Benoit Panizzon
2017-May-22 15:11 UTC
[asterisk-users] SIP Trunk over Proxy (matching ip of outbound proxy in incomming calls)
Hello List I work at an SIP Provider and we have added and SBC in front of our Voice Switch to protect it. This requires all our SIP Trunk customers to register via a 'proxy'. I struggle with Asterisk to work over a proxy. This is what I have done so far. register => username at sip.example.com:password at sbc.example.com This works fine, asterisk is sending registrations via the SBC to the voice switch defined by URI. [username] type=peer secret=password host=sip.example.com outboundproxy=sbc.example.com context=from-ISP-X From the Dialplan that string is dialed: Dial(SIP/username/${EXTEN}) This works fine, asterisk sends the call to the outboundproxy defined in the sip.conf section of [username]. Before adding outboundproxy setting, incomming calls were matched because they originated from the host and passed to the correct context. I have set allowguest=no to challenge all those sip attackers in [default] who occasionaly managed to call internal extensions defined there. Now incomming calls do not originate from the ip of sip.example.com anymore, but from the ip of sbc.example.com and are not set to the context [from-ISP-X] but probably to [default] and challenged. Of course, I could allow guests, but that would bring back the problem of having unwanted calls from sip scanners. So how do I tell the asterisk to also match calls from the ip of the outbound proxy? -Beno?t Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________
Kseniya Blashchuk
2017-May-22 18:34 UTC
[asterisk-users] SIP Trunk over Proxy (matching ip of outbound proxy in incomming calls)
Not sure maybe there's a better solution but I thought about using another peer with type=user for incoming connections. On Mon, May 22, 2017, 6:13 PM Benoit Panizzon <benoit.panizzon at imp.ch> wrote:> Hello List > > I work at an SIP Provider and we have added and SBC in front of our > Voice Switch to protect it. > > This requires all our SIP Trunk customers to register via a 'proxy'. > > I struggle with Asterisk to work over a proxy. > > This is what I have done so far. > > register => username at sip.example.com:password at sbc.example.com > > This works fine, asterisk is sending registrations via the SBC to the > voice switch defined by URI. > > [username] > type=peer > secret=password > host=sip.example.com > outboundproxy=sbc.example.com > context=from-ISP-X > > From the Dialplan that string is dialed: > > Dial(SIP/username/${EXTEN}) > > This works fine, asterisk sends the call to the outboundproxy defined > in the sip.conf section of [username]. > > Before adding outboundproxy setting, incomming calls were > matched because they originated from the host and passed to the correct > context. > > I have set allowguest=no to challenge all those sip attackers in > [default] who occasionaly managed to call internal extensions defined > there. > > Now incomming calls do not originate from the ip of sip.example.com > anymore, but from the ip of sbc.example.com and are not set to the > context [from-ISP-X] but probably to [default] and challenged. > > Of course, I could allow guests, but that would bring back the problem > of having unwanted calls from sip scanners. > > So how do I tell the asterisk to also match calls from the ip of the > outbound proxy? > > -Beno?t Panizzon- > -- > I m p r o W a r e A G - Leiter Commerce Kunden > ______________________________________________________ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 Pratteln Fax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > ______________________________________________________ > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170522/8338bfc1/attachment.html>
Benoit Panizzon
2017-Aug-28 08:45 UTC
[asterisk-users] Outbound Calls via Proxy to use Call ID from registration
Hello List> I work at an SIP Provider and we have added and SBC in front of our > Voice Switch to protect it.Well using two peers for incomming and outgoing calls solve the previous issue. Now I have a new one. The SBC in use needs to match incomming calls from the asterisk with the call id used in the registration. We have tested this with a couple of PBX, which do use the call ID used during registration automatically for outbound invites. Not so my asterisk server. So I assumed that when I refer to a 'peer' definition in the register statement, I could make asterisk understand, that the registration and outgoing peers belong together and then use the same call ID. But how do I refer to a peer in the registration statement? I did try different variants of: register => sip-user at sip-outbound [sip-outbound] username=sip-user secret=go-fishing type=peer host=asterisk-pbs.example.com outboundproxy=ip.address.of.proxy insecure=invite,port qualify=yes dtfmmode=auto canreinvite=yes context=from-sip nat=no t38pt_udptl=yes But that is not matching. If course if I do: register=>sip-user at asterisk-pbs.example.com:go-fishing at ip.address.of.proxy registration is successfull, but invites sent via dial sip://callerid at sip-outbound do not match the call ID used during registration. Anyone a hint how to make asterisk properly use the call ID of the registration? -Beno?t Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________
Joshua Colp
2017-Aug-28 09:51 UTC
[asterisk-users] Outbound Calls via Proxy to use Call ID from registration
On Mon, Aug 28, 2017, at 05:45 AM, Benoit Panizzon wrote:> Hello List > > > I work at an SIP Provider and we have added and SBC in front of our > > Voice Switch to protect it. > > Well using two peers for incomming and outgoing calls solve the > previous issue. > > Now I have a new one. > > The SBC in use needs to match incomming calls from the asterisk with > the call id used in the registration. > > We have tested this with a couple of PBX, which do use the call ID used > during registration automatically for outbound invites. > > Not so my asterisk server. > > So I assumed that when I refer to a 'peer' definition in the register > statement, I could make asterisk understand, that the registration and > outgoing peers belong together and then use the same call ID.Can you define what exactly you mean by call id? If you are referring to the Call-ID SIP header that's not how it works. It's unique within a dialog and not reused like that[1][2]. [1] https://tools.ietf.org/html/rfc3261#page-37 [2] https://tools.ietf.org/html/rfc3261#section-20.8 -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org