27 Aug
2005
27 Aug
'05
1:18 a.m.
Yes, it really make sense. I'll find the way how to check those From and
To header of a SIP request. Maybe I will use textops.so to do this or
any other module that can handle these kind of application. In your
experience what did you use to make work this kind of scenario?
--Ryan
Steve Blair wrote:
Sorry I missed the route[3] stuff because my mail client wrapped
the message text. Even though I got the route block number wrong I
think my original comment is still valid. If these inter-domain calls hit
route[3] then there you need to either check if the "from" user is
permitted to send calls or you need to check if the "to" address is a
valid
local address. Which approach you take depends on your implementation.
If your iptel.org users are on soft clients where they can easily
enter the
authentication credentials then I think that would be a good approach.
If you
are trying handle multiple doamins (such as other business partners)
then the
problem is a little more difficult. We simply trust certain remote IP
addresses
to be the address of a "friendly" peer. We cannot prompt them for
credentials
because their users don't have accounts on our system.
Does this make sense?
_Steve
Ryan Pagquil wrote:
--
Ryan Pagquil
Infodyne Inc. - PhilOnline.com
3603 Antel Global Corporate Center
Doña Julia Vargas Ave.
Ortigas Center Pasig City
Tel: 687-0715
Web: www.philonline.com
Hi Steve,
Here is the route[1] configuration. The calls from outside
domains are falling to route[3] which make the call to be blocked.
##Default message handler##
route[1] {
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
Thanks,
Ryan
Steve Blair wrote:
It looks like the type of call you describe should fall through to
route[1] is that
the behavior you are seeing? Anyway in route[1] (or somewhere ) you
need to
accept that the from address might not be a local user and allow for
the
case where the from address is a "trusted alternate domain like
iptel.org". I'm
guessing, but I cannot confirm from this code, that route[1] is
checking the
from user credentials and providing you with the authentication
required
message.
At that point you could elect, and I think a soft phone will, prompt
the user for these
credentials.
-Steve
Ryan Pagquil wrote:
> Hi Steve,
>
> Here is what happens with my current configuration. When I
> call from my iptel.org account going to my local users it prompts
> me "407, Proxy Authenctication Required". So what I like to do is
> to allow those calls going to my local users from other domain.
> BTW, here is my ser.cfg's INVITE message handler.
>
> ##INVITE message Handler##
> route[3] { if (client_nat_test("3")) {
> setflag(7);
> force_rport();
> fix_nated_contact();
> }; # if (!proxy_authorize("", "subscriber"))
{
> # proxy_challenge("", "0");
> # break;
> # } else
>
> if (!check_from() && method=="INVITE")
> { sl_send_reply("403", "User From=ID");
> break; };
>
> lookup("aliases");
> if (uri!=myself) {
> route(1);
> break;
> };
>
> if (!lookup("location")) {
> sl_send_reply("404", "User not found");
> break;
> };
>
> if (method=="CANCEL") { route(1);
> break;
> };
>
>
> consume_credentials();
>
> if (isflagset(6) || isflagset(7)) {
> use_media_proxy();
> };
>
> route(1);
> }
>
> I misse call with your SIP phone, just testing it. =)
>
> Thanks,
> Ryan
>
> Steve Blair wrote:
>
>>
>> Set the alias=<your sip domain> parameter then use if
>> (uri==myself) construct.
>>
>> -Steve
>>
>> Ryan Pagquil wrote:
>>
>>> Hello,
>>> How can I check if the call is for my domain? What
>>> specific module should I use?
>>>
>>> Thanks,
>>>
7038
days inactive
7038
days old
0 comments
1 participants
participants (1)
-
Ryan Pagquil