On Wed, Nov 24, 2010 at 4:24 PM, Hans Witvliet <[email protected]> wrote: > On Wed, 2010-11-24 at 15:47 -0600, Sherwood McGowan wrote: >> On Wed, Nov 24, 2010 at 3:08 PM, Hans Witvliet <[email protected]> wrote: >> > On Wed, 2010-11-24 at 08:29 -0500, Ryan Bullock wrote: >> >> On Asterisk 1.8 when a SIP peer resgisters or unregisters it generates >> >> a PeerStatus event. I don't know if this is in 1.4/1.6 as well, but >> >> should be easy enough to test. >> >> >> >> Here is an example of what I see on the manager interface during a >> >> register/unregister: >> >> >> >> Event: PeerStatus >> >> Privilege: system,all >> >> ChannelType: SIP >> >> Peer: SIP/twinkle >> >> PeerStatus: Registered >> >> Address: 192.168.56.1:5068 >> >> >> >> Event: PeerStatus >> >> Privilege: system,all >> >> ChannelType: SIP >> >> Peer: SIP/twinkle >> >> PeerStatus: Unregistered >> >> >> >> I think that should work for whatever you need to do. >> >> >> > >> > I'm doing a fresh install, so 1.8 is what i'm going to use. >> > >> > What i want to check, is whether to person who is doing a register, is >> > realy the person at the other end of a VPN-tunnel. >> > With openvpn i'm absolutely sure which person is at a certain >> > vpn-ip-addres. I must check if the registering is faked or not. >> > >> > As ong as linphone (or for that matter any other softphone) does not >> > have a possibility for using the libraries from opensc, there is no >> > other way... >> > >> > So next couple of weeks i'll start exploring AMI, >> > >> > Thanks! >> > > >> > >> >> Well, if that's all you need (restricting registrations for a SIP >> endpoint to a specific IP address), try one of the following >> methods... >> >> Method 1: >> In the endpoint definition, set the host to the vpn ip address, rather >> than setting it to dynamic. This disallows registrations. Then, use >> qualify=yes so Asterisk "knows" when the endpoint is available >> (responding to OPTIONS requests). >> >> Method 2: >> Use the permit,deny, and mask settings to define what ip address >> and/or network the endpoint should be at, thereby locking out use from >> another address. >> (http://www.voip-info.org/wiki/view/Asterisk+sip+permit-deny-mask) >> >> Either of those should resolve your needs > > > No, don't think so, (unless mistaken) > Everybody got a dynamic address from openvpn, something in 10.225.0.0/16 > You never know what you wil get, so it got to be dynamic. > > Anybody within that range is a valid user (otherwise he could not set up > the vpn-tunnel). But any rogue co-worker should not be able to register > as another co-worker, so method-2 won't do either. > > sip/tls might have been a solution, but private keys are locked on a > card, and can ony be reached with the pkcs11-libs from opensc. > > Hans > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
Ah, I see, sorry I misunderstood what you needed. Good luck -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
