Yes, it really make sense. I'll find the way how to check those From and To header of a SIP request. Maybe I will use textops.so to do this or any other module that can handle these kind of application. In your experience what did you use to make work this kind of scenario?
--Ryan
Steve Blair wrote:
Sorry I missed the route[3] stuff because my mail client wrapped the message text. Even though I got the route block number wrong I think my original comment is still valid. If these inter-domain calls hit route[3] then there you need to either check if the "from" user is permitted to send calls or you need to check if the "to" address is a valid local address. Which approach you take depends on your implementation.
If your iptel.org users are on soft clients where they can easily enter the authentication credentials then I think that would be a good approach. If you are trying handle multiple doamins (such as other business partners) then the problem is a little more difficult. We simply trust certain remote IP addresses to be the address of a "friendly" peer. We cannot prompt them for credentials because their users don't have accounts on our system.
Does this make sense?
_Steve
Ryan Pagquil wrote:
Hi Steve, Here is the route[1] configuration. The calls from outside domains are falling to route[3] which make the call to be blocked.
##Default message handler## route[1] {
t_on_reply("1"); if (!t_relay()) { if (method=="INVITE" || method=="ACK") { end_media_session(); }; sl_reply_error(); };}
Thanks, Ryan
Steve Blair wrote:
It looks like the type of call you describe should fall through to route[1] is that the behavior you are seeing? Anyway in route[1] (or somewhere ) you need to accept that the from address might not be a local user and allow for the case where the from address is a "trusted alternate domain like iptel.org". I'm guessing, but I cannot confirm from this code, that route[1] is checking the from user credentials and providing you with the authentication required message.
At that point you could elect, and I think a soft phone will, prompt the user for these credentials.
-Steve
Ryan Pagquil wrote:
Hi Steve,
Here is what happens with my current configuration. When Icall from my iptel.org account going to my local users it prompts me "407, Proxy Authenctication Required". So what I like to do is to allow those calls going to my local users from other domain. BTW, here is my ser.cfg's INVITE message handler.
##INVITE message Handler## route[3] { if (client_nat_test("3")) { setflag(7); force_rport(); fix_nated_contact(); }; # if (!proxy_authorize("", "subscriber")) { # proxy_challenge("", "0"); # break; # } else
if (!check_from() && method=="INVITE"){ sl_send_reply("403", "User From=ID"); break; };
lookup("aliases"); if (uri!=myself) { route(1); break; }; if (!lookup("location")) {sl_send_reply("404", "User not found"); break; };
if (method=="CANCEL") { route(1); break; }; consume_credentials(); if (isflagset(6) || isflagset(7)) { use_media_proxy(); }; route(1);}
I misse call with your SIP phone, just testing it. =)
Thanks, Ryan
Steve Blair wrote:
Set the alias=<your sip domain> parameter then use if (uri==myself) construct.
-Steve
Ryan Pagquil wrote:
Hello, How can I check if the call is for my domain? What specific module should I use?
Thanks,
-
Ryan Pagquil