Hello, Can you elaborate on your issue. who is handling registration and how is the call flow?
Regards Cibin On 19-Jul-2014, at 4:34 pm, Teijo <g.aloi...@gmail.com> wrote: > Hello, > > Well, this is still problem for me. > > Best, > > Teijo > > 17.7.2014 11:22, g.aloi...@gmail.com kirjoitti: >> Hello, >> >> I have: >> >> allowguest=no >> contactpermit=kamailio.ip.addr.ess >> >> I also have tried the approach that I have peer kamailio, but then all >> calls seems to go to to the context defined for kamailio peer. I do not >> know how I could in that case handle individual calls - for example >> determine if given phone can call to given number or not. >> >> Best, >> >> Teijo >> >> 17.7.2014 10:48, Cibin Paul kirjoitti: >>> Hello, >>> >>> Try allow* allowguest=no *in sip.conf [general] context and create a >>> peer for kamailio in sip.comf >>> >>> >>> Regards >>> Cibin >>> >>> >>> >>> 17.7.2014 10:22, g.aloi...@gmail.com kirjoitti: > >>> >>>> Hello, >>>> >>>> There is a message "Possible Security issue with Kamailio - Asterisk >>>> Realtime integration" in Asterisk users mailing list: >>>> >>>> http://lists.digium.com/pipermail/asterisk-users/2013-February/277633.html >>>> >>>> I think the problem I have is somewhat similar. >>>> >>>> Should I suppose that there is a security risk in Kamailio - Asterisk >>>> realtime integration, and if this is a case what I can do to eliminate >>>> this risk? >>>> >>>> Best, >>>> >>>> Teijo >>>> >>>> 16.7.2014 9:44, g.aloi...@gmail.com kirjoitti: >>>>> Hello, >>>>> >>>>> Has anybody any solution or suggestion? >>>>> >>>>> If I for example launch MicroSIP (no doubt it could be some other SIP >>>>> client), and simply call: >>>>> >>>>> sip:some_extens...@my.public.ip.address >>>>> >>>>> call is established, if there is online user/users. Naturally this >>>>> incoming call should be handled by Asterisk in context where I have >>>>> defined unauthorized calls are handled, but in stead, the call goes >>>>> online user's context. >>>>> >>>>> To get this situation I don't need to define any account information in >>>>> MicroSIP. >>>>> >>>>> I have not set passwords for users in Asterisk to avoid double >>>>> authorization. May this cause the behavior? I have not set default user >>>>> or from user in my peer definitions. I am not registering Kamailio to >>>>> Asterisk - I mean I have no peer definition for Kamailio in sip.conf. >>>>> >>>>> I do not know what direction to go to. I would be happy, if I should not >>>>> go to the trial and error path so any help is welcome. >>>>> >>>>> Thanks in advance, >>>>> >>>>> Teijo >>>>> >>>>> >>>>> 14.7.2014 9:06, g.aloi...@gmail.com kirjoitti: >>>>>> Hello, >>>>>> >>>>>> If one places call, and tell that "my from domain is your Kamailio's >>>>>> IP", call is established, because Asterisk accepts requests from >>>>>> Kamailio. One problem is that it's unpredictable in this case what is >>>>>> the context where thiskind of call is handled by Asterisk. >>>>>> >>>>>> This situation requires that I change something in my setup. If I decide >>>>>> accept calls only from my users, I suppose that it can be quite easily >>>>>> done by modifying if statement referred below or at least by applying >>>>>> instructions found here: >>>>>> >>>>>> http://www.kamailio.org/dokuwiki/doku.php/examples:restrict-calls-to-registered-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> However, I'm somewhat unsure what should I do, if I decide to accept >>>>>> calls from any caller - not only from my users. >>>>>> >>>>>> Best, >>>>>> >>>>>> Teijo >>>>>> >>>>>> 12.7.2014 19:36, Muhammad Shahzad kirjoitti: >>>>>>> Well, this >>>>>>> >>>>>>> *if (from_uri!=myself && uri!=myself)* >>>>>>> >>>>>>> Means neither source nor destination is our user. Which implies that >>>>>>> if our >>>>>>> domain is A, then call from domain "B to C" is not possible. However, >>>>>>> calls >>>>>>> from "B or C to A" and "A to B or C" are possible. That is way an >>>>>>> unauthorized user gets passed and reaches asterisk. Asterisk accepts it >>>>>>> since call is coming from kamailio and tries to route it back to >>>>>>> kamailio, >>>>>>> where kamailio finds user online and thus it goes through. >>>>>>> >>>>>>> You should really break down this, >>>>>>> >>>>>>> *if (from_uri!