Sure, you can have opensips stuff the original IP of the client into a custom header and then have asterisk check that header using a custom built dialplan..<div><br></div><div>There may be a more sophisticated way to do it. Especially if you don't consume credentials, but that seems kind of sloppy to me. </div>
<div><br></div><div>BTW, if you create a custom header, be sure to delete the header, before you add it.. Just in case someone is trying to spoof that internal header on invite..</div><div>-Brett</div><div><br><br><div class="gmail_quote">
On Tue, May 4, 2010 at 4:19 PM, info <span dir="ltr"><<a href="mailto:info@dcomms.net">info@dcomms.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi,<br>
<br>
I think this means you cannot use IP authentication on asterisk for several clients because asterisk sees Opensips as a single client.<br>
<br>
I have a similar problem. I have clients registering with Opensips. I have installed the load balancing module on Opensips<br>
and sending traffic on to asterisk. The asterisk is configured for IP authentication<br>
<br>
<br>
The problem is Asterisk sees the IP address off Opensips and not the end client<br>
<br>
**********<br>
Using INVITE request as basis request - 2b48506c1e10454d345aa7103921ded5@asterisk_ip_address<br>
No matching peer for '04480991222' from 'opensips_ip_address:5060'<br>
**********<br>
<br>
I guess what i am trying to say is that is there a way to authenticate with the real ip off the client<br>
<br>
<br>
Thanks<br>
<div><div></div><div class="h5"><br>
<br>
<br>
<br>
-----Original Message-----<br>
From: <a href="mailto:users-bounces@lists.opensips.org">users-bounces@lists.opensips.org</a> [mailto:<a href="mailto:users-bounces@lists.opensips.org">users-bounces@lists.opensips.org</a>] On Behalf Of David J.<br>
Sent: 04 May 2010 18:00<br>
To: OpenSIPS users mailling list<br>
Subject: Re: [OpenSIPS-Users] opensips and asterisk<br>
<br>
Sorry, The way I recommend doing this was assuming the user on the<br>
Asterisk box needed to be publicly reachable from anywhere.<br>
<br>
I think that approach makes sense when using DID's and inbound routing<br>
that does need authentication.<br>
<br>
<br>
<br>
On 5/4/10 12:55 PM, Olle E. Johansson wrote:<br>
> 4 maj 2010 kl. 18.30 skrev Brett Nemeroff:<br>
><br>
><br>
>> Carmelo,<br>
>> If you have an SIP peer that matches the host and port of the opensips server.. ie:<br>
>> [opensips]<br>
>> type=friend<br>
>> host=<ip of opensips.<br>
>> port=<port of opensips> (can be omitted if port 5060)<br>
>><br>
>> Then it'll match that.. typically if it's coming from opensips you'll want to add:<br>
>> insecure=invite<br>
>><br>
>> so that opensips won't be challenged to authenticate. Also be sure there is no secret set.<br>
>><br>
>> I personally wouldn't do this using the default context as the other posters had recommended as that will allow *anyone* to send traffic to your asterisk server. Which I don't believe is what you really want to do. Instead, create a peer that is limited by IP and PORT allowed to send invites without a secret.<br>
>><br>
>> Also be sure that the context for that peer is set to the right context and that if from the asterisk CLI you type:<br>
>> dialplan show<RURI username>@<opensips context><br>
>> that it matches something you'd expect.<br>
>><br>
>> On another note, are you performing a consume credentials? I think it *might* be possible that opensips is forwarding your UAC's credentials on to Asterisk if you are not..<br>
>><br>
>><br>
> If you want to ONLY match on IP/port, you need to use "type=peer".<br>
><br>
> regards,<br>
> /O<br>
><br>
><br>
>> -Brett<br>
>><br>
>><br>
>> On Tue, May 4, 2010 at 8:02 AM, wüber<<a href="mailto:leone81@gmail.com">leone81@gmail.com</a>> wrote:<br>
>><br>
>> Hi Bogdan,<br>
>><br>
>> connecting Opensips with Asterisk I can see that if a client registered on<br>
>> Opensips server tries to make a call to a client in Asterisk domain, after<br>
>> the INVITE, it receives a "forbidden" message from asterisk. I have set the<br>
>> forwarding functionality in Opensips (rewriteuri function) and I'm pretty<br>
>> sure it's something related to asterisk.<br>
>><br>
>> Perhaps this is not the right section, but anyway could you help me? Do you<br>
>> know what I should set in the sip.conf of Asterisk config file?<br>
>><br>
>> Thanks a lot,<br>
>> Carmelo<br>
>> --<br>
>> View this message in context: <a href="http://opensips-open-sip-server.1449251.n2.nabble.com/opensips-and-asterisk-tp4962200p5003181.html" target="_blank">http://opensips-open-sip-server.1449251.n2.nabble.com/opensips-and-asterisk-tp4962200p5003181.html</a><br>
>> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.<br>
>><br>
>> _______________________________________________<br>
>> Users mailing list<br>
>> <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
>> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
>><br>
>> _______________________________________________<br>
>> Users mailing list<br>
>> <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
>> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
>><br>
> ---<br>
> * Olle E Johansson - <a href="mailto:oej@edvina.net">oej@edvina.net</a><br>
> * Cell phone +46 70 593 68 51, Office +46 8 96 40 20, Sweden<br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
><br>
><br>
<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</div></div></blockquote></div><br></div>