Re: [OpenSIPS-Users] Problem with Un-authenticated calls coming from a Asterisk gateway : need to restrict access

Tue, 13 Apr 2010 03:30:25 -0700 

Sorry, there is a mistake in what I wrote:

I did:
osipsconsole

address add 0 192.168.1.19 255.255.255.*255*  UDP 5060 (not 255.255.255.0)


and opensips makes the call pass the same, from 192.168.1.20.....
I had a look into the db entries: there is something like address=192.168.1.19 mask = 32 .... 

Any advice?
Asterisk tricks?
Or an opensips problem?
If you want, I can give you ssh accesses....

Roberto


Il martedì 13/04/10 12.08, Bogdan-Andrei Iancu ha scritto:

Hello Roberto,

I think the problem is with the network mask you used when adding the IP :
     IP : 192.168.1.19
     Mask: 255.255.255.0

This rule will allow 192.168.1.xxx block of IPs - this is why the second
asterisk works too ;)

Try using the 255.255.255.255 mask (of course remove the existing entry)

Regards,
Bogdan

Roberto Ovani wrote:

I'm using opensips 1.6.1, on Ubuntu 9.10 server (192.168.1.12)
I configured an asterisk box (192.168.1.19) to for PSTN.

I'm trying to restrict access, to prevent false authentication from
unauthorized users except the gateway I set up.

from the terminal, i wrote :
/osipsconsole
address add 0 192.168.1.19 255.255.255.0 UDP 5060
/to add the gateway data into the db
So, i want ONLY that asterisk box to send calls to opensips bypassing
authentication (this is what I found on the book by Gonçalves, about
opensips 1.6, nd it says I can do it).

But if itry with another asterisk box, on another Ip address e.g.
192.168.1.20 , opensips makes the call pass, even if I didn't put this
entry in my Db.... I want to restrict access to UN-authenticated calls
ONLY to 192.168.1.19

this is a piece of code I found on the book and I used to restric the
access only to 192.168.1.19:

  if (!(method=="REGISTER")&&  is_from_local())
         {

                 if (!check_source_address("0"))
                 {
                         if (!proxy_authorize("", "subscriber"))
                         {
                                 proxy_challenge("", "0");
                                 exit;
                         }
                 }
                 else if (!db_check_from())
                 {
                                        sl_send_reply("403","Forbidden
auth ID");
                                         exit;
                 }

         }


Is it right?
What do you think I have to check ?
Could you please help me ? I can't solve this problem....but i need it !
Thanks in advance
Best regards
Roberto
------------------------------------------------------------------------

_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users






_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to