[asterisk-users] asterisk registrations by SER proxy
I integrated Opensips with Asterisk Realtime (Asterisk sipusers/peers point to Opensips subscribe table via a view). Opensips handles the registrations. However, when a call comes in (INVITE is routed to Asterisk), it seems like Asterisk doesn't know about the user (or sees the users as not authorized), so can't create the SIP channel. (I use queues and conferencing also.) If I route the REGISTER to Asterisk after authorizing in Opensips, Asterisk does the authorization/registration again from scratch. In that case call goes through, but I end up duplicating the authorization process. I was hoping to take the load of handling registrations from Asterisk. I know this is a very common scenario, but I'm not very clear about the process. Is it possible to make Asterisk be aware of those registrations made by the proxy server? Thanks, Matt -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] asterisk registrations by SER proxy
Hi again, Asterisk could be aware of the registrations if the sipusers table is shared with asterisk sip realtime, but then again the issue would remain the same that asterisk want to authenticate the sip peer from scratch..maybe try some Realtime configurations in sip.conf to avoid authentications of clients having active register-expiry timer. Already answered you prev. in other list to define a sip section for your opensips Regards, Sammy. On Mon, Dec 5, 2011 at 7:41 PM, Matt Hamilton mistral9...@hotmail.comwrote: I integrated Opensips with Asterisk Realtime (Asterisk sipusers/peers point to Opensips subscribe table via a view). Opensips handles the registrations. However, when a call comes in (INVITE is routed to Asterisk), it seems like Asterisk doesn't know about the user (or sees the users as not authorized), so can't create the SIP channel. (I use queues and conferencing also.) If I route the REGISTER to Asterisk after authorizing in Opensips, Asterisk does the authorization/registration again from scratch. In that case call goes through, but I end up duplicating the authorization process. I was hoping to take the load of handling registrations from Asterisk. I know this is a very common scenario, but I'm not very clear about the process. Is it possible to make Asterisk be aware of those registrations made by the proxy server? Thanks, Matt -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How to program a 100ms delay between the ringing of queued calls w/ ringall
Hi, I dont think that 2 Queue commands would help, also wrapup time is for an putting delay in an agent who just answered the call and hungup. I think for this purpose you may need to open up the source code for queue and put some delay in the relevant code. Regards, Sammy. On Mon, Dec 5, 2011 at 6:56 PM, Scott Gifford sgiff...@suspectclass.comwrote: On Tue, Nov 22, 2011 at 5:34 PM, Douglas Mortensen d...@impalanetworks.com wrote: Hello, ** ** Does anyone have any idea of how I can program a 100ms delay in between the ringing of 2 subsequent calls in a queue configured with a ringall strategy? Does the wrapuptime queue option do what you want? http://www.voip-info.org/wiki/view/Asterisk+config+queues.conf -Scott. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How to program a 100ms delay between the ringing of queued calls w/ ringall
Maybe local channels will do the trick? They allow you to schedule delays between subsequent devices ringing. Not sure whether they work as queue members.. Marco. Op 5 dec. 2011 16:35 schreef Sammy Govind govoi...@gmail.com het volgende: Hi, I dont think that 2 Queue commands would help, also wrapup time is for an putting delay in an agent who just answered the call and hungup. I think for this purpose you may need to open up the source code for queue and put some delay in the relevant code. Regards, Sammy. On Mon, Dec 5, 2011 at 6:56 PM, Scott Gifford sgiff...@suspectclass.comwrote: On Tue, Nov 22, 2011 at 5:34 PM, Douglas Mortensen d...@impalanetworks.com wrote: Hello, ** ** Does anyone have any idea of how I can program a 100ms delay in between the ringing of 2 subsequent calls in a queue configured with a ringall strategy? Does the wrapuptime queue option do what you want? http://www.voip-info.org/wiki/view/Asterisk+config+queues.conf -Scott. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hint'ing with XMPP?
