Re: [asterisk-users] Proper way to make Asterisk recognize SIP trunk of incoming INVITE when IP is not available
El 27/04/14 07:47, Barry Flanagan escribió:
On 26 April 2014 00:29, Alex Villacís Lasso a_villa...@palosanto.com
mailto:a_villa...@palosanto.com wrote:
I am currently preparing a kamailio-asterisk combination. The asterisk
installation uses realtime for SIP. The kamailio configuration was based on the
reference at
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb but
has
been heavily modified. Currently asterisk runs on localhost and only
listens on SIP/RTP at 127.0.0.1 . Therefore, all of the SIP traffic appears to
come from localhost, from the point of view of asterisk.
Currently I have a model on which internal SIP phones get identified by the
authentication username, and then the contact names at From: and To: get
massaged to incorporate the SIP domain, in order to emulate multiple-domain
support. The 'sip' table
in Asterisk defines all such contacts as SIP accounts of the form name_domain.com
http://name_domain.com, and the SIP phones are configured to use 'name' as
authentication username for domain 'domain.com http://domain.com'. However, SIP
providers
that register on the server with authentication names are left with their
original names, since in the model, SIP trunks are available to all domains.
Now I have to add support for SIP providers which are to be authorized on
the basis of IP only. Apparently, the kamailio module permissions.so
(WITH_IPAUTH) is made for just this purpose, so I enabled it. After
authentication, I need to route the
INVITE to asterisk, and asterisk must somehow match the account for the SIP
trunk from the available information on the INVITE request.
What I have done in a similar situation is to use force_send_socket in Kamailio when sending INVITEs from your trusted host (your trunks) so that it is coming in to Asterisk from a different port (say 5070), and then in your Asterisk sip.conf settings
create a new peer for this like so:
[peer-incoming]
context=peercontext
type=peer
host=127.0.0.1
port=5070
Now, when Asterisk receives an INVITE from 127.0.0.1:5070 http://127.0.0.1:5070 it
will match this peer, whereas the rest, coming from 127.0.0.1:5060
http://127.0.0.1:5060, will match your other subscribers.
Here is a bit of the Kamailio config:
if (is_method(INVITE))
{
# If call is coming from a trusted source (Trunk/PSTN) then we send it
to Asterisk from port 5070
# so that Asterisk knows this is not coming from a subscriber. The peer
in Asterisk needs to be set with port=5070
# as well as the host=ip address
if (allow_trusted())
{
xlog(L_INFO,Inbound to Asterisk from Trusted Source IP $si, Caller:
$fU, Callee: $rU with Call-ID $hdr(Call-ID));
force_send_socket(127.0.0.1:5070 http://127.0.0.1:5070);
} else {
# This is a call from a registered subscriber.
xlog(L_INFO,Inbound to Asterisk from $fU to $rU with Call-ID
$hdr(Call-ID));
}
}
route(RELAY);
exit;
}
NOTE: Kamailio must be set to listen on 127.0.0.1:5070 http://127.0.0.1:5070 as well as your usual ports for this to work! Also, your SIP Trunk trusted peers need to be in the Kamailio trusted table, or explicitly test for the src_ip rather than use
allow_trusted().
I would rather have a solution that does not involve allocating a new UDP port
every time a new IP-trusted SIP trunk is configured.
I tried appending a P-Asserted Identity header to the incoming INVITE before
routing it to asterisk, like this:
#!ifdef WITH_IPAUTH
if((!is_method(REGISTER)) allow_source_address() $au == )
{
# Attempt to create a P-Asserted-Identity if none exists, to preserve
# incoming Caller-ID
if (!is_present_hf(P-Asserted-Identity))
{
append_hf(P-Asserted-Identity: sip:$fU@$fd\r\n);
}
# Loading $fU from database using IP
sql_pvquery(elxpbx, SELECT name FROM sip WHERE host = '$si' AND sippasswd IS
NULL, $fU);
# source IP allowed
return;
}
#!endif
With tcpdump, I can see that the header is indeed appended to the SIP headers of the INVITE, but there is no effect in Asterisk. From examination of the Asterisk 11.8.1 source code, I see that channels/chan_sip.c contains a get_pai() function that is
supposed to process P-Asserted-Identity and extract a caller ID. I am still studying the code, but I would appreciate help on this issue, to see why my attempt is not working.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Proper way to make Asterisk recognize SIP trunk of incoming INVITE when IP is not available
El 02/05/14 10:49, Alex Villacís Lasso escribió:
El 27/04/14 07:47, Barry Flanagan escribió:
On 26 April 2014 00:29, Alex Villacís Lasso a_villa...@palosanto.com
mailto:a_villa...@palosanto.com wrote:
I am currently preparing a kamailio-asterisk combination. The asterisk
installation uses realtime for SIP. The kamailio configuration was based on the
reference at
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb but
has
been heavily modified. Currently asterisk runs on localhost and only
listens on SIP/RTP at 127.0.0.1 . Therefore, all of the SIP traffic appears to
come from localhost, from the point of view of asterisk.
