Re: [asterisk-users] asterisk ip authentication

2013-07-29 Thread Eric Wieling 
What is the output of "g729 show version"?

-Original Message-
From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of james jan
Sent: Sunday, July 28, 2013 7:07 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] asterisk ip authentication

hi all,
i've changed allow=all and restarted service.
but  still gives 488 Not acceptable here The softswitch sends codec g729.
"core show translation" says codec g729 alsa installed.




On Sun, Jul 28, 2013 at 10:11 PM, Andrew Colin  wrote:


I just find it insecure because if someone does hack they can use any 
codec.
I suppose not very insecure but I like to lock things down as much as 
possible.





On 7/28/2013 9:09 PM, Matt Behrens wrote:


On Jul 28, 2013, at 2:59 PM, Andrew Colin  
<mailto:and...@vsave.co.za>  wrote:


if you say allow=all it will work but thats not secure 
at all.

How is allow=all insecure?  I can see inefficient, but what 
would make that insecure eludes me.


 

--

_
-- Bandwidth and Colocation Provided by 
http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every 
Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users



--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users




--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] asterisk ip authentication

2013-07-29 Thread Andrew Colin 

  
  
remove disallow completely
  
  you are basically saying do not allow anything
  then allow anything
  
  so remove the disallow part and leave allow
  
  





Kind Regards

Andrew Colin
Technical Director
T:010 591 4358
C: 082 310 3007
and...@vsave.co.za



  
  On 7/29/2013 9:48 AM, james jan wrote:


  
hi Andrew,

here is my sip.conf

[]
  host=x.x.x.x
  qualify=yes
  type=peer
  insecure=port,invite
  context=from-internal
  disallow=all
  allow=all
  

  
  


On Mon, Jul 29, 2013 at 9:17 AM, Andrew
  Colin 
  wrote:
  

  send me a copy of your sip config also make sure
dissallow is before allow.

  
   


Kind Regards

Andrew Colin
Technical Director
T:010 591 4358
C: 082 310 3007
and...@vsave.co.za



  


   On 7/29/2013 1:07 AM, james jan
wrote:
  

  
  

  
hi all,
  i've changed allow=all

  and restarted service.
  but  still gives 488 Not acceptable
  here
  The

  softswitch sends codec g729.
  "core show translation" says codec g729 alsa
installed.
  
  
  
  

 
  
  On Sun, Jul 28, 2013 at
10:11 PM, Andrew Colin 
wrote:

  
I just find it insecure because if
  someone does hack they can use any codec.
  I suppose not very insecure but I like to
  lock things down as much as possible.
  

  
   


  
  On 7/28/2013 9:09 PM, Matt Behrens
  wrote:

  


  

  On Jul 28, 2013, at 2:59 PM, Andrew Colin  wrote:


  
if you say allow=all it will work but thats not secure at all.

  
  How is allow=all insecure?  I can see inefficient, but what would make that insecure eludes me.


  
  
  

  
  
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users
  


  
  
  --
_
  -- Bandwidth and Colocation Provided by http://www.api-digital.com
  --
  New to Asterisk? Join us for a live
  introductory webinar every Thurs:
                 http://www.asterisk.org/hello
  
  asterisk-users mailing list
  To UNSUBSCRIBE or update options visit:
     http://lists.digium.com/mailman/listinfo/

Re: [asterisk-users] asterisk ip authentication

2013-07-29 Thread james jan 
hi Andrew,
here is my sip.conf

[]
host=x.x.x.x
qualify=yes
type=peer
insecure=port,invite
context=from-internal
disallow=all
allow=all



On Mon, Jul 29, 2013 at 9:17 AM, Andrew Colin  wrote:

>  send me a copy of your sip config also make sure dissallow is before
> allow.
>
>
>
>
>
> Kind Regards
>
> Andrew Colin
> Technical Director
> T:010 591 4358
> C: 082 310 3007
> and...@vsave.co.za
>
>
>
>  On 7/29/2013 1:07 AM, james jan wrote:
>
> hi all,
> i've changed allow=all and restarted service.
> but  still gives 488 Not acceptable here
> The softswitch sends codec g729.
> "core show translation" says codec g729 alsa installed.
>
>
>
>
> On Sun, Jul 28, 2013 at 10:11 PM, Andrew Colin  wrote:
>
>>  I just find it insecure because if someone does hack they can use any
>> codec.
>> I suppose not very insecure but I like to lock things down as much as
>> possible.
>>
>>
>>
>>
>>
>>  On 7/28/2013 9:09 PM, Matt Behrens wrote:
>>
>>  On Jul 28, 2013, at 2:59 PM, Andrew Colin  
>>  wrote:
>>
>>
>>  if you say allow=all it will work but thats not secure at all.
>>
>>  How is allow=all insecure?  I can see inefficient, but what would make that 
>> insecure eludes me.
>>
>>
>>
>>
>>   --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
>>
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
<>--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] asterisk ip authentication

2013-07-28 Thread Andrew Colin 

  
  
send me a copy of your sip config also
  make sure dissallow is before allow.
  