I have not ever done what you are talking about. However, I can tell you that our Openfire XMPP server has similar functionality because of their Asterisk-IM Plugin. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jay R. Worthington Sent: Saturday, December 03, 2011 8:11 AM To: asterisk-users@lists.digium.com Subject: [asterisk-users] Hint'ing with XMPP? Hiya, can i use an XMPP Client to see the presence of a hint? I have configured asterisk in component-mode, seem's to work, but all users (xmpp:1...@asterisk.dohmain.commailto:xmpp%3a...@asterisk.dohmain.com are online, even if 123 isn't a configured hint). Any good howto's out there, all the stuff on voip-info.orghttp://voip-info.org is completely outdated, i'm using asterisk 10... Regards Jay -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] A new hack?
On Fri, Dec 2, 2011 at 11:35 AM, Jim Lucas li...@cmsws.com wrote: On 11/26/2011 5:00 PM, C F wrote: On Sat, Nov 26, 2011 at 7:50 AM, Gordon Henderson gordon+aster...@drogon.net wrote: On Sat, 26 Nov 2011, Terry Brummell wrote: Install Configure Fail2Ban then the host will be blocked from connecting. And no, it's not new. I don't need Fail2Ban, thank you. But your advice might be useful to others. Why is that? Even if they don't compromise an account they are still using your bandwidth and resources on your machine. How is using Fail2Ban less resource intensive then me writing (by hand) iptable rules? Sorry I wasnt very clear in my first writing, I'll try to clarify. Using iptables only detects one type of attack (aggressive connections). While his machines might be secure enough to allow any other attacks and still not compromise his machine, iptables will still allow them thru and therefore the attack will be using his bandwidth/resources, with f2b one can add as many rules as/when they arrive. Also, since both methods involve the use of iptables, where exactly is the bandwidth savings? In detection. -- Jim Lucas -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] A new hack?
(This horse just won't stay dead...) My apologies if I mis-attribute who wrote what. On Fri, Dec 2, 2011 at 11:35 AM, Jim Lucas li...@cmsws.com wrote: How is using Fail2Ban less resource intensive then me writing (by hand) iptable rules? On Mon, 5 Dec 2011, C F wrote: Sorry I wasnt very clear in my first writing, I'll try to clarify. Using iptables only detects one type of attack (aggressive connections). While his machines might be secure enough to allow any other attacks and still not compromise his machine, iptables will still allow them thru and therefore the attack will be using his bandwidth/resources, with f2b one can add as many rules as/when they arrive. I think you are over-generalizing. You can write iptables rules to detect and respond to many types of attacks. Since F2B is just an automated front end to iptables you can have as many rules as you need with or without F2B. Also, since packets are 'stopped' at the same place (iptables) any bandwidth savings would only be to services that you are running that either aren't or can't* be nailed down. Also, since both methods involve the use of iptables, where exactly is the bandwidth savings? In detection. How about 'in responding to an attack your iptables rules don't already mitigate and you do have F2B rules defined for?' 'Detecting' an attack means close to nothing if you don't respond to it :) I'm not hating on F2B, it's just not a silver bullet nor is it appropriate for all environments. Your security needs depends on your environment. At this point in time, all of the hosts I manage for my clients exist in very limited environments and have very small attack surfaces. They are racked in secure data centers. They only accept SIP from clients with static IP addresses that we have an existing business relationship with. They only accept SSH connections from me. They only accept HTTP connections from me and my boss. That's about it. I don't see where F2B adds much value for me. *) Lots of admins think they can't limit access to servers because they have 'mobile' users. Your users probably don't need to access your servers from every single place on the Internet. If your users don't come from China, North Korea, Iran, etc, you can block entire regions with a few rules and eliminate 80% of probes and attacks from reaching your servers in the first place. Apologies in advance if you happen to live in some of these regions -- feel free to `s/China, North Korea, Iran/United States, Canada, England/g` -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] A new hack?