Currently I have a model on which internal SIP phones get identified by the
authentication username, and then the contact names at From: and To: get
massaged to incorporate the SIP domain, in order to emulate multiple-domain
support. The 'sip' table
in Asterisk defines all such contacts as SIP accounts of the form name_domain.com
http://name_domain.com, and the SIP phones are configured to use 'name' as
authentication username for domain 'domain.com http://domain.com'. However, SIP
providers that register on the server with authentication names are left
with their original names, since in the model, SIP trunks are available to all
domains.
Now I have to add support for SIP providers which are to be authorized on
the basis of IP only. Apparently, the kamailio module permissions.so
(WITH_IPAUTH) is made for just this purpose, so I enabled it. After
authentication, I need to route the
INVITE to asterisk, and asterisk must somehow match the account for the SIP
trunk from the available information on the INVITE request.
What I have done in a similar situation is to use force_send_socket in Kamailio when sending INVITEs from your trusted host (your trunks) so that it is coming in to Asterisk from a different port (say 5070), and then in your Asterisk sip.conf settings
create a new peer for this like so:
[peer-incoming]
context=peercontext
type=peer
host=127.0.0.1
port=5070
Now, when Asterisk receives an INVITE from 127.0.0.1:5070 http://127.0.0.1:5070 it
will match this peer, whereas the rest, coming from 127.0.0.1:5060
http://127.0.0.1:5060, will match your other subscribers.
Here is a bit of the Kamailio config:
if (is_method(INVITE))
{
# If call is coming from a trusted source (Trunk/PSTN) then we send it
to Asterisk from port 5070
# so that Asterisk knows this is not coming from a subscriber. The peer
in Asterisk needs to be set with port=5070
# as well as the host=ip address
if (allow_trusted())
{
xlog(L_INFO,Inbound to Asterisk from Trusted Source IP $si, Caller:
$fU, Callee: $rU with Call-ID $hdr(Call-ID));
force_send_socket(127.0.0.1:5070 http://127.0.0.1:5070);
} else {
# This is a call from a registered subscriber.
xlog(L_INFO,Inbound to Asterisk from $fU to $rU with Call-ID
$hdr(Call-ID));
}
}
route(RELAY);
exit;
}
NOTE: Kamailio must be set to listen on 127.0.0.1:5070 http://127.0.0.1:5070 as well as your usual ports for this to work! Also, your SIP Trunk trusted peers need to be in the Kamailio trusted table, or explicitly test for the src_ip rather than use
allow_trusted().
I would rather have a solution that does not involve allocating a new UDP port
every time a new IP-trusted SIP trunk is configured.
I tried appending a P-Asserted Identity header to the incoming INVITE before
routing it to asterisk, like this:
#!ifdef WITH_IPAUTH
if((!is_method(REGISTER)) allow_source_address() $au == )
{
# Attempt to create a P-Asserted-Identity if none exists, to preserve
# incoming Caller-ID
if (!is_present_hf(P-Asserted-Identity))
{
append_hf(P-Asserted-Identity: sip:$fU@$fd\r\n);
}
# Loading $fU from database using IP
sql_pvquery(elxpbx, SELECT name FROM sip WHERE host = '$si' AND sippasswd IS
NULL, $fU);
# source IP allowed
return;
}
#!endif
With tcpdump, I can see that the header is indeed appended to the SIP headers of the INVITE, but there is no effect in Asterisk. From examination of the Asterisk 11.8.1 source code, I see that channels/chan_sip.c contains a get_pai() function that is
supposed to process P-Asserted-Identity and extract a caller ID. I am still studying the code, but I would appreciate help on this issue, to see why my attempt is not working.
