Hi Duncan,
There are plenty of options here.
I think here is good place to start: https://www.kamailio.org/wiki/tutorials/security/kamailio-security
You also can check https://www.apiban.org/doc.html
Regards,On Thu, Jul 29, 2021 at 8:37 AM Duncan Turnbull <duncan@turnbull.co.nz> wrote:Hi ArsenThanks very much, I am looking at that nowIs there an easy way to control the extensions that are proxied through to asterisk so that we restrict the ability of outside scanning of extension lists. I would like to limit the registrations for extensions passed through to asterisk that come from an unknown / external ips.Thanks againCheers Duncan__________________________________________________________On Wed, Jul 28, 2021 at 11:11 PM Arsen Semenov <arsperger@gmail.com> wrote:You can check how Path works, it is described in rfc3327, this is probably what you need.
From the Asterisk side; however, I can't tell whether it is supported by pjsip, there was some issue as I know, but at least chan_sip should support it.Also docs for kamailio registrar module.
What do you mean by "limit the user ids that go through to asterisk"?On Wed, Jul 28, 2021 at 12:50 PM Duncan Turnbull <duncan@turnbull.co.nz> wrote:__________________________________________________________Hi ArsenThanks very much for your replyWe were using repro which does that but are interested in the wider capabilities of kamailio.We are wanting to limit the user ids that go through to asterisk and eventually have two kamailio servers that provide some failoverI saw a slide pack from Fred Posner talking about fronting asterisk with kamailio and I probably jumped to uac without fully understanding what it’s purpose isI also saw that shared line appearance can be simulated using kamailio, and perhaps it needs the uac module to achieve that.My general understanding is new and growing so I am grateful for all advice or questionsThanks againCheers DuncanOn 28/07/2021, at 3:34 PM, Arsen Semenov <arsperger@gmail.com> wrote:Hi Duncan,This scenario is quite new for me, not sure I got it right.. but why have you decided not to proxying requests to asterisks?By leveraging Path and Record-route headers Asterisk will know how to route the response back as well as new requests.And the proxy will know how to handle them.
This is how kamailio is usually set as a front-end for media servers.On Wed, Jul 28, 2021 at 8:35 AM Duncan Turnbull <duncan@turnbull.co.nz> wrote:__________________________________________________________Hi thereI am a new user of Kamailio and we are trying to use it to be as a front end for our asterisk pbx. We are running on Ubuntu 18.04 and Kamailio 5.3.8 with SiremisRather than proxying the request through to asterisk we are trying to use uacreg to send a login to asterisk. Asterisk will think all the users are appear from the proxy but thats okay. Initially this is just for external users but eventually all phones etc will register via Kamailio and we will have the trunks there (and split them across another kamailio but thats another job)If I add a user to the uacreg then when I register to Kamailio it sends a register request but to the realm in the uacreg table and the matching port Kamailio is running on.Is this because somewhere we have set Kamailio to directly proxy on and we need to turn that off first?This is our uacreg tablemysql> select * from uacreg;
+----+--------+------------+------------+------------+-----------+-----------+---------------+---------------+----------+--------------------+---------+-------+-----------+--------+
| id | l_uuid | l_username | l_domain | r_username | r_domain | realm | auth_username | auth_password | auth_ha1 | auth_proxy | expires | flags | reg_delay | socket |
+----+--------+------------+------------+------------+-----------+-----------+---------------+---------------+----------+--------------------+---------+-------+-----------+--------+
| 1 | testuser | testuser | ourdomain.com | 88 | 10.8.8.20 | 10.8.8.20 | 88 | password | '' | sip:10.8.8.20:5060 | 360 | 0 | 3 | |
+----+--------+------------+------------+------------+-----------+-----------+---------------+---------------+----------+--------------------+---------+-------+-----------+--------+
1 row in set (0.00 sec)All pointer, guides and recommendations will be welcomeThanks very muchCheers Duncan
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--__________________________________________________________Arsen Semenov
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--__________________________________________________________Arsen Semenov
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--__________________________________________________________Arsen Semenov
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users