Brian J. Murrell
2019-Mar-01 20:33 UTC
[asterisk-users] pjsip: don't require authentication from remote i register to
On Fri, 2019-03-01 at 14:15 -0500, Joshua C. Colp wrote:> you can try line functionality on the outbound registration which > may or may not work[2] (requires the upstream to adhere to the RFC, > which not all do).My provider seems to implement this. However even with the line=... in the: SIP to address: sip:5555551212@<my_IP_address>:5060;line=dpnlyiu res_pjsip is still sending a 401 challenge. Removing the: auth=itsp-auth from my endpoint [template]: [itsp-endpoint](!) Has stopped pjsip from sending a 401 when my ITSP sends a SIP MESSAGE, but do I really want to have that endpoint without authentication? Cheers, b. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20190301/0b7cc526/attachment.sig>
Joshua C. Colp
2019-Mar-01 20:41 UTC
[asterisk-users] pjsip: don't require authentication from remote i register to
On Fri, Mar 1, 2019, at 4:33 PM, Brian J. Murrell wrote:> On Fri, 2019-03-01 at 14:15 -0500, Joshua C. Colp wrote: > > you can try line functionality on the outbound registration which > > may or may not work[2] (requires the upstream to adhere to the RFC, > > which not all do). > > My provider seems to implement this. > > However even with the line=... in the: > > SIP to address: sip:5555551212@<my_IP_address>:5060;line=dpnlyiu > > res_pjsip is still sending a 401 challenge. > > Removing the: > > auth=itsp-auth > > from my endpoint [template]: > > [itsp-endpoint](!) > > Has stopped pjsip from sending a 401 when my ITSP sends a SIP MESSAGE, > but do I really want to have that endpoint without authentication?I don't understand what you mean. Your ITSP has stated that they don't want you to do authentication with them, so you can't. If you are referring to the template - it's a template so by itself does not create an endpoint. -- Joshua C. Colp Digium - A Sangoma Company | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org
Brian J. Murrell
2019-Mar-01 20:50 UTC
[asterisk-users] pjsip: don't require authentication from remote i register to
On Fri, 2019-03-01 at 15:41 -0500, Joshua C. Colp wrote:> > I don't understand what you mean. Your ITSP has stated that they > don't want you to do authentication with them, so you can't.They are implying, as I am understanding them, that somehow SIP packets they send me shouldn't need to be authenticated because they are associated (i.e. "identify"ed in pjsip nomenclature) with my registration to them. It all sounds suspect to me but that's what I am understanding them to be saying. Ultimately, if I have this endpoint and it's unauthenticated, does it create a security risk? I suppose anyone could forge a UDP packet as coming from their IP address, and as it's "identify"ed by IP on my side and I would accept it without authentication being necessary. But then I suppose they are only getting access to being able to connect into an incoming dialplan context, so ringing extensions here, but not being able to launch in and outbound (money costing) phone call, at least without there being dialplan support to make outgoing calls when calling in (i.e. like a calling card application or somesuch, which should have it's own authentication anyway).> If you are referring to the template - it's a template so by itself > does not create an endpoint.Yes, completely understood. b. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20190301/4d02a88e/attachment.sig>
Possibly Parallel Threads
- pjsip: don't require authentication from remote i register to
- pjsip: don't require authentication from remote i register to
- Asterisk 13.6 + pjsip: sip2sip registers but incoming calls get "No matching endpoint found".
- PJSIP Losing knowledge of external_media_address
- PJSIP Losing knowledge of external_media_address