By placing debugging statements, I think get_pai() is not being called when receiving an incoming INVITE, corresponding to an incoming call from the IP-authenticated trunk being handled by an IVR, but not yet routed to an internal extension. Why is this
so? Is this by design?
--
_
-- Bandwidth and Colocation Provided by
Re: [asterisk-users] Proper way to make Asterisk recognize SIP trunk of incoming INVITE when IP is not available
On 26 April 2014 23:32, James Cloos cl...@jhcloos.com wrote: And related thereto: What needs to be done on kama and ast to ensure that all incoming calls which route through a given kama box always matches a sip.conf [section] based on the socket(7)'s remote address, w/o any consideration of the INVITE's sip headers or body? I tried a several variations, but nothing quite worked. Something like: [peer_inbound] context=peercontext type=peer host=192.168.1.1 ...should do the job. Hope this helps. -Barry Flanagan -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Proper way to make Asterisk recognize SIP trunk of incoming INVITE when IP is not available
On 26 April 2014 00:29, Alex Villacís Lasso a_villa...@palosanto.comwrote:
I am currently preparing a kamailio-asterisk combination. The asterisk
installation uses realtime for SIP. The kamailio configuration was based on
the reference at
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdbbut
has been heavily modified. Currently asterisk runs on localhost and
only listens on SIP/RTP at 127.0.0.1 . Therefore, all of the SIP traffic
appears to come from localhost, from the point of view of asterisk.
Currently I have a model on which internal SIP phones get identified by
the authentication username, and then the contact names at From: and To:
get massaged to incorporate the SIP domain, in order to emulate
multiple-domain support. The 'sip' table in Asterisk defines all such
contacts as SIP accounts of the form name_domain.com, and the SIP phones
are configured to use 'name' as authentication username for domain '
domain.com'. However, SIP providers that register on the server with
authentication names are left with their original names, since in the
model, SIP trunks are available to all domains.
Now I have to add support for SIP providers which are to be authorized on
the basis of IP only. Apparently, the kamailio module permissions.so
(WITH_IPAUTH) is made for just this purpose, so I enabled it. After
authentication, I need to route the INVITE to asterisk, and asterisk must
somehow match the account for the SIP trunk from the available information
on the INVITE request.
What I have done in a similar situation is to use force_send_socket in
Kamailio when sending INVITEs from your trusted host (your trunks) so that
it is coming in to Asterisk from a different port (say 5070), and then in
your Asterisk sip.conf settings create a new peer for this like so:
[peer-incoming]
context=peercontext
type=peer
host=127.0.0.1
port=5070
Now, when Asterisk receives an INVITE from 127.0.0.1:5070 it will match
this peer, whereas the rest, coming from 127.0.0.1:5060, will match your
other subscribers.
Here is a bit of the Kamailio config:
if (is_method(INVITE))
{
# If call is coming from a trusted source (Trunk/PSTN) then we send
it to Asterisk from port 5070
# so that Asterisk knows this is not coming from a subscriber. The
peer in Asterisk needs to be set with port=5070
# as well as the host=ip address
if (allow_trusted())
{
xlog(L_INFO,Inbound to Asterisk from Trusted Source IP $si,
Caller: $fU, Callee: $rU with Call-ID $hdr(Call-ID));
force_send_socket(127.0.0.1:5070);
} else {
# This is a call from a registered subscriber.
xlog(L_INFO,Inbound to Asterisk from $fU to $rU with Call-ID
$hdr(Call-ID));
}
}
route(RELAY);
exit;
}
NOTE: Kamailio must be set to listen on 127.0.0.1:5070 as well as your
usual ports for this to work! Also, your SIP Trunk trusted peers need to be
in the Kamailio trusted table, or explicitly test for the src_ip rather
than use allow_trusted().
Hope this helps.
