[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sipwitch-devel] howto configure sipwitch to allow ua login from pub
From: |
David Sugar |
Subject: |
Re: [Sipwitch-devel] howto configure sipwitch to allow ua login from public internet |
Date: |
Mon, 09 Jul 2012 10:18:46 -0400 |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 |
The last time we tested tls we had to do a special patch for exosip2.
It did work, but the one essential limitation it has is that exosip can
either do tcp (or tcp/tls) or udp, but cannot both.
I would think it would help to use sipwitch dump feature to see the
contents of the invite being sent. For a call to complete as "local"
the device has to claim it is from a uri hostname sipwitch is told is a
localname, and that the destination uri hostname is also one sipwitch
was told as being a localname.
On 07/09/2012 11:12 AM, Perazim wrote:
> I tried adding:
>
> <local>a.b.c.d/32</local>
>
> to <access> and this allows the device to register.
>
> Can I conclude from this that non-"local" devices are forbidden from
> registering unless added as "local"?
>
> I seem to be missing some general concept here.
>
> I need to allow many devices to register from any public ip address and
> call each other. My system has no connection to any voip gateway so toll
> fraud is not an issue.
>
> On another but related issue, does sipwitch support sip over tls?
>
> Thanks for the help.
>
> Perazim
>
> On Mon, 2012-07-09 at 09:52 -0400, David Sugar wrote:
>> There are two ways something may be denied. The first is based on
>> appearing address. If your coming from what seems like an external
>> destination, sipwitch may deny based on address, depending on the
>> <access> rules section of the config.
>>
>> The second possibility may be that the device presents itself as it's
>> "from" uri coming from a public internet host (reverse lookup perhaps).
>> If the name the device claims to be "from" is not a hostname sipwitch
>> recognizes, it treats it as "foreign". This can be solved simply by
>> adding the appearing from to the list of sipwitch <localnames> that it
>> will recognize as if "local" to the server, but you need to know where
>> the ata's claim they are from.
>>
>> On 07/09/2012 09:06 AM, Perazim wrote:
>>> I have several grandstream ht-701 ATAs running on a LAN that work fine.
>>> Now I need to add several of the same ATAs that are on the public
>>> internet behind NAT firewalls. I have setup a stun server. I cannot get
>>> them to register. sipwitch is rejecting any ATA that is not on the local
>>> LAN. I have searched the available docs but cannot seem to find how to
>>> do this in the config file access parameters. The non-local ATAs
>>> generate this message:
>>>
>>> Rejecting restricted 202 from (public ip address and port)
>>>
>>> Any help is appreciated.
>>>
>>> Perazim
>>>
>>>
>>>
>>>
>>>
>>
>
>
>
>
- [Sipwitch-devel] Accepting external calls, Jochem Vaarwater, 2012/07/07
- Re: [Sipwitch-devel] Accepting external calls, paul, 2012/07/07
- Re: [Sipwitch-devel] Accepting external calls, Jochem Vaarwater, 2012/07/07
- [Sipwitch-devel] howto configure sipwitch to allow ua login from public internet, Perazim, 2012/07/09
- Re: [Sipwitch-devel] howto configure sipwitch to allow ua login from public internet, David Sugar, 2012/07/09
- Re: [Sipwitch-devel] howto configure sipwitch to allow ua login from public internet, Perazim, 2012/07/09
- Re: [Sipwitch-devel] howto configure sipwitch to allow ua login from public internet,
David Sugar <=
- Re: [Sipwitch-devel] howto configure sipwitch to allow ua login from public internet, Perazim, 2012/07/09
- Re: [Sipwitch-devel] howto configure sipwitch to allow ua login from public internet, Perazim, 2012/07/12
- Re: [Sipwitch-devel] howto configure sipwitch to allow ua login from public internet, David Sugar, 2012/07/12