Pavel
2019-Apr-22 17:09 UTC
[asterisk-users] Incoming SIP call, outgoing SIP registration. PJSIP.
Hi, Thank for your answer. 22.04.2019 23:47, Joshua C. Colp пишет:> On Mon, Apr 22, 2019, at 1:43 PM, Pavel wrote: >> Hi, >> >> Got problems with incoming SIP calls. >> >> Scenario: >> >> Server1: 3cx or any other server >> >> Server2: Asterisk 16.2.1 . PJPROJECT 2.8 >> >> Server2 registers on Server1 with SIP ID 1121. >> >> Registration is OK. >> >> Server2 outgoing calls are OK. >> >> INVITE, unauthorized, INVITE with password, OK, RINGING,... >> >> Troubles with incoming calls / incoming INVITE's . >> >> I can not identify endpoint by IP, I have multiple registrations on the >> same Server1. >> >> As far as I understood, res_pjsip_endpoint_identifier_user match >> endpoint by "From" header, so it will not match also. >> >> match_headers also seems useless (not able to match "INVITE" string, >> just headers like "TO:"). >> >> Is there any way to match incoming INVITE calls ? (also OPTIONS, NOTIFY, >> ... packets) >> >> It should be a typical scenario, but it does not work... >> >> Is there any way to make it working ? > Outbound registration provides the line option[1] which can be used to differentiate traffic in regards to different outbound registrations. It requires the remote server to adhere to the SIP RFC and report back some data we give in our Contact, so you have to test it and see if it works. > > [1] https://blogs.asterisk.org/2016/01/27/the-pjsip-outbound-registration-line-option/Tried already. "line" is good, but not perfect. Every time I restart asterisk, it will generate new random string for ";line=". So, every time I restart asterisk, registrar (Server1) will save one more contact in it's database. Some will remove obsolete contacts, but some will not. For example, FreePBX will not remove obsolete contacts, if max_contacts specified (FreePBX will set rewrite_contact=no in this case). So, after a number of Asterisk restarts, FreePBX will reject new registrations, as max_contacts is reached. Unfortunately, "line" does not save random between restarts. It's also unable to specify "random" value in pjsip.conf. I'm thinking to patch res_pjsip_outbound_registration to add this feature. Am I wrong and there is another way ? It's also a security hole, as anybody can generate INVITE with ";line=random" from any IP address ! res_pjsip_outbound_registration will only match "line", but will not take care about source IP, ... Is there any more clear way to identify incoming INVITE/OPTIONS packets ? Not very familliar with SIP, not sure, how should it be done. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20190423/f595b2ad/attachment.html>
Joshua C. Colp
2019-Apr-22 17:27 UTC
[asterisk-users] Incoming SIP call, outgoing SIP registration. PJSIP.
On Mon, Apr 22, 2019, at 2:10 PM, Pavel wrote: <snip>> Tried already. > > "line" is good, but not perfect. > > Every time I restart asterisk, it will generate new random string for ";line=". > > So, every time I restart asterisk, registrar (Server1) will save one > more contact in it's database. > > Some will remove obsolete contacts, but some will not. > > For example, FreePBX will not remove obsolete contacts, if max_contacts > specified (FreePBX will set rewrite_contact=no in this case). > > So, after a number of Asterisk restarts, FreePBX will reject new > registrations, as max_contacts is reached.It should specify remove_existing to remove old ones to make room for the new ones. That would be a FreePBX thing, though.> Unfortunately, "line" does not save random between restarts. > > It's also unable to specify "random" value in pjsip.conf. > > > I'm thinking to patch res_pjsip_outbound_registration to add this feature. > > Am I wrong and there is another way ?I don't see any reason why this couldn't be an option.> > It's also a security hole, as anybody can generate INVITE with > ";line=random" from any IP address !You can use an ACL to limit the endpoint to certain source IP addresses.> > res_pjsip_outbound_registration will only match "line", but will not > take care about source IP, ... > > > > Is there any more clear way to identify incoming INVITE/OPTIONS packets ? > > Not very familliar with SIP, not sure, how should it be done.There is no real defined mechanism within SIP to do this. Phones employ different mechanisms to differentiate. Some may use a similar mechanism to the line option. Some run multiple SIP transports on different ports for each account so they can differentiate based on where it came in on. Some look at the request URI coming in. Some just don't care. -- Joshua C. Colp Digium - A Sangoma Company | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org
Pavel
2019-Apr-22 18:31 UTC
[asterisk-users] Incoming SIP call, outgoing SIP registration. PJSIP.
23.04.2019 0:27, Joshua C. Colp wrote:> On Mon, Apr 22, 2019, at 2:10 PM, Pavel wrote: > > <snip> > >> Tried already. >> >> "line" is good, but not perfect. >> >> Every time I restart asterisk, it will generate new random string for ";line=". >> >> So, every time I restart asterisk, registrar (Server1) will save one >> more contact in it's database. >> >> Some will remove obsolete contacts, but some will not. >> >> For example, FreePBX will not remove obsolete contacts, if max_contacts >> specified (FreePBX will set rewrite_contact=no in this case). >> >> So, after a number of Asterisk restarts, FreePBX will reject new >> registrations, as max_contacts is reached. > It should specify remove_existing to remove old ones to make room for the new ones. That would be a FreePBX thing, though.FreePBX is an example, where it can be a critical problem. 3cx will work, but if you will restart asterisk 10 times - you will see 10 times more contacts in 3cx. When you will make call from 3cx - it will make 10 calls (10 contacts), untill they will obsolete...>> Unfortunately, "line" does not save random between restarts. >> >> It's also unable to specify "random" value in pjsip.conf. >> >> >> I'm thinking to patch res_pjsip_outbound_registration to add this feature. >> >> Am I wrong and there is another way ? > I don't see any reason why this couldn't be an option.For flexibility. Not to register new fake contacts in peer PBX.>> It's also a security hole, as anybody can generate INVITE with >> ";line=random" from any IP address ! > You can use an ACL to limit the endpoint to certain source IP addresses.5+ ! Thank you, ACL is a good idea !>> res_pjsip_outbound_registration will only match "line", but will not >> take care about source IP, ... >> >> >> >> Is there any more clear way to identify incoming INVITE/OPTIONS packets ? >> >> Not very familliar with SIP, not sure, how should it be done. > There is no real defined mechanism within SIP to do this. Phones employ different mechanisms to differentiate. Some may use a similar mechanism to the line option. Some run multiple SIP transports on different ports for each account so they can differentiate based on where it came in on. Some look at the request URI coming in. Some just don't care.Sniffered some time ago how it's done in phonerlite, jitsi, linksys, ... Some use different port, some use ";rinstance=", the same like ";line=" in asterisk. Was not sure it's a right way to go. I will probably extend "line" a bit to specify it's value in pjsip.conf . It will be less than 10 lines of code. Thank you very much ! Your help will simplify my life a lot :-)