Race, I think this only came to me. Great info none the less and a correction to my misunderstanding of SIP. I was under the impression that my registrations actually protected my machines. Fortunately my * is behind a nice Cisco PIX but none the less it opened my eyes.
Thanks, Wiley -----Original Message----- From: Race Vanderdecken [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 08, 2005 11:35 AM To: Wiley Siler Subject: RE: [Asterisk-Users] force SIP authentication Florian, The code basically allows any device that shows up to try and do a SIP REGISTER. Using a username and password setup in sip.conf only sets the instructions for a phone try to REGISTER under a particular account. autocreatepeer=no will stop them from REGISTERING with your server so calls can not be place through your SIP server to elsewhere, unless they have an account and the can provided the secret= or md5secret= passwords. The secret= and md5secret= passwords are stored in the phone/device/soft-phone that is making the registration attempt. http://www.voip-info.org/wiki-Asterisk+sip+autocreatepeer Authorization is part of Registration. Registration is not part of Authorization. (I am slowly working on the release of code that will require Authorization and Authentication of the incoming caller via radius to only authenticated phones will be allowed to call in to the server.) Pretty much anyone can call to your Asterisk server. Asterisk will answer and look for an extension that matches the number or pattern they are calling. If you want to block users from calling in to your asterisk extensions then you have to setup extension.conf rules to send them to the trash if the caller is unknown. I am not an extension.conf macro expert so I can't give you much help on that end. I have done extensive SIP programming in asterisk and know it can be done by using RADIUS or other caller lookup methods to check a database of number that are allowed to call in. You might create a new list question that asks how to block incoming calls, or how to black list callers it that is what you are looking for. Race "The Tyrant" Vanderdecken -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wiley Siler Sent: Tuesday, March 08, 2005 1:02 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] force SIP authentication ??? The only way a SIP client can connect to Asterisk is if there is an entry defined in sip.conf. That unto itself requires passing the extension name and the secret which is essentually username/password as you are requesting. Google sip.conf at the Wiki. W -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Florian Effenberger Sent: Tuesday, March 08, 2005 10:46 AM To: [email protected] Subject: [Asterisk-Users] force SIP authentication Hello, is it possible with Asterisk to force SIP authentication? Right now, it seesm that just any SIP client can at least connect to my PBX, which I don't want. I want users to authenticate with username and password and otherwise deny them access. Thanks Florian _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