-Barry Flanagan
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Proper way to make Asterisk recognize SIP trunk of incoming INVITE when IP is not available
BF == Barry Flanagan barryf-li...@flanagan.ie writes: BF Something like: BF [peer_inbound] BF context=peercontext BF type=peer BF host=192.168.1.1 BF ...should do the job. That of course was something I tested, although I used the hostname; perhaps the dual-v4/v6 got in the way? -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 0x997A9F17ED7DAEA6 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Proper way to make Asterisk recognize SIP trunk of incoming INVITE when IP is not available
And related thereto: What needs to be done on kama and ast to ensure that all incoming calls which route through a given kama box always matches a sip.conf [section] based on the socket(7)'s remote address, w/o any consideration of the INVITE's sip headers or body? I tried a several variations, but nothing quite worked. -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 0x997A9F17ED7DAEA6 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Proper way to make Asterisk recognize SIP trunk of incoming INVITE when IP is not available
I am currently preparing a kamailio-asterisk combination. The asterisk installation uses realtime for SIP. The kamailio configuration was based on the reference at http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb but has been heavily modified. Currently asterisk runs on localhost and only listens on SIP/RTP at 127.0.0.1 . Therefore, all of the SIP traffic appears to come from localhost, from the point of view of asterisk. Currently I have a model on which internal SIP phones get identified by the authentication username, and then the contact names at From: and To: get massaged to incorporate the SIP domain, in order to emulate multiple-domain support. The 'sip' table in Asterisk defines all such contacts as SIP accounts of the form name_domain.com, and the SIP phones are configured to use 'name' as authentication username for domain 'domain.com'. However, SIP providers that register on the server with authentication names are left with their original names, since in the model, SIP trunks are available to all domains. Now I have to add support for SIP providers which are to be authorized on the basis of IP only. Apparently, the kamailio module permissions.so (WITH_IPAUTH) is made for just this purpose, so I enabled it. After authentication, I need to route the INVITE to asterisk, and asterisk must somehow match the account for the SIP trunk from the available information on the INVITE request. A typical INVITE for this scenario looks like this, before being processed by kamailio: INVITE sip:6008010@172.28.161.218:5060;transport=udp;user=phone SIP/2.0 Via: SIP/2.0/UDP 200.25.144.58:5060;branch=z9hG4bK+676ea13f680e853fd847230512a347561+32e3da76+1 Call-ID: FBE75B3A@32e3da76 From: sip:042294440@200.25.144.58:5060;user=phone;tag=32e3da76+1+544c000c+52be771c To: sip:6008010@172.28.161.218:5060;user=phone CSeq: 975469826 INVITE Expires: 180 Organization: SetelGYE Min-SE: 90 Session-Expires: 18000 Supported: replaces, 100rel, timer Contact: sip:042294440@200.25.144.58:5060;transport=udp;user=phone Content-Length: 149 Content-Type: application/sdp Max-Forwards: 70 Allow: INVITE, ACK, CANCEL, BYE, OPTIONS, NOTIFY, PRACK, UPDATE, INFO, REFER v=0 o=- 0 0 IN IP4 201.217.79.3 s=- c=IN IP4 201.217.79.3 t=0 0 m=audio 5388 RTP/AVP 8 101 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 Here, 6008010 is the phone number that was dialed at the provider in order to reach my system, and 042294440 is the provider-supplied Caller-ID, which I want to preserve all the way to Asterisk. In particular, 042294440 appears as the value that ends up as $fU (From: username) while being processed in kamailio. If I pass the SIP packet as-is to asterisk, asterisk first tries to match by the value of $fU, which obviously fails to match the trunk name. It then tries to match by incoming IP, which also fails because asterisk received this packet from 127.0.0.1 . Finally, asterisk sort of matches to the first record in the sip table, which is *not* the SIP account for this trunk, but some other random account. I have a partial solution that uses sqlops to make a query to the sip table, using the $si (source IP) and reads the trunk name in order to replace $fU. This works, as now $fU will have the trunk name and asterisk will now recognize the intended SIP account for the trunk. However, this has the unfortunate side effect of throwing out the Caller-ID information. What is the standard/proper way to deal with this situation? Is there a well-known way to make Asterisk match the trunk name, without overwriting the Caller-ID information? Before you ask, requesting the provider to modify its INVITEs is not an option. I believe there is a standard way to deal with this, since this scenario should also arise with a kamailio that faces the internet, and relays INVITEs (after authentication) to an asterisk in a local network. As far as I can tell, the fact that in my case the 'local network' is localhost should be irrelevant. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Proper way to make Asterisk recognize SIP trunk of incoming INVITE when IP is not available
