Solved

IP Ranges In Asterisk SIP Peers

Posted on 2009-05-18
11
1,454 Views
Last Modified: 2013-12-21
Is it possible to have IP ranges (or subnets) in peer definitions in Asterisk? Currently, I allow everything through and then run an AGI script to check the incoming IP to see if it's valid. I know I can create a peer with a single host ip, but some of my suppliers send me calls from whole subnets.

What I'm trying to achieve is verification of inbound calls on IP and, if required, username & password. I then want to send the verified inbound calls to a definable context. I also know I can set up a dynamic host with username & password verification and I could go on to verify the IP within the context but I'm trying to be flexible and allow either/or in a single method for ease of writing configuration screens.

Am I barking up the wrong tree here, or just barking?

Thanks.
0
Comment
Question by:davidwylie
  • 7
  • 4
11 Comments
 
LVL 25

Expert Comment

by:Ron M
ID: 24418626
If I have this right...you want to send calls to a specific context, depending on which IP subnet it's coming from.... ?

If that is right, then I think a reasonable approach would be to evaluate SIPCHANINFO(recvip) to a variable, from within the dialplan...using IF or GOTOIF functions to send it to specific context extension based on your arguments.

http://www.voip-info.org/wiki/view/Asterisk+func+sipchaninfo

exten => s,1,Set(IPSUBNET=${SIPCHANINFO(recvip)}:0:9)
'If the sip peer's ip was 192.168.6.120, then ${IPSUBNET} would equal 192.168.6.
...or....you could evaluate it all in one line like this...
exten => s,n,GotoIf($["${SIPCHANINFO(recvip):0:9}" = "192.168.6."]?pass:fail)

Never tried this myself, so this is just a suggestion.... let me know if it works..
0
 

Author Comment

by:davidwylie
ID: 24419166
Hi,
thanks for your reply. We are currently using an AGI script to do the same thing. The dial plan essentially does this :

exten=>_X.,1,Set(myContext=failed)
exten=>_X.,n,Agi(check-ip.pl)
exten=>_X.,n,Goto(myContext,s,1)
exten=>_X.,n,Hangup(34)

The AGI script then checks the inbound IP against a table which can be web configured to add clients. The table returns a client id and a context which the dial plan can then go on to process. I wanted to remove this step and handle the IP check inside Asterisk itself from within SIP.CONF. It just looks like it should be able to be done, but no combination I try seems to do it.

Maybe it's just not possible? I can find nothing on the web.
0
 
LVL 25

Expert Comment

by:Ron M
ID: 24422339
Ok, cool....

In sip.conf, you can allow or deny subnets and hosts globally, and you can assign each peer a specific host address or hostname.  I don't think it is possible to assign a peer to a subnet in the peer definition however.....

For example, if you defined a peer with Host=10.1.1.29.... that would be fine if the host IP address never changes on that device.  The peer wouldn't be able to register, unless the host IP, or hostname matched (e.g. Sipura117272.yourdomain.com).  If the IP address or hostname matched, then the device would register, and the peer would be able to access the dialplan begining from the starting context specified in the peer definition.
0
 
LVL 25

Expert Comment

by:Ron M
ID: 24442038
"I don't think it is possible to assign a peer to a subnet in the peer definition however..... "

I was wrong on this apparently...

You can use Permit, Deny with peer definitions.
http://www.voip-info.org/wiki/view/Asterisk+sip+permit-deny-mask
0
 

Author Comment

by:davidwylie
ID: 24442138
Hi,
I had already tried that, but I'll try it again because sometimes you can't see the wood for the trees.

Thanks,
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 25

Accepted Solution

by:
Ron M earned 250 total points
ID: 24443073
If you make changes to sip.conf, just make sure you reload sip.conf from the asterisk cli for the changes to take affect and allow time for phones to reregister in order to see if it works...

....i'm sure you already knew that but I had to say it anyway.
0
 

Author Comment

by:davidwylie
ID: 24446100
Hi,
ok, it works.

The confusing thing is that changes to permit/deny require you to shut down asterisk for any changes to  take effect. This I did not realise so all my previous testing is void.

Thanks for your input on this. Got there in the end!


0
 
LVL 25

Expert Comment

by:Ron M
ID: 24446374
You can type "SIP RELOAD" at the Asterisk CLI, which will reload the sip.conf file without having to restart Asterisk completely.
0
 
LVL 25

Expert Comment

by:Ron M
ID: 24446384
Also... I think it only applies the ip subnet changes after the client attempts to re-register... restarting asterisk forces them to re-register.
0
 

Author Comment

by:davidwylie
ID: 24446940
the changes do not reload on SIP RELOAD nor on RELOAD.
Not on mine at least ....

Also, I'm not registering. This is for inbound calls from telcos without registration.

I'm going to upgrade to 1.6 tomorrow to see if this allows me to reload the config. Unless I'm doing something blindlingly obviously wrong.

0
 
LVL 25

Expert Comment

by:Ron M
ID: 24451829
Are you issuing the command from the Asterisk CLI ?

To start the * CLI, type  ASTERISK -r, on the linux command shell.

Then issue a SIP RELOAD...

This will force asterisk to parse the sip.conf file.  However, I suspect that changes to peer permit / deny definitions wouldn't take affect until a phone, softphone, or another pbx re-registers.  Even if you are recieving an inbound call from another telco over sip, and even if you are not using authentication, there is still a registration process involved.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The Zaptel people (www.zaptel.com) got kind of annoyed with the fact that they were getting bombarded with searches for the zaptel driver system for Asterisk (not to mention they own the trademark on zaptel). So, they kindly requested that Digium ch…
Implementing Avaya's One-X portal is pretty painless, until you want to deploy this to the Android and iPhone clients when these clients are outside of your network. The clients will also work within your local network. Here is our experience and so…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now