Hi all,
I am using Kamailio to front my freeswitch servers and it is working great. I am getting some problems with authentication, sometimes users which are not registered with kamailio are also able to make calls. I have a feeling that I am doing something really silly with kamailio routing. Following is the AUTH route that I am using, please let me know I am missing something very obvious.
route[AUTH] { #!ifdef WITH_AUTH
#!ifdef WITH_FREESWITCH if(route(FSINBOUND)) return; #!endif
#!ifdef WITH_IPAUTH if((!is_method("REGISTER")) && allow_source_address()) { # source IP allowed return; } #!endif
if (is_method("REGISTER") || from_uri==myself) { # authenticate requests if (!auth_check("$fd", "subscriber", "1")) { auth_challenge("$fd", "0"); exit; } # user authenticated - remove auth header if(!is_method("REGISTER|PUBLISH")) consume_credentials(); } # if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (from_uri!=myself && uri!=myself) { sl_send_reply("403","Not relaying"); exit; }
#!endif return; }
route[FSINBOUND] { if($si== $sel(cfg_get.freeswitch.bindip) && $sp==$sel(cfg_get.freeswitch.bindport)) return 1; return -1; }
I have set "WITH_AUTH" and "WITH_FREESWITCH". Let me know, if any more details are required.
System configuration: Ubuntu: 12.04 LTS Kamailio: 4.1.5 (x86_64/linux) Freeswitch: 1.4.7 stable release
Hello,
so they can call without being asked for password? Are they valid users anyhow or unknown ones. Were you able to grab a sip trace for such calls? If yes, send it here.
What I would recommend, is to enable cfgtrace from debugger module and see what actions are executed from configuration file.
Cheers, Daniel
On 22/09/14 15:28, Ashwin Jain wrote:
Hi all,
I am using Kamailio to front my freeswitch servers and it is working great. I am getting some problems with authentication, sometimes users which are not registered with kamailio are also able to make calls. I have a feeling that I am doing something really silly with kamailio routing. Following is the AUTH route that I am using, please let me know I am missing something very obvious.
route[AUTH] { #!ifdef WITH_AUTH
#!ifdef WITH_FREESWITCH if(route(FSINBOUND)) return; #!endif
#!ifdef WITH_IPAUTH if((!is_method("REGISTER")) && allow_source_address()) { # source IP allowed return; } #!endif
if (is_method("REGISTER") || from_uri==myself) { # authenticate requests if (!auth_check("$fd", "subscriber", "1")) { auth_challenge("$fd", "0"); exit; } # user authenticated - remove auth header if(!is_method("REGISTER|PUBLISH")) consume_credentials(); } # if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (from_uri!=myself && uri!=myself) { sl_send_reply("403","Not relaying"); exit; }
#!endif return; }
route[FSINBOUND] { if($si== $sel(cfg_get.freeswitch.bindip) && $sp==$sel(cfg_get.freeswitch.bindport)) return 1; return -1; }
I have set "WITH_AUTH" and "WITH_FREESWITCH". Let me know, if any more details are required.
System configuration: Ubuntu: 12.04 LTS Kamailio: 4.1.5 (x86_64/linux) Freeswitch: 1.4.7 stable release
-- Thanks and Regards, Ashwin Jain
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Ashwin Jain -
Daniel-Constantin Mierla