Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IP Ranges In Asterisk SIP Peers

Posted on 2009-05-18
11
Medium Priority
?
1,726 Views
Last Modified: 2013-12-21
Is it possible to have IP ranges (or subnets) in peer definitions in Asterisk? Currently, I allow everything through and then run an AGI script to check the incoming IP to see if it's valid. I know I can create a peer with a single host ip, but some of my suppliers send me calls from whole subnets.

What I'm trying to achieve is verification of inbound calls on IP and, if required, username & password. I then want to send the verified inbound calls to a definable context. I also know I can set up a dynamic host with username & password verification and I could go on to verify the IP within the context but I'm trying to be flexible and allow either/or in a single method for ease of writing configuration screens.

Am I barking up the wrong tree here, or just barking?

Thanks.
0
Comment
Question by:davidwylie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24418626
If I have this right...you want to send calls to a specific context, depending on which IP subnet it's coming from.... ?

If that is right, then I think a reasonable approach would be to evaluate SIPCHANINFO(recvip) to a variable, from within the dialplan...using IF or GOTOIF functions to send it to specific context extension based on your arguments.

http://www.voip-info.org/wiki/view/Asterisk+func+sipchaninfo

exten => s,1,Set(IPSUBNET=${SIPCHANINFO(recvip)}:0:9)
'If the sip peer's ip was 192.168.6.120, then ${IPSUBNET} would equal 192.168.6.
...or....you could evaluate it all in one line like this...
exten => s,n,GotoIf($["${SIPCHANINFO(recvip):0:9}" = "192.168.6."]?pass:fail)

Never tried this myself, so this is just a suggestion.... let me know if it works..
0
 

Author Comment

by:davidwylie
ID: 24419166
Hi,
thanks for your reply. We are currently using an AGI script to do the same thing. The dial plan essentially does this :

exten=>_X.,1,Set(myContext=failed)
exten=>_X.,n,Agi(check-ip.pl)
exten=>_X.,n,Goto(myContext,s,1)
exten=>_X.,n,Hangup(34)

The AGI script then checks the inbound IP against a table which can be web configured to add clients. The table returns a client id and a context which the dial plan can then go on to process. I wanted to remove this step and handle the IP check inside Asterisk itself from within SIP.CONF. It just looks like it should be able to be done, but no combination I try seems to do it.

Maybe it's just not possible? I can find nothing on the web.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24422339
Ok, cool....

In sip.conf, you can allow or deny subnets and hosts globally, and you can assign each peer a specific host address or hostname.  I don't think it is possible to assign a peer to a subnet in the peer definition however.....

For example, if you defined a peer with Host=10.1.1.29.... that would be fine if the host IP address never changes on that device.  The peer wouldn't be able to register, unless the host IP, or hostname matched (e.g. Sipura117272.yourdomain.com).  If the IP address or hostname matched, then the device would register, and the peer would be able to access the dialplan begining from the starting context specified in the peer definition.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24442038
"I don't think it is possible to assign a peer to a subnet in the peer definition however..... "

I was wrong on this apparently...

You can use Permit, Deny with peer definitions.
http://www.voip-info.org/wiki/view/Asterisk+sip+permit-deny-mask
0
 

Author Comment

by:davidwylie
ID: 24442138
Hi,
I had already tried that, but I'll try it again because sometimes you can't see the wood for the trees.

Thanks,
0
 
LVL 25

Accepted Solution

by:
Ron Malmstead earned 1000 total points
ID: 24443073
If you make changes to sip.conf, just make sure you reload sip.conf from the asterisk cli for the changes to take affect and allow time for phones to reregister in order to see if it works...

....i'm sure you already knew that but I had to say it anyway.
0
 

Author Comment

by:davidwylie
ID: 24446100
Hi,
ok, it works.

The confusing thing is that changes to permit/deny require you to shut down asterisk for any changes to  take effect. This I did not realise so all my previous testing is void.

Thanks for your input on this. Got there in the end!


0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24446374
You can type "SIP RELOAD" at the Asterisk CLI, which will reload the sip.conf file without having to restart Asterisk completely.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24446384
Also... I think it only applies the ip subnet changes after the client attempts to re-register... restarting asterisk forces them to re-register.
0
 

Author Comment

by:davidwylie
ID: 24446940
the changes do not reload on SIP RELOAD nor on RELOAD.
Not on mine at least ....

Also, I'm not registering. This is for inbound calls from telcos without registration.

I'm going to upgrade to 1.6 tomorrow to see if this allows me to reload the config. Unless I'm doing something blindlingly obviously wrong.

0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24451829
Are you issuing the command from the Asterisk CLI ?

To start the * CLI, type  ASTERISK -r, on the linux command shell.

Then issue a SIP RELOAD...

This will force asterisk to parse the sip.conf file.  However, I suspect that changes to peer permit / deny definitions wouldn't take affect until a phone, softphone, or another pbx re-registers.  Even if you are recieving an inbound call from another telco over sip, and even if you are not using authentication, there is still a registration process involved.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The point of this post is to give you a copy/paste installation solution to setting up Asterisk 1.6 on Ubuntu 9.04 (or similar) server. # Setup the system apt-get install subversion apt-get install make apt-get install linux-source kernel-p…
The Zaptel people (www.zaptel.com) got kind of annoyed with the fact that they were getting bombarded with searches for the zaptel driver system for Asterisk (not to mention they own the trademark on zaptel). So, they kindly requested that Digium ch…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question