1 nov 2012 kl. 15:13 skrev Joshua Colp <[email protected]>: > Tim Nelson wrote: >> >> Thanks Joshua- >> >> In this case, we're using SIP registration to peer the remote systems to the >> 'central system'. In option #1 above, the 'user' portion is always the CID >> we set for the outbound call, but the actual SIP user is something different >> like 'site12' for example. So, it would appear #1 is not a match... > > Registration just tells the remote system what your IP address/port is for > sending calls. > > You don't *have* to send CID like you are. You can override using fromuser to > ensure that the specific peer is *always* matched and authenticated. CID can > be conveyed in an alternate header, like Remote-Party-ID. The options > involved for RPID are "sendrpid=yes" on the caller box and "trustrpid=yes" on > the receiving box. > >> That leaves us with option #2. We're using 'qualify=yes' on both sides of >> the SIP peering. If a peer becomes unreachable (fast UDP state table timeout >> on a remote firewall for example) as seen by the central system, and an >> outbound call is made from the remote system, that would mean the call is >> coming from an unknown IP:port. Would this then make sense Asterisk would >> simply throw it into the from-sip-external context as an >> unknown/unauthenticated call? And of course, when the peer *is* registered, >> and a call is made, Asterisk on the central system allows the call as >> authenticated due to the source IP/port being known via the registration >> status? > > It's possible, without logs and such it's only a guess. Agree, all comments are pure speculations at this point.
Try removing the user object to simplify. If you have type=friend, change to type=peer and you will *only* get IP/port-based matching and can configure your system in a controlled way. There are just a few situations where you actually benefit from having type=friend and match object names with Caller ID numbers. /O -- * Olle E. Johansson - [email protected] * Kamailio & SIP Masterclass Miami FL December 2012 * http://edvina.net/training/ -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