  





Kind Regards

Andrew Colin
Technical Director
T:010 591 4358
C: 082 310 3007
and...@vsave.co.za



  
  On 7/29/2013 1:07 AM, james jan wrote:


  hi all,
i've changed allow=all
and restarted service.
but  still
gives 488 Not
acceptable here
The
softswitch sends codec g729.
"core show translation" says codec g729 alsa installed.




  
  


On Sun, Jul 28, 2013 at 10:11 PM,
  Andrew Colin 
  wrote:
  

  I just find it insecure because if someone does hack
they can use any codec.
I suppose not very insecure but I like to lock things
down as much as possible.

  

 
  
  

On 7/28/2013 9:09 PM, Matt Behrens wrote:
  

  
  

  
On Jul 28, 2013, at 2:59 PM, Andrew Colin  wrote:



  if you say allow=all it will work but thats not secure at all.


How is allow=all insecure?  I can see inefficient, but what would make that insecure eludes me.





  


  --
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

  
  


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar
every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users
  


  
  
  
  
  --
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users


  

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] asterisk ip authentication

2013-07-28 Thread james jan 
hi all,
i've changed allow=all and restarted service.
but  still gives 488 Not acceptable here
The softswitch sends codec g729.
"core show translation" says codec g729 alsa installed.




On Sun, Jul 28, 2013 at 10:11 PM, Andrew Colin  wrote:

>  I just find it insecure because if someone does hack they can use any
> codec.
> I suppose not very insecure but I like to lock things down as much as
> possible.
>
>
>
>
>
>  On 7/28/2013 9:09 PM, Matt Behrens wrote:
>
> On Jul 28, 2013, at 2:59 PM, Andrew Colin  
>  wrote:
>
>
>  if you say allow=all it will work but thats not secure at all.
>
>  How is allow=all insecure?  I can see inefficient, but what would make that 
> insecure eludes me.
>
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] asterisk ip authentication

2013-07-28 Thread Andrew Colin 

I just find it insecure because if someone does hack they can use any codec.
I suppose not very insecure but I like to lock things down as much as 
possible.





On 7/28/2013 9:09 PM, Matt Behrens wrote:

On Jul 28, 2013, at 2:59 PM, Andrew Colin  wrote:


if you say allow=all it will work but thats not secure at all.

How is allow=all insecure?  I can see inefficient, but what would make that 
insecure eludes me.



--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] asterisk ip authentication

2013-07-28 Thread Matt Behrens 
On Jul 28, 2013, at 2:59 PM, Andrew Colin  wrote:

> if you say allow=all it will work but thats not secure at all.

How is allow=all insecure?  I can see inefficient, but what would make that 
insecure eludes me.



smime.p7s
Description: S/MIME cryptographic signature
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] asterisk ip authentication

2013-07-28 Thread Andrew Colin 

  
  
No Acceptable here is a codec error.
  
  Check the other soft switch and see what codecs it is sending.
  
  if you say allow=all it will work but thats not secure at all.
  
  





Kind Regards

Andrew Colin
Technical Director
T:010 591 4358
C: 082 310 3007
and...@vsave.co.za



  
  On 7/28/2013 6:26 PM, james jan wrote:


  allow=g729
  allow=alaw
  allow=ulaw
  allow=gsm


  

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] asterisk ip authentication

2013-07-28 Thread james jan 
hi,

[]
type=peer
insecure=invite,port
host=x.x.x.x
context=from-internal
disallow=all
allow=g729
allow=alaw
allow=ulaw
allow=gsm
canreinvite=no
nat=no
qualify=yes

this works fine for one softswitch bu i tried another soft switch it gives
SIP/2.0 488 Not acceptable here
error.
Any idea?


On Fri, Jul 26, 2013 at 6:17 PM, Thorsten Göllner  wrote:

