi David,
>
> As far as I can tell, the alias module is independent of how the
> call is authenticated. My understanding is that it will look for a
> replacement URI based on the current one, and replace if a new one is found.
> It appears as though this "function" would go into the config file somewhere
> after the section I'm working on now.
>
> Is my understanding correct?
>
> I'll need some way to determine if this is an inbound call (i.e.;
> not originating from a subscriber's phone) prior to mapping it to the alias
> module. Also, I'd like to determine if the incoming call is from my PSTN
> gateway and give different aliases than if the call was a SIP URI call.
>
> Brett Woollum
> *Brett at Woollum.com* <Brett at Woollum.com>
>
>
> ----- Original Message -----
> From: "David J." *<david at styleflare.com>* <david at styleflare.com>
> To: "OpenSIPS users mailling list" *<users at lists.opensips.org>*<users at lists.opensips.org>
> Sent: Tuesday, September 14, 2010 12:20:23 AM GMT -08:00 US/Canada
> Pacific
> Subject: Re: [OpenSIPS-Users] Help with Inbound PSTN, and Inbound
> SIP URI Authentication Sub-Routine
>
> Hi Brett,
>
> The common practice is to use the alias module for inbound routing.
>
> You can look at the docs for its usage, but essentially you can map
> DID's to local users.
>
>
>
> On 9/14/10 3:18 AM, Brett Woollum wrote:
>
> Hello!
>
> I have an OpenSIPS 1.6.3 installation that is working well. I
> have subscribers registering to OpenSIPS, and they can dial between each
> other and outside of my domain (to my media servers and to the PSTN). All is
> well.
>
> I am now beginning to write the configuration that will
> process inbound calls - meaning calls from non-subscribers. This will
> include calls from the PSTN gateway, as well as direct SIP URI calls to the
> OpenSIPS subscribers. For example, a person can call 515-555-1212 from a
> regular phone, and the call will come to OpenSIPS as an un-authenticated
> call from my PSTN gateway. Also, I'd like to accept SIP URI's for incoming
> calls. For example, calling *mycompany at mysipdomain.com*<mycompany at mysipdomain.com>from a soft phone might route the call to subscriber A's phone.
>
> The code I have that applies to this is: (This is currently
> configured to authenticate all outbound calls from subscribers only.)
> # authenticate if from local subscriber
> if (!(method=="REGISTER")) {
> if (!proxy_authorize("", "subscriber")) {
> proxy_challenge("", "0");
> exit;
> }
> if (!db_check_from()) {
> send_reply("403","Forbidden auth ID");
> exit;
> }
>
> consume_credentials();
> # caller authenticated
> }
>
> I am looking for direction on how to expand this to determine
> if the call is A) from a subscriber calling outbound, B) inbound from the
> PSTN, or C) inbound from any other user calling my SIP URI's. Once I am able
> to determine this information, I'll be able to route the call appropriately
> within the rest of my scripts.
>
> My problem is that my SIP phones usually attempt to place
> calls without including authorization in the header (because they are
> registered already), then OpenSIPS replies requiring proxy authentication.
> The SIP phones will then try the call again including the credentials in the
> header, which works. How can I re-write this section of code to allow
> inbound SIP URI calls and calls from my PSTN gateway, while still asking my
> subscribers to authenticate? Or, is there a method that might work better?
>
> Notes:
> - Each of my PSTN gateway's has a static IP.
> - It's safe to assume a single-domain setup (mysipdomain.com).
>
> Thanks in advance!
>
> Brett Woollum*
> **Brett at Woollum.com* <Brett at Woollum.com>
>
>
> _______________________________________________
> Users mailing list
> *Users at lists.opensips.org* <Users at lists.opensips.org>
> *http://lists.opensips.org/cgi-bin/mailman/listinfo/users*<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>
>
> _______________________________________________ Users mailing list *
> Users at lists.opensips.org* <Users at lists.opensips.org> *
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users*<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>
> _______________________________________________
> Users mailing list
> *Users at lists.opensips.org* <Users at lists.opensips.org>
> *http://lists.opensips.org/cgi-bin/mailman/listinfo/users*<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>
>
>
> _______________________________________________ Users mailing list
> Users at lists.opensips.org
> <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> <Users at lists.opensips.org>Users at lists.opensips.org
> <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20100914/101a23cb/attachment.htm
More information about the Users
mailing list