[OpenSIPS-Users] PBX sending calls to Opensips
SamyGo
govoiper at gmail.com
Tue Jul 31 12:31:23 CEST 2012
Schneur, can't you use dyndns sort of service between your client and
opensips ! you may need a custom corontab script running in 30 sec to
update the opensips permission table based on dyndns replies !
On Tue, Jul 31, 2012 at 12:12 PM, Schneur Rosenberg <
rosenberg11219 at gmail.com> wrote:
> Ali, problem is that some most customers have dynamic ip's
> On Jul 31, 2012 5:06 AM, "Ali Pey" <alipey at gmail.com> wrote:
>
>> Schneur,
>>
>> Not disagreeing with the way you are doing it, but you can use the
>> permissions module for the pbxs only. This way you can add the ips in the
>> address table and keep track of who is allowed and block any other
>> requests. There won't be any script change or reload required. A new pbx
>> would require a new ip address in the table and a reload command.
>>
>> Regards,
>> Ali Pey
>>
>> On Mon, Jul 30, 2012 at 7:39 PM, Schneur Rosenberg <
>> rosenberg11219 at gmail.com> wrote:
>>
>>> Ali I can't compare PBX addresses, we are a voip company and I can't
>>> manually edit my script for every PBX our customer installs, I ended
>>> up doing the avp_db_query() and then rewriting the from header with
>>> uac_replace_from("","sip:$au@$si") which will retrieve the username
>>> from the Proxy-Authorization: field, I had to use uac_replace_from
>>> because $fu is read only.
>>>
>>> On Wed, Jul 25, 2012 at 11:58 PM, Ali Pey <alipey at gmail.com> wrote:
>>> > This would work too. Here though you do a db query for each call and
>>> can
>>> > slow down the performance if that's important to you. Examining
>>> usernames'
>>> > patterns can be faster.
>>> >
>>> > You can also use the registered function instead of a db query:
>>> >
>>> > if (registered("location","$fu")) {
>>> > xlog("caller is registered\n");
>>> > }
>>> >
>>> >
>>> http://www.opensips.org/html/docs/modules/1.8.x/registrar.html#id293162
>>> >
>>> > Regards,
>>> > Ali Pey
>>> >
>>> >
>>> > On Wed, Jul 25, 2012 at 4:23 PM, Schneur Rosenberg
>>> > <rosenberg11219 at gmail.com> wrote:
>>> >>
>>> >> I already did something similar look at snippet bellow so any call
>>> >> coming from a IP thats registered to our server will always do
>>> >> proxy_authorize(), other calls will assume that its a unauthenticated
>>> >> DID call or a call going to a local call
>>> >>
>>> >> if (!(method=="REGISTER"))
>>> >> {
>>> >> avp_db_query("select username from location where
>>> >> contact regexp '$si' or received like
>>> >> 'sip:$si%'","$avp(is_registered)");
>>> >> }
>>> >> if (!(method=="REGISTER") && avp_check("$avp(is_registered)",
>>> >> "gt/1/g"))
>>> >> {
>>> >> if(!is_from_gw())
>>> >> {
>>> >> if (!proxy_authorize("sosglobal",
>>> "subscriber"))
>>> >> {
>>> >> append_hf("P-hint: Proxy auth
>>> >> failed\r\n");
>>> >> proxy_challenge("sosglobal", "0");
>>> >> exit;
>>> >> }
>>> >>
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> On Wed, Jul 25, 2012 at 8:48 PM, Ali Pey <alipey at gmail.com> wrote:
>>> >> > Schneur,
>>> >> >
>>> >> > You can examine the src_ip first to see if the call if from your
>>> pbx or
>>> >> > not.