On Mon, Dec 5, 2011 at 9:51 PM, Steve Edwards asterisk@sedwards.com wrote: (This horse just won't stay dead...) My apologies if I mis-attribute who wrote what. On Fri, Dec 2, 2011 at 11:35 AM, Jim Lucas li...@cmsws.com wrote: How is using Fail2Ban less resource intensive then me writing (by hand) iptable rules? On Mon, 5 Dec 2011, C F wrote: Sorry I wasnt very clear in my first writing, I'll try to clarify. Using iptables only detects one type of attack (aggressive connections). While his machines might be secure enough to allow any other attacks and still not compromise his machine, iptables will still allow them thru and therefore the attack will be using his bandwidth/resources, with f2b one can add as many rules as/when they arrive. I think you are over-generalizing. You can write iptables rules to detect and respond to many types of attacks. Possible. But working off the logs makes lots more sense for creating more accurate to the point rules, and to mention on the fly. Since F2B is just an automated front end to iptables you can have as many rules as you need with or without F2B. Also, since packets are 'stopped' at the same place (iptables) any bandwidth savings would only be to services that you are running that either aren't or can't* be nailed down. You didn't get my point. If someone is trying to exploit some type of dialplan hack in slow motion. iptables will probably not detect it and your machine is secure enough that the exploit doesn't work, but the script kiddie behind the attack doesn't know that and keeps trying. Your wasting resources and bandwidth. With f2b you can have him added to iptables after the first try. Once all packets are dropped from that IP, while the attacker is still using resources/bandwidth while trying after a while they will stop as all packets are dropped. The reason they are trying is because it wasn't blocked but now that it is they will stop. Also, since both methods involve the use of iptables, where exactly is the bandwidth savings? In detection. How about 'in responding to an attack your iptables rules don't already mitigate and you do have F2B rules defined for?' 'Detecting' an attack means close to nothing if you don't respond to it :) I think you are just explaining my point. Correct me if I'm wrong. I'm not hating on F2B, it's just not a silver bullet nor is it appropriate for all environments. Agreed, like another poster said, its the easy way out since it's an easy front end. The only reason for this thread is because someone mentioned he doesn't *need* it. Your security needs depends on your environment. At this point in time, all of the hosts I manage for my clients exist in very limited environments and have very small attack surfaces. They are racked in secure data centers. Speaking of which, how secure? I have biometrics access to about a dozen such centers. Once inside the center how hard is it really to do what you want? They only accept SIP from clients with static IP addresses that we have an existing business relationship with. They only accept SSH connections from me. They only accept HTTP connections from me and my boss. That's about it. I don't see where F2B adds much value for me. Well others keep their servers shut. While I'm sarcastic, I'm also trying to say its way to overdone. A good IDS/IPS will do, there is really no reason to this. Except in environments that require it, in my opinion national infrastructure etc. *) Lots of admins think they can't limit access to servers because they have 'mobile' users. Your users probably don't need to access your servers from every single place on the Internet. If your users don't come from China, North Korea, Iran, etc, you can block entire regions with a few rules and eliminate 80% of probes and attacks from reaching your servers in the first place. Apologies in advance if you happen to live in some of these regions -- feel free to `s/China, North Korea, Iran/United States, Canada, England/g` -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE
Re: [asterisk-users] video calls not working
Hi all, So how to open JIRA ticket bcoz I don't have any idea of that On Mon, Dec 5, 2011 at 7:43 PM, Danny Nicholas da...@debsinc.com wrote: Not my idea - just what I came across on google - probably should open a JIRA issue so it gets really resolved instead of hit-and-miss patching. -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Paul Belanger Sent: Saturday, December 03, 2011 2:38 PM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] video calls not working On 11-11-21 10:07 AM, Danny Nicholas wrote: Two items #1 you only need 1 disallow=all in your sip.conf definition #2 you need to patch rtp.c to define 126 as FORMAT_H263 - this is an xlite response to Asterisk starting music-on-hold during the connect pause. The r on the dial command attempts to do a faux ring which xlite interprets as a MOH request, so if you don't want to patch/recompile, just take the r off of Dial. Why are you manually patching asterisk? Have you created an issue in JIRA about this? -- Paul Belanger Digium, Inc. | Software Developer twitter: pabelanger | IRC: pabelanger (Freenode) Check us out at: http://digium.com http://asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Thanks and regards Virendra Bhati +91-8885268942 Software Engineer -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users