El 25/04/14 18:29, Alex Villacís Lasso escribió: I am currently preparing a kamailio-asterisk combination. The asterisk installation uses realtime for SIP. The kamailio configuration was based on the reference at http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb but has been heavily modified. Currently asterisk runs on localhost and only listens on SIP/RTP at 127.0.0.1 . Therefore, all of the SIP traffic appears to come from localhost, from the point of view of asterisk. Currently I have a model on which internal SIP phones get identified by the authentication username, and then the contact names at From: and To: get massaged to incorporate the SIP domain, in order to emulate multiple-domain support. The 'sip' table in Asterisk defines all such contacts as SIP accounts of the form name_domain.com, and the SIP phones are configured to use 'name' as authentication username for domain 'domain.com'. However, SIP providers that register on the server with authentication names are left with their original names, since in the model, SIP trunks are available to all domains. Now I have to add support for SIP providers which are to be authorized on the basis of IP only. Apparently, the kamailio module permissions.so (WITH_IPAUTH) is made for just this purpose, so I enabled it. After authentication, I need to route the INVITE to asterisk, and asterisk must somehow match the account for the SIP trunk from the available information on the INVITE request. A typical INVITE for this scenario looks like this, before being processed by kamailio: INVITE sip:6008010@172.28.161.218:5060;transport=udp;user=phone SIP/2.0 Via: SIP/2.0/UDP 200.25.144.58:5060;branch=z9hG4bK+676ea13f680e853fd847230512a347561+32e3da76+1 Call-ID: FBE75B3A@32e3da76 From: sip:042294440@200.25.144.58:5060;user=phone;tag=32e3da76+1+544c000c+52be771c To: sip:6008010@172.28.161.218:5060;user=phone CSeq: 975469826 INVITE Expires: 180 Organization: SetelGYE Min-SE: 90 Session-Expires: 18000 Supported: replaces, 100rel, timer Contact: sip:042294440@200.25.144.58:5060;transport=udp;user=phone Content-Length: 149 Content-Type: application/sdp Max-Forwards: 70 Allow: INVITE, ACK, CANCEL, BYE, OPTIONS, NOTIFY, PRACK, UPDATE, INFO, REFER v=0 o=- 0 0 IN IP4 201.217.79.3 s=- c=IN IP4 201.217.79.3 t=0 0 m=audio 5388 RTP/AVP 8 101 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 Here, 6008010 is the phone number that was dialed at the provider in order to reach my system, and 042294440 is the provider-supplied Caller-ID, which I want to preserve all the way to Asterisk. In particular, 042294440 appears as the value that ends up as $fU (From: username) while being processed in kamailio. If I pass the SIP packet as-is to asterisk, asterisk first tries to match by the value of $fU, which obviously fails to match the trunk name. It then tries to match by incoming IP, which also fails because asterisk received this packet from 127.0.0.1 . Finally, asterisk sort of matches to the first record in the sip table, which is *not* the SIP account for this trunk, but some other random account. I have a partial solution that uses sqlops to make a query to the sip table, using the $si (source IP) and reads the trunk name in order to replace $fU. This works, as now $fU will have the trunk name and asterisk will now recognize the intended SIP account for the trunk. However, this has the unfortunate side effect of throwing out the Caller-ID information. What is the standard/proper way to deal with this situation? Is there a well-known way to make Asterisk match the trunk name, without overwriting the Caller-ID information? Before you ask, requesting the provider to modify its INVITEs is not an option. I believe there is a standard way to deal with this, since this scenario should also arise with a kamailio that faces the internet, and relays INVITEs (after authentication) to an asterisk in a local network. As far as I can tell, the fact that in my case the 'local network' is localhost should be irrelevant. If I manage to coax Kamailio to add a (synthetized) P-Asserted-Identity header to the INVITE request before sending it to Asterisk, will Asterisk be able to use it? Will this information show up on a CDR? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