>>> >> > Then you can also examine to request-uri to distinguish the call
>>> between
>>> >> > a
>>> >> > pstn call or a sip client - assuming your sip clients have a
>>> different
>>> >> > sip
>>> >> > address/pattern than pstn numbers. Things like this:
>>> >> >
>>> >> > if ( src_ip == pbx1_ip || src_ip == pbx2_ip ){
>>> >> > # From PBXs
>>> >> > }
>>> >> >
>>> >> > if ($rU=~"^\+?[0-9]{3,18}") {
>>> >> > # request-uri is for a PSTN number, send the message to whatever
>>> >> > route(1)
>>> >> > }
>>> >> >
>>> >> > Basically you need to find a difference between the call attributes
>>> and
>>> >> > examine that, it can be the src_ip, ruri pattern, etc.
>>> >> >
>>> >> > Regards,
>>> >> > Ali Pey
>>> >> >
>>> >> > On Wed, Jul 25, 2012 at 9:41 AM, Schneur Rosenberg
>>> >> > <rosenberg11219 at gmail.com> wrote:
>>> >> >>
>>> >> >> check_source_address won't work for me, my clients are behind
>>> Dynamic
>>> >> >> ip's, there is no way for me to know in advance their ip address
>>> >> >>
>>> >> >> On Mon, Jul 23, 2012 at 8:55 PM, Brett Nemeroff <
>>> brett at nemeroff.com>
>>> >> >> wrote:
>>> >> >> > Scot,
>>> >> >> > the function "is_from_local" uses the From URI and as such, will
>>> not
>>> >> >> > work if
>>> >> >> > the originator mangles the from uri (as in the case of your
>>> example
>>> >> >> > below).
>>> >> >> >
>>> >> >> > A more secure way to do this that may suit your needs is to use
>>> the
>>> >> >> > permissions module and actually check the source IP of the
>>> request:
>>> >> >> >
>>> >> >> >
>>> >> >> >
>>> >> >> >
>>> http://www.opensips.org/html/docs/modules/1.8.x/permissions.html#id293503
>>> >> >> >
>>> >> >> > Look at the "check_source_address" and or "get_source_group".
>>> Either
>>> >> >> > of
>>> >> >> > these can compare the source IP of the originator to a known
>>> list.
>>> >> >> > From
>>> >> >> > there, you can perform script logic based on where the request
>>> came
>>> >> >> > from.
>>> >> >> >
>>> >> >> > Hope that helps!
>>> >> >> > -Brett
>>> >> >> >
>>> >> >> >
>>> >> >> > On Mon, Jul 23, 2012 at 11:38 AM, Schneur Rosenberg
>>> >> >> > <rosenberg11219 at gmail.com> wrote:
>>> >> >> >>
>>> >> >> >> I'm using opensips as a registrar server and as a loadbalancer,
>>> all
>>> >> >> >> phones are registered to opensips and all incoming and outgoing
>>> >> >> >> calls
>>> >> >> >> go to Asterisk boxes via load balancing, therefore I have 3
>>> kinds of
>>> >> >> >> calls going to opensips,
>>> >> >> >> 1) outgoing calls coming from one of the phones Registered to
>>> >> >> >> opensips,
>>> >> >> >> 2) incoming calls (we allow all incoming calls no matter from
>>> where
>>> >> >> >> they come, I call them unauthenticated DID)
>>> >> >> >> 3) Calls ringing to a phone registered to opensips, the Asterisk
>>> >> >> >> boxes
>>> >> >> >> will send the calls to the phone either after getting a call
>>> from a
>>> >> >> >> DID, or when a internal user wants to call another internal user
>>> >> >> >>
>>> >> >> >> The way I differentiate between the calls is I do a if
>>> >> >> >> (!(method=="REGISTER") && is_from_local()) this will check
>>> >> >> >> credentials
>>> >> >> >> and send call to asterisk to process outgoing call, then I do a
>>> >> >> >> else
>>> >> >> >> if ((method=="INVITE")) which will check if the call is going
>>> to a
>>> >> >> >> local phone by doing if (!lookup("location", "m")) if that
>>> fails
>>> >> >> >> that
>>> >> >> >> it assumes its a incoming did call, and it will send it to
>>> asterisk
>>> >> >> >> with a prefix so asterisk knows its a unauthenticated incoming
>>> call,
>>> >> >> >> bellow I pasted a skeleton of the code I'm using.