> Additionally you shoudl take a look at "sip set debug on" (in cli) and
> then place a call.
>
> Am 26.07.2013 17:14, schrieb Thorsten Göllner:
>
>> You should take a look at this options:
>>
>> type=friend
>> context=my_context
>> host=ip_address
>>
>> Am 26.07.2013 16:52, schrieb jin jan:
>>
>>> Hi all,
>>> I've tried to sen calls to asterisk from different soft switch.
>>> I want to define ip authentication(not register) to an extension for
>>> make call through asterisk.
>>> Is there any way to make call from asterisk  without register. Only ip
>>> authentication.
>>> I tried too many different configurations but it hasn't worked.
>>> This is my sip.conf
>>>
>>> --sip.conf
>>> []
>>> host=x.x.x.x
>>> qualify=yes
>>> type=peer
>>> insecure=port,invite
>>> context=from-internal
>>> disallow=all
>>> allow=ulaw
>>> allow=alaw
>>> allow=g729
>>> allow=gsm
>>>
>>> But gives SIP/2.0 401 Unauthorized error.
>>> Tel.: +49(0)211 / 618 57 53 Fax: +49(0)211 / 618 57 54
>>>
>>
> --
> __**__**_
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   
> http://lists.digium.com/**mailman/listinfo/asterisk-**users
>
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] asterisk ip authentication

2013-07-26 Thread Thorsten Göllner 
Additionally you shoudl take a look at "sip set debug on" (in cli) and 
then place a call.


Am 26.07.2013 17:14, schrieb Thorsten Göllner:

You should take a look at this options:

type=friend
context=my_context
host=ip_address

Am 26.07.2013 16:52, schrieb jin jan:

Hi all,
I've tried to sen calls to asterisk from different soft switch.
I want to define ip authentication(not register) to an extension for 
make call through asterisk.
Is there any way to make call from asterisk  without register. Only 
ip authentication.

I tried too many different configurations but it hasn't worked.
This is my sip.conf

--sip.conf
[]
host=x.x.x.x
qualify=yes
type=peer
insecure=port,invite
context=from-internal
disallow=all
allow=ulaw
allow=alaw
allow=g729
allow=gsm

But gives SIP/2.0 401 Unauthorized error.
Tel.: +49(0)211 / 618 57 53 Fax: +49(0)211 / 618 57 54


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] asterisk ip authentication

2013-07-26 Thread Thorsten Göllner 

You should take a look at this options:

type=friend
context=my_context
host=ip_address

Am 26.07.2013 16:52, schrieb jin jan:

Hi all,
I've tried to sen calls to asterisk from different soft switch.
I want to define ip authentication(not register) to an extension for 
make call through asterisk.
Is there any way to make call from asterisk  without register. Only ip 
authentication.

I tried too many different configurations but it hasn't worked.
This is my sip.conf

--sip.conf
[]
host=x.x.x.x
qualify=yes
type=peer
insecure=port,invite
context=from-internal
disallow=all
allow=ulaw
allow=alaw
allow=g729
allow=gsm

But gives SIP/2.0 401 Unauthorized error.

Kind Regards.



--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] asterisk ip authentication

2013-07-26 Thread jin jan 
Hi all,
I've tried to sen calls to asterisk from different soft switch.
I want to define ip authentication(not register) to an extension for make
call through asterisk.
Is there any way to make call from asterisk  without register. Only ip
authentication.
I tried too many different configurations but it hasn't worked.
This is my sip.conf

--sip.conf
[]
host=x.x.x.x
qualify=yes
type=peer
insecure=port,invite
context=from-internal
disallow=all
allow=ulaw
allow=alaw
allow=g729
allow=gsm

But gives SIP/2.0 401 Unauthorized error.

Kind Regards.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] asterisk ip authentication

2012-09-26 Thread jin jan 
hi
Thanks for replay. now asterisk accepts calls. But 32 second later, calls
drop.

Error code:
-Asterisk-HangupCause: Protocol error, unspecified
X-Asterisk-HangupCauseCode: 111






On Wed, Sep 26, 2012 at 2:47 PM, Carlos Rojas  wrote:

> Hello
>
> Yes, there is, in sip.conf you should be using
> Insecure=invite,port for that
>
> Regards
> On Sep 25, 2012 4:06 PM, "jin jan"  wrote:
>
>> Hi all,
>> I've tried to sen calls to asterisk from different soft switch.
>> I want to define ip authentication(not register) to an extension for make
>> call through asterisk.
>> Is there any way to make call from asterisk  without register. Only ip
>> authentication.
>> Kind Regards.
>>
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] asterisk ip authentication

2012-09-26 Thread Carlos Rojas 
Hello

Yes, there is, in sip.conf you should be using
Insecure=invite,port for that

Regards
On Sep 25, 2012 4:06 PM, "jin jan"  wrote:

> Hi all,
> I've tried to sen calls to asterisk from different soft switch.
> I want to define ip authentication(not register) to an extension for make
> call through asterisk.
> Is there any way to make call from asterisk  without register. Only ip
> authentication.
> Kind Regards.
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] asterisk ip authentication

2012-09-25 Thread jin jan 
Hi all,
I've tried to sen calls to asterisk from different soft switch.
I want to define ip authentication(not register) to an extension for make
call through asterisk.
Is there any way to make call from asterisk  without register. Only ip
authentication.
Kind Regards.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users