<div dir="ltr">Well, this <div><br></div><div><span style="font-family:arial,sans-serif;font-size:13px"><b>if (from_uri!=myself && uri!=myself)</b></span><br></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div><div><span style="font-family:arial,sans-serif;font-size:13px">Means neither source nor destination is our user. Which implies that if our domain is A, then call from domain "B to C" is not possible. However, calls from "B or C to A" and "A to B or C" are possible. That is way an unauthorized user gets passed and reaches asterisk. Asterisk accepts it since call is coming from kamailio and tries to route it back to kamailio, where kamailio finds user online and thus it goes through.</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13px">You should really break down this,</span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div><div><div><span style="font-family:arial,sans-serif;font-size:13px"><b>if (from_uri!=myself && uri!=myself)</b></span><br></div></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div><div><span style="font-family:arial,sans-serif;font-size:13px">into something like this for clarity,</span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><div><b><i><span style="font-family:arial,sans-serif;font-size:13px">if (from_uri!=myself) {</span><br>
</i></b></div></div><div><span style="font-family:arial,sans-serif;font-size:13px"><b><i> if (uri!=myself) {</i></b></span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><b><i> # neither source nor destination is our user</i></b></span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><b><i> } else {</i></b></span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><b><i> # source is not our user but destination is our user</i></b></span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><b><i> };</i></b></span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><b><i>} else {</i></b></span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><b><i> if (uri!=myself) {</i></b></span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><b><i> # source is our user but destination is not our user</i></b></span></div><div><font face="arial, sans-serif"><b><i> } else {</i></b></font></div>
<div><font face="arial, sans-serif"><b><i> # both source and destination are our users</i></b></font></div><div><font face="arial, sans-serif"><b><i> };</i></b></font></div><div><font face="arial, sans-serif"><b><i>};</i></b></font></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13px">Hope this helps.</span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div><div><span style="font-family:arial,sans-serif;font-size:13px">Thank you.</span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><br></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Fri, Jul 11, 2014 at 5:36 PM, <span dir="ltr"><<a href="mailto:g.aloitus@gmail.com" target="_blank">g.aloitus@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
I'm using Kamailio version 4.1.4+precise (amd64).<br>
<br>
I have followed "Kamailio 4.0.x and Asterisk 11.3.0 Realtime Integration using Asterisk Database" (<a href="http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb" target="_blank">http://kb.asipto.com/<u></u>asterisk:realtime:kamailio-4.<u></u>0.x-asterisk-11.3.0-astdb</a>). One main difference in my setup compared to that one is that I continued use of Kamailio's database.<br>
<br>
The problem is as follows:<br>
<br>
I decided to put Kamailio and through it Asterisk reachable from internet. I have tried to configure Asterisk so that only calls of registered users would be possible, and they could only call to other registered users or conference rooms and echo test number.<br>
<br>
Then I took the following steps:<br>
<br>
I ensured that there was no online users with kamctl online. Then I launched MicroSIP (<a href="http://www.microsip.org" target="_blank">www.microsip.org</a>), but I did not defined account, I simply set the protocol to tls and media encryption to mandatory, because I'm using these.<br>
<br>
I called to extension with xxx@my.public.ip.address (where xxx is extension) getting "unauthorized". And that was what I wanted.<br>
<br>
But if there is online users, calls go through, and incoming call is coming from Asterisk (in syslog I can find out that src_user=asterisk).<br>
<br>
Kamailio and Asterisk are listening the same IP address, but different port. I have refused connections to the Asterisk's port with iptables.<br>
<br>
I have defined my public IP address as domain in sip.conf. There is also other domain defined which corresponds to users' domain I am using in Kamailio's database.<br>
<br>
In kamailio.cfg there is if statement which prevents Kamailio not to be open relay:<br>
<br>
if (from_uri!=myself && uri!=myself)<br>
...<br>
<br>
If I change this for example:<br>
<br>
if (from_uri!=myself || uri!=myself)<br>
<br>
I get what I want this time: no calls from outside, but I somewhat think that this is not a final solution.<br>
<br>
I have not found from log files such information which would have helped me. I have not yet investigated this problem so much that I could tell the logic behind the selection of online user's identity which is used. However, if I make a call to conference room I notice that Asterisk is thinking that one of online users has joined the conference.<br>
<br>
If I can recall correctly, I started with Kamailio version 3.2, and integrated it with Asterisk 11 (currently 11.10.2). Is there something which has changed in Kamailio, but what I have not changed in my setup which could explain this.<br>
<br>
Best,<br>
<br>
Teijo<br>
<br>
______________________________<u></u>_________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/<u></u>cgi-bin/mailman/listinfo/sr-<u></u>users</a><br>
</blockquote></div><br></div>