[OpenSIPS-Users] PBX sending calls to Opensips
Schneur Rosenberg
rosenberg11219 at gmail.com
Wed Jul 25 22:23:26 CEST 2012
I already did something similar look at snippet bellow so any call
coming from a IP thats registered to our server will always do
proxy_authorize(), other calls will assume that its a unauthenticated
DID call or a call going to a local call
if (!(method=="REGISTER"))
{
avp_db_query("select username from location where
contact regexp '$si' or received like
'sip:$si%'","$avp(is_registered)");
}
if (!(method=="REGISTER") && avp_check("$avp(is_registered)", "gt/1/g"))
{
if(!is_from_gw())
{
if (!proxy_authorize("sosglobal", "subscriber"))
{
append_hf("P-hint: Proxy auth failed\r\n");
proxy_challenge("sosglobal", "0");
exit;
}
}
On Wed, Jul 25, 2012 at 8:48 PM, Ali Pey <alipey at gmail.com> wrote:
> Schneur,
>
> You can examine the src_ip first to see if the call if from your pbx or not.
> Then you can also examine to request-uri to distinguish the call between a
> pstn call or a sip client - assuming your sip clients have a different sip
> address/pattern than pstn numbers. Things like this:
>
> if ( src_ip == pbx1_ip || src_ip == pbx2_ip ){
> # From PBXs
> }
>
> if ($rU=~"^\+?[0-9]{3,18}") {
> # request-uri is for a PSTN number, send the message to whatever
> route(1)
> }
>
> Basically you need to find a difference between the call attributes and
> examine that, it can be the src_ip, ruri pattern, etc.
>
> Regards,
> Ali Pey
>
> On Wed, Jul 25, 2012 at 9:41 AM, Schneur Rosenberg
> <rosenberg11219 at gmail.com> wrote:
>>
>> check_source_address won't work for me, my clients are behind Dynamic
>> ip's, there is no way for me to know in advance their ip address
>>
>> On Mon, Jul 23, 2012 at 8:55 PM, Brett Nemeroff <brett at nemeroff.com>
>> wrote:
>> > Scot,
>> > the function "is_from_local" uses the From URI and as such, will not
>> > work if
>> > the originator mangles the from uri (as in the case of your example
>> > below).
>> >
>> > A more secure way to do this that may suit your needs is to use the
>> > permissions module and actually check the source IP of the request:
>> >
>> >
>> > http://www.opensips.org/html/docs/modules/1.8.x/permissions.html#id293503
>> >
>> > Look at the "check_source_address" and or "get_source_group". Either of
>> > these can compare the source IP of the originator to a known list. From
>> > there, you can perform script logic based on where the request came
>> > from.
>> >
>> > Hope that helps!
>> > -Brett
>> >
>> >
>> > On Mon, Jul 23, 2012 at 11:38 AM, Schneur Rosenberg
>> > <rosenberg11219 at gmail.com> wrote:
>> >>
>> >> I'm using opensips as a registrar server and as a loadbalancer, all
>> >> phones are registered to opensips and all incoming and outgoing calls
>> >> go to Asterisk boxes via load balancing, therefore I have 3 kinds of
>> >> calls going to opensips,
>> >> 1) outgoing calls coming from one of the phones Registered to opensips,
>> >> 2) incoming calls (we allow all incoming calls no matter from where
>> >> they come, I call them unauthenticated DID)
>> >> 3) Calls ringing to a phone registered to opensips, the Asterisk boxes
>> >> will send the calls to the phone either after getting a call from a
>> >> DID, or when a internal user wants to call another internal user
>> >>
>> >> The way I differentiate between the calls is I do a if
>> >> (!(method=="REGISTER") && is_from_local()) this will check credentials
>> >> and send call to asterisk to process outgoing call, then I do a else
>> >> if ((method=="INVITE")) which will check if the call is going to a
>> >> local phone by doing if (!lookup("location", "m")) if that fails that
>> >> it assumes its a incoming did call, and it will send it to asterisk
>> >> with a prefix so asterisk knows its a unauthenticated incoming call,
>> >> bellow I pasted a skeleton of the code I'm using.
>> >>
>> >> Everything worked fine, until I connected a PBX to my opensips, then
>> >> the from came in with the address of the PBX and the is_from_local()
>> >> test was not true, so it did not work, I had the same problem when
>> >> sending a call from a SPA3000 and blocking caller id, in that case it
>> >> also obscured the from address, as follows "From: Anonymous
>> >> <sip:anonymous at localhost>;tag=ea3ee097cd947aeeo0." , the only
>> >> reference of the user or domain was in the RPID field and calls did
>> >> not go through.
>> >>
>> >> Is there anyway to check if a source IP is registered to our system
>> >> and only then it should send a 407? this way if I have a BPX
>> >> registered it will then ask for credentials, all others it will assume
>> >> that either a call to the local phone or unauthenticated DID, I
>> >> understand that I wont be able to send calls to the system only if
>> >> registration was done before, but I have no problem with that, I
>> >> could do it with avp_db_query() on the subscriber table, but I want to
>> >> know if there is a better way.
>> >>
>> >> If there is there a better solution then the above solution please let
>> >> me
>> >> know
>> >>
>> >> if (!(method=="REGISTER") && is_from_local())
>> >> {
>> >> #check credentials
>> >> }
>> >> else if ((method=="INVITE")) #unathenticated did or call
>> >> going to phone registered to opensips
>> >> {
>> >>
>> >> if (!lookup("location", "m")) #calling local phone
>> >> {
>> >> #send to phone registered to opensips
>> >> }
>> >> else
>> >> {
>> >> #incoming did send call to asterisk to process
>> >> }
>> >> }
>> >> else
>> >> {
>> >> #outgoing calls route continues here
>> >> }
>> >> ...................................
>> >>
>> >> _______________________________________________
>> >> Users mailing list
>> >> Users at lists.opensips.org
>> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> >
>> >
>> >
>> > _______________________________________________
>> > Users mailing list
>> > Users at lists.opensips.org
>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> >
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list