Hi List,
I am using kamailio 1.4 and authenticating INVITE if the source ip address is not in trusted table but  one of the IP which is not in the trusted table was able to bypass INVITE authentication, . I don’t have SIP traces saved from the called but when that was happening I could see that the INVITE didn’t have auth credentials but caller was able to bypass authentication and was sending calls to my upstream gateway.

Caller’s IP is definitely not in the trusted table, I am just wondering is it something wrong in my script or similar issue has reported before ;

Thanks in Advance

Asim

route[2] {
        xlog("L_INFO", "[ROUTE-2] Received initial INVITE from $si\n");

        setflag(2);
        setflag(3);

        if(is_from_local()) {
                if(!allow_trusted()) {
                        xlog("L_INFO", "[ROUTE-2 !] Issuing proxy challenge\n");

                        if(!proxy_authorize("", "subscriber")) {
                                proxy_challenge("", "1");
                                exit;
                        }

                        else if(!check_from()) {
                                xlog("L_INFO", "[ROUTE-2 !] From URI denied\n");
                                sl_send_reply("403", "Forbidden");
                                exit;
                        }
                }

                else {
                        xlog("L_INFO", "[ROUTE-2 !] From URI domain not local - denied\n");
                        sl_send_reply("403", "Forbidden");
                        exit;
                }
        }
   consume_credentials();

        xlog("L_INFO", "[ROUTE-2 ->] Authentication credentials valid\n");

        if(nat_uac_test("1")) {
                xlog("L_INFO", "[ROUTE-2 ->] RFC1918 contact found - fixing up\n");
                fix_nated_contact();
                force_rport();
                setbflag(7);
        }


        if(nat_uac_test("8") && search("Content-Type: application/sdp")) {
                xlog("L_INFO", "[ROUTE-2 ->] RFC1918 SDP endpoint found - fixing up\n");
                fix_nated_sdp("10");
        }


        # Apply outbound translations and figure out where to route the call.

        route(4); # this route the calls to upstream gateway.
}


These messages i was getting in syslog

[ROUTE-2] Received initial INVITE from xxx.xxx.xxx.xxx(Caller_IP)

ERROR:auth:consume_credentials: no authorized credentials found (error in scripts)

 [ROUTE-2 ->] Authentication credentials valid

 [ROUTE-4] Applying outbound translations to: 0022334455

 [ROUTE-4 ->] Translated RURI user part to: 22334455

 [ROUTE-4 ->] Gateway election: my_upstream_gateway

 [ROUTE-5] Accounting translation: sip:0022334455@my_upstream_gateway

 [ROUTE-2 ->] Relaying