IP Ranges In Asterisk SIP Peers

Is it possible to have IP ranges (or subnets) in peer definitions in Asterisk? Currently, I allow everything through and then run an AGI script to check the incoming IP to see if it's valid. I know I can create a peer with a single host ip, but some of my suppliers send me calls from whole subnets.

What I'm trying to achieve is verification of inbound calls on IP and, if required, username & password. I then want to send the verified inbound calls to a definable context. I also know I can set up a dynamic host with username & password verification and I could go on to verify the IP within the context but I'm trying to be flexible and allow either/or in a single method for ease of writing configuration screens.

Am I barking up the wrong tree here, or just barking?

Thanks.
davidwylieAsked:
Who is Participating?
 
Ron MalmsteadConnect With a Mentor Information Services ManagerCommented:
If you make changes to sip.conf, just make sure you reload sip.conf from the asterisk cli for the changes to take affect and allow time for phones to reregister in order to see if it works...

....i'm sure you already knew that but I had to say it anyway.
0
 
Ron MalmsteadInformation Services ManagerCommented:
If I have this right...you want to send calls to a specific context, depending on which IP subnet it's coming from.... ?

If that is right, then I think a reasonable approach would be to evaluate SIPCHANINFO(recvip) to a variable, from within the dialplan...using IF or GOTOIF functions to send it to specific context extension based on your arguments.

http://www.voip-info.org/wiki/view/Asterisk+func+sipchaninfo

exten => s,1,Set(IPSUBNET=${SIPCHANINFO(recvip)}:0:9)
'If the sip peer's ip was 192.168.6.120, then ${IPSUBNET} would equal 192.168.6.
...or....you could evaluate it all in one line like this...
exten => s,n,GotoIf($["${SIPCHANINFO(recvip):0:9}" = "192.168.6."]?pass:fail)

Never tried this myself, so this is just a suggestion.... let me know if it works..
0
 
davidwylieAuthor Commented:
Hi,
thanks for your reply. We are currently using an AGI script to do the same thing. The dial plan essentially does this :

exten=>_X.,1,Set(myContext=failed)
exten=>_X.,n,Agi(check-ip.pl)
exten=>_X.,n,Goto(myContext,s,1)
exten=>_X.,n,Hangup(34)

The AGI script then checks the inbound IP against a table which can be web configured to add clients. The table returns a client id and a context which the dial plan can then go on to process. I wanted to remove this step and handle the IP check inside Asterisk itself from within SIP.CONF. It just looks like it should be able to be done, but no combination I try seems to do it.

Maybe it's just not possible? I can find nothing on the web.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Ron MalmsteadInformation Services ManagerCommented:
Ok, cool....

In sip.conf, you can allow or deny subnets and hosts globally, and you can assign each peer a specific host address or hostname.  I don't think it is possible to assign a peer to a subnet in the peer definition however.....

For example, if you defined a peer with Host=10.1.1.29.... that would be fine if the host IP address never changes on that device.  The peer wouldn't be able to register, unless the host IP, or hostname matched (e.g. Sipura117272.yourdomain.com).  If the IP address or hostname matched, then the device would register, and the peer would be able to access the dialplan begining from the starting context specified in the peer definition.
0
 
Ron MalmsteadInformation Services ManagerCommented:
"I don't think it is possible to assign a peer to a subnet in the peer definition however..... "

I was wrong on this apparently...

You can use Permit, Deny with peer definitions.
http://www.voip-info.org/wiki/view/Asterisk+sip+permit-deny-mask
0
 
davidwylieAuthor Commented:
Hi,
I had already tried that, but I'll try it again because sometimes you can't see the wood for the trees.

Thanks,
0
 
davidwylieAuthor Commented:
Hi,
ok, it works.

The confusing thing is that changes to permit/deny require you to shut down asterisk for any changes to  take effect. This I did not realise so all my previous testing is void.

Thanks for your input on this. Got there in the end!


0
 
Ron MalmsteadInformation Services ManagerCommented:
You can type "SIP RELOAD" at the Asterisk CLI, which will reload the sip.conf file without having to restart Asterisk completely.
0
 
Ron MalmsteadInformation Services ManagerCommented:
Also... I think it only applies the ip subnet changes after the client attempts to re-register... restarting asterisk forces them to re-register.
0
 
davidwylieAuthor Commented:
the changes do not reload on SIP RELOAD nor on RELOAD.
Not on mine at least ....

Also, I'm not registering. This is for inbound calls from telcos without registration.

I'm going to upgrade to 1.6 tomorrow to see if this allows me to reload the config. Unless I'm doing something blindlingly obviously wrong.

0
 
Ron MalmsteadInformation Services ManagerCommented:
Are you issuing the command from the Asterisk CLI ?

To start the * CLI, type  ASTERISK -r, on the linux command shell.

Then issue a SIP RELOAD...

This will force asterisk to parse the sip.conf file.  However, I suspect that changes to peer permit / deny definitions wouldn't take affect until a phone, softphone, or another pbx re-registers.  Even if you are recieving an inbound call from another telco over sip, and even if you are not using authentication, there is still a registration process involved.
0
All Courses

From novice to tech pro — start learning today.