Discussion:
[SR-Users] Kamailio fronting Freeswitch authentication
Ashwin Jain
2014-09-22 13:28:40 UTC
Permalink
Hi all,

I am using Kamailio to front my freeswitch servers and it is working great.
I am getting some problems with authentication, sometimes users which are
not registered with kamailio are also able to make calls. I have a feeling
that I am doing something really silly with kamailio routing. Following is
the AUTH route that I am using, please let me know I am missing something
very obvious.

route[AUTH] {
#!ifdef WITH_AUTH

#!ifdef WITH_FREESWITCH
if(route(FSINBOUND))
return;
#!endif

#!ifdef WITH_IPAUTH
if((!is_method("REGISTER")) && allow_source_address())
{
# source IP allowed
return;
}
#!endif

if (is_method("REGISTER") || from_uri==myself)
{
# authenticate requests
if (!auth_check("$fd", "subscriber", "1")) {
auth_challenge("$fd", "0");
exit;
}
# user authenticated - remove auth header
if(!is_method("REGISTER|PUBLISH"))
consume_credentials();
}
# if caller is not local subscriber, then check if it calls
# a local destination, otherwise deny, not an open relay here
if (from_uri!=myself && uri!=myself)
{
sl_send_reply("403","Not relaying");
exit;
}

#!endif
return;
}

route[FSINBOUND] {
if($si== $sel(cfg_get.freeswitch.bindip) &&
$sp==$sel(cfg_get.freeswitch.bindport))
return 1;
return -1;
}



I have set "WITH_AUTH" and "WITH_FREESWITCH". Let me know, if any more
details are required.

System configuration:
Ubuntu: 12.04 LTS
Kamailio: 4.1.5 (x86_64/linux)
Freeswitch: 1.4.7 stable release
--
Thanks and Regards,
Ashwin Jain
Ashwin Jain
2014-09-22 08:40:20 UTC
Permalink
Hi all,

I am using Kamailio to front my freeswitch servers and it is working great.
I am getting some problems with authentication, sometimes users which are
not registered with kamailio are also able to make calls. I have a feeling
that I am doing something really silly with kamailio routing. Following is
the AUTH route that I am using, please let me know I am missing something
very obvious.

route[AUTH] {
#!ifdef WITH_AUTH

#!ifdef WITH_FREESWITCH
if(route(FSINBOUND))
return;
#!endif

#!ifdef WITH_IPAUTH
if((!is_method("REGISTER")) && allow_source_address())
{
# source IP allowed
return;
}
#!endif

if (is_method("REGISTER") || from_uri==myself)
{
# authenticate requests
if (!auth_check("$fd", "subscriber", "1")) {
auth_challenge("$fd", "0");
exit;
}
# user authenticated - remove auth header
if(!is_method("REGISTER|PUBLISH"))
consume_credentials();
}
# if caller is not local subscriber, then check if it calls
# a local destination, otherwise deny, not an open relay here
if (from_uri!=myself && uri!=myself)
{
sl_send_reply("403","Not relaying");
exit;
}

#!endif
return;
}

route[FSINBOUND] {
if($si== $sel(cfg_get.freeswitch.bindip) &&
$sp==$sel(cfg_get.freeswitch.bindport))
return 1;
return -1;
}



I have set "WITH_AUTH" and "WITH_FREESWITCH". Let me know, if any more
details are required.

System configuration:
Ubuntu: 12.04 LTS
Kamailio: 4.1.5 (x86_64/linux)
Freeswitch: 1.4.7 stable release
--
Thanks and Regards,
Ashwin Jain
Daniel-Constantin Mierla
2014-09-23 06:50:55 UTC
Permalink
Hello,

so they can call without being asked for password? Are they valid users
anyhow or unknown ones. Were you able to grab a sip trace for such
calls? If yes, send it here.

What I would recommend, is to enable cfgtrace from debugger module and
see what actions are executed from configuration file.

Cheers,
Daniel
Post by Ashwin Jain
Hi all,
I am using Kamailio to front my freeswitch servers and it is working
great. I am getting some problems with authentication, sometimes users
which are not registered with kamailio are also able to make calls. I
have a feeling that I am doing something really silly with kamailio
routing. Following is the AUTH route that I am using, please let me
know I am missing something very obvious.
route[AUTH] {
#!ifdef WITH_AUTH
#!ifdef WITH_FREESWITCH
if(route(FSINBOUND))
return;
#!endif
#!ifdef WITH_IPAUTH
if((!is_method("REGISTER")) && allow_source_address())
{
# source IP allowed
return;
}
#!endif
if (is_method("REGISTER") || from_uri==myself)
{
# authenticate requests
if (!auth_check("$fd", "subscriber", "1")) {
auth_challenge("$fd", "0");
exit;
}
# user authenticated - remove auth header
if(!is_method("REGISTER|PUBLISH"))
consume_credentials();
}
# if caller is not local subscriber, then check if it calls
# a local destination, otherwise deny, not an open relay here
if (from_uri!=myself && uri!=myself)
{
sl_send_reply("403","Not relaying");
exit;
}
#!endif
return;
}
route[FSINBOUND] {
if($si== $sel(cfg_get.freeswitch.bindip) &&
$sp==$sel(cfg_get.freeswitch.bindport))
return 1;
return -1;
}
I have set "WITH_AUTH" and "WITH_FREESWITCH". Let me know, if any more
details are required.
Ubuntu: 12.04 LTS
Kamailio: 4.1.5 (x86_64/linux)
Freeswitch: 1.4.7 stable release
--
Thanks and Regards,
Ashwin Jain
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany
Loading...