Hello,
I am trying to authenticate the call redirection between my SER and my Asterisk server. My idea is to create a User for each Server, but still don´t know how to do it. Any ideas?
Regards,
Jose Simoes
Greetings Jose,
Make sure the address of your asterisk box is listed in the trusted table on your SER, and make a peer entry for the SER on you asterisk box. They should then be able to talk.
- Daryl
On 11/25/05, Voipers Portugal voipers@gmail.com wrote:
Hello,
I am trying to authenticate the call redirection between my SER and my Asterisk server. My idea is to create a User for each Server, but still don´t know how to do it. Any ideas?
Regards,
Jose Simoes _______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I'm sorry for my ignorance, but how can I add it to the trusted table?
Jose Simoes
On 11/25/05, Daryl Sanders daryl.sanders@gmail.com wrote:
Greetings Jose,
Make sure the address of your asterisk box is listed in the trusted table on your SER, and make a peer entry for the SER on you asterisk box. They should then be able to talk.
- Daryl
On 11/25/05, Voipers Portugal voipers@gmail.com wrote:
Hello,
I am trying to authenticate the call redirection between my SER and my Asterisk server. My idea is to create a User for each Server, but still don´t know how to do it. Any ideas?
Regards,
Jose Simoes _______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
In in the MySQL SER database you need to add a record to the 'trusted' table. There are three fields that need to be populated, 'src_ip', 'proto' and 'from_pattern'.
You can change the below IP to yours and use this query.
INSERT INTO `trusted` ( `src_ip` , `proto` , `from_pattern` ) VALUES ( '65.103.x.x', 'any', '^sip:.*$' );
- Daryl
On 11/25/05, Voipers Portugal voipers@gmail.com wrote:
I'm sorry for my ignorance, but how can I add it to the trusted table?
Jose Simoes
On 11/25/05, Daryl Sanders daryl.sanders@gmail.com wrote:
Greetings Jose,
Make sure the address of your asterisk box is listed in the trusted table on your SER, and make a peer entry for the SER on you asterisk box. They should then be able to talk.
- Daryl
On 11/25/05, Voipers Portugal voipers@gmail.com wrote:
Hello,
I am trying to authenticate the call redirection between my SER and my Asterisk server. My idea is to create a User for each Server, but still don´t know how to do it. Any ideas?
Regards,
Jose Simoes _______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
You should add following in sip.conf in Asterisk:
; Proxy server for making calls to SIP or receiving calls from SIP [your.ser.host] type=friend host=your.ser.host context = your-origin fromdomain=your.domain
In SER, do something like this:
# Authentication for all but your host if( method=="INVITE" && src_ip!=your.ser.host.ip) { # Authorize here }
-- Arek
Voipers Portugal wrote:
Hello,
I am trying to authenticate the call redirection between my SER and my Asterisk server. My idea is to create a User for each Server, but still don´t know how to do it. Any ideas?
Regards,
Jose Simoes
Ok. That's the easy solution. However, that ain't protected againts IP spoofing problems. Isn't there a way to authenticate using users (with username and password)? So that, when Asterisk send an INVITE do SER, Asterisk should be a normal SER user, like any other user. I am using the following code to see if the invite is trusted or not:
log(1, "INVITE not in table trusted\n"); if (!radius_www_authorize("ser host")) { log(1, "INVITE not authorized, generating digest\n"); www_challenge("ser host", "0"); break; }; log(1, "INVITE authorized\n");
And this way, I think only the users that are in my LDAP database (contacted via radius) and registred to my ser host can make the calls. Am I correct?
Jose Simoes
On 11/25/05, Arek Bekiersz sip@perceval.net wrote:
You should add following in sip.conf in Asterisk:
; Proxy server for making calls to SIP or receiving calls from SIP [your.ser.host] type=friend host=your.ser.host context = your-origin fromdomain=your.domain
In SER, do something like this:
# Authentication for all but your host if( method=="INVITE" && src_ip!=your.ser.host.ip) { # Authorize here }
-- Arek
Voipers Portugal wrote:
Hello,
I am trying to authenticate the call redirection between my SER and my Asterisk server. My idea is to create a User for each Server, but still don´t know how to do it. Any ideas?
Regards,
Jose Simoes
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Sure, in this case you need to add user into Radius/LDAP backend and proceed as normally.
AFAIK there is no "third" solution here, except for "trusted" table.
-- Arek
Voipers Portugal wrote:
Ok. That's the easy solution. However, that ain't protected againts IP spoofing problems. Isn't there a way to authenticate using users (with username and password)? So that, when Asterisk send an INVITE do SER, Asterisk should be a normal SER user, like any other user. I am using the following code to see if the invite is trusted or not:
log(1, "INVITE not in table trusted\n"); if (!radius_www_authorize("ser host")) { log(1, "INVITE not authorized, generatingdigest\n"); www_challenge("ser host", "0"); break; }; log(1, "INVITE authorized\n");
And this way, I think only the users that are in my LDAP database (contacted via radius) and registred to my ser host can make the calls. Am I correct?
