HI ALL got small question i use call-limit=1 on peers but call limit is not working if user is not registered on PBX and making calls so the main question is -- how to Disallow CALLS without registering on PBX -- Best regards Antony tel. +380669197533 tel2. +380636564340 Paypal http://paypal.me/Satskiy <http://paypal.me/Satskiy?ppid=PPC000654&cnac=PL&rsta=en_PL(en_DK)&cust=NN8XJS9XEP22C&unptid=21db79ac-ef8d-11e5-9553-9c8e992ea258&t=&cal=4d776c21ca7d2&calc=4d776c21ca7d2&calf=4d776c21ca7d2&unp_tpcid=ppme-social-business-profile-created&page=main:email&pgrp=main:email&e=op&mchn=em&s=ci&mail=sys> satskiy.a at gmail.com <mail%3Asatskiy.a at gmail.com> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170209/810bcfab/attachment.html>
On Thu, 2017-02-09 at 14:58 +0200, ????? ?????? wrote:> so the main question is -- how to Disallow CALLS without registering > on PBXsip.conf configuration In the [general] section, define: [general] ... allowguest=no alwaysauthreject=yes ... The "allowguest" line disables anonymous SIP calls to your PBX. Some SIP providers connect as a guest user, however, so this may be inappropriate for your situation. Also, if you want to accept anonymous SIP calls, this line would block them, so you wouldn't want that. But it is listed here because it is the safest configuration. The "alwaysauthreject" line is important. This causes a hacker to get the same response from your PBX when they try to guess passwords whether or not they guessed a valid username. This also has the side-effect of making poorly written scanning scripts (the vast majority of hacker scripts seem to be poorly written) take less resources on your Asterisk box, as even if they scan a valid username, they'll think it doesn't exist. (Source: https://www.voip-info.org/wiki/view/Asterisk+security )
Thanks Frank -- but this not a solution
below my current config
[general]
;sms
accept_outofcall_message = yes
outofcall_message_context = messages
auth_message_requests = no
;general
allowguest = no
jbenable = no
jbimpl = adaptive
allow = !all,g722,ulaw,gsm
udpbindaddr = 0.0.0.0
transport = udp
language = ru
context = public
alwaysauthreject = yes
nat = force_rport,comedia
directmedia = no
allowoverlap = no
match_auth_username = yes
progressinband = yes
textsupport = yes
videosupport = yes
maxcallbitrate = 1384
;
sendrpid = pai
rpid_update = yes
pedantic=no
;tos
tos_sip=cs3
tos_audio=ef
tos_video=cs4
2017-02-10 16:40 GMT+02:00 Frank Vanoni <mailinglist at linuxista.com>:
> On Thu, 2017-02-09 at 14:58 +0200, ????? ?????? wrote:
>
>
> > so the main question is -- how to Disallow CALLS without registering
> > on PBX
>
> sip.conf configuration
> In the [general] section, define:
>
>
> [general]
> ...
> allowguest=no
> alwaysauthreject=yes
> ...
>
>
> The "allowguest" line disables anonymous SIP calls to your PBX.
Some SIP
> providers connect as a guest user, however, so this may be inappropriate
> for your situation. Also, if you want to accept anonymous SIP calls,
> this line would block them, so you wouldn't want that. But it is listed
> here because it is the safest configuration.
>
> The "alwaysauthreject" line is important. This causes a hacker to
get
> the same response from your PBX when they try to guess passwords whether
> or not they guessed a valid username. This also has the side-effect of
> making poorly written scanning scripts (the vast majority of hacker
> scripts seem to be poorly written) take less resources on your Asterisk
> box, as even if they scan a valid username, they'll think it
doesn't
> exist.
>
> (Source: https://www.voip-info.org/wiki/view/Asterisk+security )
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
--
Best regards
Antony
tel. +380669197533
tel2. +380636564340
Paypal http://paypal.me/Satskiy
<http://paypal.me/Satskiy?ppid=PPC000654&cnac=PL&rsta=en_PL(en_DK)&cust=NN8XJS9XEP22C&unptid=21db79ac-ef8d-11e5-9553-9c8e992ea258&t=&cal=4d776c21ca7d2&calc=4d776c21ca7d2&calf=4d776c21ca7d2&unp_tpcid=ppme-social-business-profile-created&page=main:email&pgrp=main:email&e=op&mchn=em&s=ci&mail=sys>
satskiy.a at gmail.com <mail%3Asatskiy.a at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20170210/72b1219a/attachment.html>
> On 11/02/2017, at 3:40 am, Frank Vanoni <mailinglist at linuxista.com> wrote: > > On Thu, 2017-02-09 at 14:58 +0200, ????? ?????? wrote: > > >> so the main question is -- how to Disallow CALLS without registering >> on PBX > > sip.conf configuration > In the [general] section, define: > > > [general] > ... > allowguest=no > alwaysauthreject=yes > ...I don't think either of these configuration attributes achieve what the OP requested ("how to Disallow CALLS without registering on PBX"). In fact, I'm not sure that it's actually possible to disallow [authenticated] calls from a peer that hasn't registered! As far as I can tell, 'registration' was never intended to be part of the authentication process. It's sole purpose is to inform the PBX as to the current location of the endpoint. I suspect this means that what the OP is asking for cannot be achieved with the current code bases. But each time I'm proven wrong I learn something, so if I'm wrong then please by all means correct me! :) Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170211/1c6ce7da/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3577 bytes Desc: not available URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170211/1c6ce7da/attachment.bin>