Discussion:
[SR-Users] No need for Authentication... Why?
(too old to reply)
Manuel Camarg
2014-10-12 14:26:09 UTC
Permalink
Raw Message
Following this asipto guide:

http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb

I've found that no auth is required to create a communication: Invites are
sent regardless of a previously done auth with the kam's auth_db

I've used this sip checker:
http://www.sinologic.net/proyectos/asterisk/checkSecurity/

Result:

Uh oh! you allow external calls...
Configure better your sip configuration to avoid this calls

SIP/2.0 100 trying -- your call is important to us

What is missing in the config file explained in the guide?

Manuel
Daniel-Constantin Mierla
2014-10-14 08:12:28 UTC
Permalink
Raw Message
Post by Manuel Camarg
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
I've found that no auth is required to create a communication: Invites
are sent regardless of a previously done auth with the kam's auth_db
http://www.sinologic.net/proyectos/asterisk/checkSecurity/
Uh oh! you allow external calls...
Configure better your sip configuration to avoid this calls
SIP/2.0 100 trying -- your call is important to us
What is missing in the config file explained in the guide?
By default with kamailio.cfg we are open for interconnect, thus allowing
calls from users of external voip services to local users and from local
users to users of external voip services.

If you want to block that, you can change the config so only users with
local domains are allowed to use the service.

Also, the tutorial is more like getting started with kamailio and
asterisk, you have to tailor it to your needs and constraints you want
to have. You can take the tutorials as a basis to build another one
which is more restrictive and publish it for people that will have same
interests.

Cheers,
Daniel
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Manuel Camarg
2014-10-14 19:11:09 UTC
Permalink
Raw Message
Post by Daniel-Constantin Mierla
If you want to block that, you can change the config so only users with
local domains are allowed to use the service.
Thanks Daniel,

Where shall I look in the docs to find info about this?

Regards



*Manuel Camargo*
Teléfono: 638000836
eMail: sir.louen-***@public.gmane.org
<https://twitter.com/SirLouen>
[image: Ver el perfil de Manuel Camargo Lominchar en LinkedIn]
<http://es.linkedin.com/in/louen>
Post by Daniel-Constantin Mierla
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
I've found that no auth is required to create a communication: Invites are
sent regardless of a previously done auth with the kam's auth_db
http://www.sinologic.net/proyectos/asterisk/checkSecurity/
Uh oh! you allow external calls...
Configure better your sip configuration to avoid this calls
SIP/2.0 100 trying -- your call is important to us
What is missing in the config file explained in the guide?
Manuel
Daniel-Constantin Mierla
2014-10-15 10:27:37 UTC
Permalink
Raw Message
Post by Manuel Camarg
Post by Daniel-Constantin Mierla
If you want to block that, you can change the config so only users with
local domains are allowed to use the service.
Thanks Daniel,
Where shall I look in the docs to find info about this?
It is a matter of config file, mainly the route[AUTH] -- remove the if
condition about what has to be authenticated and authenticate all the
requests.

Cheers,
Daniel
Post by Manuel Camarg
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
Invites are sent regardless of a previously done auth with the
kam's auth_db
http://www.sinologic.net/proyectos/asterisk/checkSecurity/
Uh oh! you allow external calls...
Configure better your sip configuration to avoid this calls
SIP/2.0 100 trying -- your call is important to us
What is missing in the config file explained in the guide?
Manuel
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Manuel Camarg
2014-10-17 16:08:44 UTC
Permalink
Raw Message
Post by Daniel-Constantin Mierla
It is a matter of config file, mainly the route[AUTH] -- remove the if
condition about what has to be authenticated and authenticate all the
requests.
Cheers,
Daniel
Perfect, solved the issue :)

Regards

Manuel

Loading...