But what do I have to add? I can add a user, with username Asterisk, but how can I associate that user to the INVITE message from Asterisk to the SER? Don't understand how SER can authenticate if i cannot associate the RADIUS/LDAP user to the Asterisk box.
Jose Simoes
On 11/25/05, Arek Bekiersz sip@perceval.net wrote:
Sure, in this case you need to add user into Radius/LDAP backend and proceed as normally.
AFAIK there is no "third" solution here, except for "trusted" table.
-- Arek
Voipers Portugal wrote:
Ok. That's the easy solution. However, that ain't protected againts IP spoofing problems. Isn't there a way to authenticate using users (with username and password)? So that, when Asterisk send an INVITE do SER, Asterisk should be a normal SER user, like any other user. I am using the following code to see if the invite is trusted or not:
log(1, "INVITE not in table trusted\n"); if (!radius_www_authorize("ser host")) { log(1, "INVITE not authorized, generatingdigest\n"); www_challenge("ser host", "0"); break; }; log(1, "INVITE authorized\n");
And this way, I think only the users that are in my LDAP database (contacted via radius) and registred to my ser host can make the calls. Am I correct?
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
OK, I understand your problem. Please read <carefully> Asterisk Wiki for sip.conf at:
http://www.voip-info.org/tiki-index.php?page=Asterisk+config+sip.conf
To register, you just need to insert this into general section of Asterisk's sip.conf:
[general] ; Register with a SIP provider - register username at SER as local_asterisk_extension at Asterisk
register => username:digest_password@your.ser.server/local_asterisk_extension
[your.ser.server] type=friend host=your_ser.server username=username
-- Arek
Voipers Portugal wrote:
But what do I have to add? I can add a user, with username Asterisk, but how can I associate that user to the INVITE message from Asterisk to the SER? Don't understand how SER can authenticate if i cannot associate the RADIUS/LDAP user to the Asterisk box.
Jose Simoes
Thanks, i'll read it now. But this only solves one part of the problem, that is, Asterisk can authenticate in SER. And how SER can authenticate in Asterisk? Is it possible only by IP?
Jose Simoes
On 11/25/05, Arek Bekiersz sip@perceval.net wrote:
OK, I understand your problem. Please read <carefully> Asterisk Wiki for sip.conf at:
http://www.voip-info.org/tiki-index.php?page=Asterisk+config+sip.conf
To register, you just need to insert this into general section of Asterisk's sip.conf:
[general] ; Register with a SIP provider - register username at SER as local_asterisk_extension at Asterisk
register => username:digest_password@your.ser.server/local_asterisk_extension
[your.ser.server] type=friend host=your_ser.server username=username
-- Arek
Voipers Portugal wrote:
But what do I have to add? I can add a user, with username Asterisk, but how can I associate that user to the INVITE message from Asterisk to the SER? Don't understand how SER can authenticate if i cannot associate the RADIUS/LDAP user to the Asterisk box.
Jose Simoes
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
One alternative to consider is a certificate authority/peering server that issues a digitally signed token authorizing each call between SER and Asterisk. This eliminates the threat of IP spoofing and the need top maintain IP access lists on each SER and Asterisk box. See http://osp-module.berlios.de/.
Jim Dalton
_____
From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Voipers Portugal Sent: Friday, November 25, 2005 2:21 PM To: sip@perceval.net Cc: serusers@lists.iptel.org Subject: Re: [Serusers] SER and Asterisk authentication
Thanks, i'll read it now. But this only solves one part of the problem, that is, Asterisk can authenticate in SER. And how SER can authenticate in Asterisk? Is it possible only by IP?
Jose Simoes
On 11/25/05, Arek Bekiersz sip@perceval.net wrote:
OK, I understand your problem. Please read <carefully> Asterisk Wiki for sip.conf at:
http://www.voip-info.org/tiki-index.php?page=Asterisk+config+sip.conf
To register, you just need to insert this into general section of Asterisk's sip.conf:
[general] ; Register with a SIP provider - register username at SER as local_asterisk_extension at Asterisk
register => username:digest_password@your.ser.server/local_asterisk_extension
[your.ser.server] type=friend host=your_ser.server username=username
-- Arek
Voipers Portugal wrote:
But what do I have to add? I can add a user, with username Asterisk, but how can I associate that user to the INVITE message from Asterisk to the SER? Don't understand how SER can authenticate if i cannot associate the RADIUS/LDAP user to the Asterisk box.
Jose Simoes
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Voipers Portugal wrote:
Ok. That's the easy solution. However, that ain't protected againts IP spoofing problems. Isn't there a way to authenticate using users (with username and password)? So that, when Asterisk send an INVITE do SER, Asterisk should be a normal SER user, like any other user. I am using the following code to see if the invite is trusted or not:
Use the SIP realm based authentication in Asterisk and configure authentication for the realm of the SER box.
/O
-
Arek Bekiersz -
Daryl Sanders -
Jim Dalton -
Olle E. Johansson -
Voipers Portugal