>>> >> >> >>
>>> >> >> >> Everything worked fine, until I connected a PBX to my opensips,
>>> then
>>> >> >> >> the from came in with the address of the PBX and the
>>> >> >> >> is_from_local()
>>> >> >> >> test was not true, so it did not work, I had the same problem
>>> when
>>> >> >> >> sending a call from a SPA3000 and blocking caller id, in that
>>> case
>>> >> >> >> it
>>> >> >> >> also obscured the from address, as follows "From: Anonymous
>>> >> >> >> <sip:anonymous at localhost>;tag=ea3ee097cd947aeeo0." , the only
>>> >> >> >> reference of the user or domain was in the RPID field and
>>> calls did
>>> >> >> >> not go through.
>>> >> >> >>
>>> >> >> >> Is there anyway to check if a source IP is registered to our
>>> system
>>> >> >> >> and only then it should send a 407? this way if I have a BPX
>>> >> >> >> registered it will then ask for credentials, all others it will
>>> >> >> >> assume
>>> >> >> >> that either a call to the local phone or unauthenticated DID, I
>>> >> >> >> understand that I wont be able to send calls to the system only
>>> if
>>> >> >> >> registration was done before, but I have no problem with that,
>>> I
>>> >> >> >> could do it with avp_db_query() on the subscriber table, but I
>>> want
>>> >> >> >> to
>>> >> >> >> know if there is a better way.
>>> >> >> >>
>>> >> >> >> If there is there a better solution then the above solution
>>> please
>>> >> >> >> let
>>> >> >> >> me
>>> >> >> >> know
>>> >> >> >>
>>> >> >> >> if (!(method=="REGISTER") && is_from_local())
>>> >> >> >> {
>>> >> >> >> #check credentials
>>> >> >> >> }
>>> >> >> >> else if ((method=="INVITE")) #unathenticated did or
>>> call
>>> >> >> >> going to phone registered to opensips
>>> >> >> >> {
>>> >> >> >>
>>> >> >> >> if (!lookup("location", "m")) #calling local
>>> phone
>>> >> >> >> {
>>> >> >> >> #send to phone registered to opensips
>>> >> >> >> }
>>> >> >> >> else
>>> >> >> >> {
>>> >> >> >> #incoming did send call to asterisk to
>>> >> >> >> process
>>> >> >> >> }
>>> >> >> >> }
>>> >> >> >> else
>>> >> >> >> {
>>> >> >> >> #outgoing calls route continues here
>>> >> >> >> }
>>> >> >> >> ...................................
>>> >> >> >>
>>> >> >> >> _______________________________________________
>>> >> >> >> Users mailing list
>>> >> >> >> Users at lists.opensips.org
>>> >> >> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>> >> >> >
>>> >> >> >
>>> >> >> >
>>> >> >> > _______________________________________________
>>> >> >> > Users mailing list
>>> >> >> > Users at lists.opensips.org
>>> >> >> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>> >> >> >
>>> >> >>
>>> >> >> _______________________________________________
>>> >> >> Users mailing list
>>> >> >> Users at lists.opensips.org
>>> >> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>> >> >
>>> >> >
>>> >> >
>>> >> > _______________________________________________
>>> >> > Users mailing list
>>> >> > Users at lists.opensips.org
>>> >> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>> >> >
>>> >>
>>> >> _______________________________________________
>>> >> Users mailing list
>>> >> Users at lists.opensips.org
>>> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>> >
>>> >
>>> >
>>> > _______________________________________________
>>> > Users mailing list
>>> > Users at lists.opensips.org
>>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>> >
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20120731/b050e02d/attachment-0001.htm>
More information about the Users
mailing list