=myself && uri!=myself)* >>>>>>> >>>>>>> into something like this for clarity, >>>>>>> >>>>>>> >>>>>>> *if (from_uri!=myself) { * >>>>>>> * if (uri!=myself) {* >>>>>>> * # neither source nor destination is our user* >>>>>>> * } else {* >>>>>>> * # source is not our user but destination is our user* >>>>>>> * };* >>>>>>> *} else {* >>>>>>> * if (uri!=myself) {* >>>>>>> * # source is our user but destination is not our user* >>>>>>> * } else {* >>>>>>> * # both source and destination are our users* >>>>>>> * };* >>>>>>> *};* >>>>>>> >>>>>>> Hope this helps. >>>>>>> >>>>>>> Thank you. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Fri, Jul 11, 2014 at 5:36 PM, <g.aloi...@gmail.com> wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> I'm using Kamailio version 4.1.4+precise (amd64). >>>>>>>> >>>>>>>> I have followed "Kamailio 4.0.x and Asterisk 11.3.0 Realtime >>>>>>>> Integration >>>>>>>> using Asterisk Database" (http://kb.asipto.com/ >>>>>>>> asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb). One main >>>>>>>> difference in my setup compared to that one is that I continued use of >>>>>>>> Kamailio's database. >>>>>>>> >>>>>>>> The problem is as follows: >>>>>>>> >>>>>>>> I decided to put Kamailio and through it Asterisk reachable from >>>>>>>> internet. >>>>>>>> I have tried to configure Asterisk so that only calls of registered >>>>>>>> users >>>>>>>> would be possible, and they could only call to other registered >>>>>>>> users or >>>>>>>> conference rooms and echo test number. >>>>>>>> >>>>>>>> Then I took the following steps: >>>>>>>> >>>>>>>> I ensured that there was no online users with kamctl online. Then I >>>>>>>> launched MicroSIP (www.microsip.org), but I did not defined account, I >>>>>>>> simply set the protocol to tls and media encryption to mandatory, >>>>>>>> because >>>>>>>> I'm using these. >>>>>>>> >>>>>>>> I called to extension with x...@my.public.ip.address (where xxx is >>>>>>>> extension) getting "unauthorized". And that was what I wanted. >>>>>>>> >>>>>>>> But if there is online users, calls go through, and incoming call is >>>>>>>> coming from Asterisk (in syslog I can find out that >>>>>>>> src_user=asterisk). >>>>>>>> >>>>>>>> Kamailio and Asterisk are listening the same IP address, but different >>>>>>>> port. I have refused connections to the Asterisk's port with iptables. >>>>>>>> >>>>>>>> I have defined my public IP address as domain in sip.conf. There is >>>>>>>> also >>>>>>>> other domain defined which corresponds to users' domain I am using in >>>>>>>> Kamailio's database. >>>>>>>> >>>>>>>> In kamailio.cfg there is if statement which prevents Kamailio not >>>>>>>> to be >>>>>>>> open relay: >>>>>>>> >>>>>>>> if (from_uri!=myself && uri!=myself) >>>>>>>> ... >>>>>>>> >>>>>>>> If I change this for example: >>>>>>>> >>>>>>>> if (from_uri!=myself || uri!=myself) >>>>>>>> >>>>>>>> I get what I want this time: no calls from outside, but I somewhat >>>>>>>> think >>>>>>>> that this is not a final solution. >>>>>>>> >>>>>>>> I have not found from log files such information which would have >>>>>>>> helped >>>>>>>> me. I have not yet investigated this problem so much that I could >>>>>>>> tell the >>>>>>>> logic behind the selection of online user's identity which is used. >>>>>>>> However, if I make a call to conference room I notice that Asterisk is >>>>>>>> thinking that one of online users has joined the conference. >>>>>>>> >>>>>>>> If I can recall correctly, I started with Kamailio version 3.2, and >>>>>>>> integrated it with Asterisk 11 (currently 11.10.2). Is there something >>>>>>>> which has changed in Kamailio, but what I have not changed in my setup >>>>>>>> which could explain this. >>>>>>>> >>>>>>>> Best, >>>>>>>> >>>>>>>> Teijo >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing >>>>>>>> list >>>>>>>> sr-users@lists.sip-router.org >>>>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Tämä viestin rungon osa siirretään pyydettäessä. >> > > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
