Hi Duncan, There are plenty of options here.
I think here is good place to start: https://www.kamailio.org/wiki/tutorials/security/kamailio-security You also can check https://www.apiban.org/doc.html Regards, On Thu, Jul 29, 2021 at 8:37 AM Duncan Turnbull <dun...@turnbull.co.nz> wrote: > Hi Arsen > > Thanks very much, I am looking at that now > > Is there an easy way to control the extensions that are proxied through to > asterisk so that we restrict the ability of outside scanning of extension > lists. I would like to limit the registrations for extensions passed > through to asterisk that come from an unknown / external ips. > > Thanks again > > Cheers Duncan > > On Wed, Jul 28, 2021 at 11:11 PM Arsen Semenov <arsper...@gmail.com> > wrote: > >> You can check how Path works, it is described in rfc3327, this is >> probably what you need. >> From the Asterisk side; however, I can't tell whether it is supported by >> pjsip, there was some issue as I know, but at least chan_sip should support >> it. >> Also docs for kamailio registrar module. >> What do you mean by "limit the user ids that go through to asterisk"? >> >> On Wed, Jul 28, 2021 at 12:50 PM Duncan Turnbull <dun...@turnbull.co.nz> >> wrote: >> >>> Hi Arsen >>> >>> Thanks very much for your reply >>> >>> We were using repro which does that but are interested in the wider >>> capabilities of kamailio. >>> >>> We are wanting to limit the user ids that go through to asterisk and >>> eventually have two kamailio servers that provide some failover >>> >>> I saw a slide pack from Fred Posner talking about fronting asterisk with >>> kamailio and I probably jumped to uac without fully understanding what it’s >>> purpose is >>> >>> I also saw that shared line appearance can be simulated using kamailio, >>> and perhaps it needs the uac module to achieve that. >>> >>> My general understanding is new and growing so I am grateful for all >>> advice or questions >>> >>> Thanks again >>> >>> Cheers Duncan >>> >>> On 28/07/2021, at 3:34 PM, Arsen Semenov <arsper...@gmail.com> wrote: >>> >>> >>> Hi Duncan, >>> >>> This scenario is quite new for me, not sure I got it right.. but why >>> have you decided not to proxying requests to asterisks? >>> By leveraging Path and Record-route headers Asterisk will know how to >>> route the response back as well as new requests. >>> And the proxy will know how to handle them. >>> This is how kamailio is usually set as a front-end for media servers. >>> >>> >>> >>> On Wed, Jul 28, 2021 at 8:35 AM Duncan Turnbull <dun...@turnbull.co.nz> >>> wrote: >>> >>>> Hi there >>>> >>>> I am a new user of Kamailio and we are trying to use it to be as a >>>> front end for our asterisk pbx. We are running on Ubuntu 18.04 and Kamailio >>>> 5.3.8 with Siremis >>>> >>>> Rather than proxying the request through to asterisk we are trying to >>>> use uacreg to send a login to asterisk. Asterisk will think all the users >>>> are appear from the proxy but thats okay. Initially this is just for >>>> external users but eventually all phones etc will register via Kamailio and >>>> we will have the trunks there (and split them across another kamailio but >>>> thats another job) >>>> >>>> If I add a user to the uacreg then when I register to Kamailio it sends >>>> a register request but to the realm in the uacreg table and the matching >>>> port Kamailio is running on. >>>> >>>> Is this because somewhere we have set Kamailio to directly proxy on and >>>> we need to turn that off first? >>>> >>>> This is our uacreg table >>>> >>>> mysql> select * from uacreg; >>>> >>>> +----+--------+------------+------------+------------+-----------+-----------+---------------+---------------+----------+--------------------+---------+-------+-----------+--------+ >>>> | id | l_uuid | l_username | l_domain | r_username | r_domain | >>>> realm | auth_username | auth_password | auth_ha1 | auth_proxy | >>>> expires | flags | reg_delay | socket | >>>> >>>> +----+--------+------------+------------+------------+-----------+-----------+---------------+---------------+----------+--------------------+---------+-------+-----------+--------+ >>>> | 1 | testuser | testuser | ourdomain.com | 88 | >>>> 10.8.8.20 | 10.8.8.20 | 88 | password | '' | sip: >>>> 10.8.8.20:5060 | 360 | 0 | 3 | | >>>> >>>> +----+--------+------------+------------+------------+-----------+-----------+---------------+---------------+----------+--------------------+---------+-------+-----------+--------+ >>>> 1 row in set (0.00 sec) >>>> >>>> All pointer, guides and recommendations will be welcome >>>> >>>> Thanks very much >>>> >>>> Cheers Duncan >>>> >>>> >>>> >>>> >>>> __________________________________________________________ >>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>> * sr-users@lists.kamailio.org >>>> Important: keep the mailing list in the recipients, do not reply only >>>> to the sender! >>>> Edit mailing list options or unsubscribe: >>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> >>> >>> -- >>> Arsen Semenov >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> * sr-users@lists.kamailio.org >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> Edit mailing list options or unsubscribe: >>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> * sr-users@lists.kamailio.org >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> Edit mailing list options or unsubscribe: >>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> >> >> -- >> Arsen Semenov >> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> * sr-users@lists.kamailio.org >> Important: keep the mailing list in the recipients, do not reply only to >> the sender! >> Edit mailing list options or unsubscribe: >> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * sr-users@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > -- Arsen Semenov
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users