PBX Connector / SIP Trunking using IP Authentication
543 views
Skip to first unread message
day...@voxter.ca
Sep 5, 2013, 4:04:21 PM9/5/13
to 2600h...@googlegroups.com
So, currently when I set up a downstream SIP trunk for a customer, Kazoo creates the account, and expects username + password + realm authentication to happen.
I'm curious what the solution would be when a downstream customer wants to SIP trunk to Kazoo, but have themselves authenticated via IP address only?
My first thought would be to add their IP's to the ecallmgr ACLs, but then I cant think of how it would identify which account it should correspond to.
Anyone have any suggestions or workarounds?
Thanks!
Darren Schreiber
Sep 6, 2013, 1:42:14 PM9/6/13
to 2600h...@googlegroups.com
You can't do this via PBX Connector unfortunately.
You can cheat though and use regular call flows but it's kind of annoying. In the Device config in SIP there is a drop down for auth that defaults to username. Change it to password.
There is also a nasty bug we have not yet fixed on that one – once an IP is added it never goes away! I don't think it's fixed yet anyway. You have to remove it manually, I believe from the sip_auth database.
--
You received this message because you are subscribed to the Google Groups "2600hz-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to 2600hz-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
You received this message because you are subscribed to the Google Groups "2600hz-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to 2600hz-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
day...@voxter.ca
Sep 6, 2013, 7:36:44 PM9/6/13
to 2600h...@googlegroups.com
Even though its not "ideal" (ie. in PBX connector) - this definitely serves as a sufficient work around, I completely missed thinking of using a generic SIP device this way.. Thanks for the tip!
Matt - nurango.ca
Jun 28, 2017, 1:46:10 AM6/28/17
to 2600hz-dev
Hey does anyone know if there's a happy ending to this story? With the addition of the field in pbx connector n one seems to be able to get it working :s
The connectivity schema said username/pass is not mandatory and IP is a viable auth method. It would seem that maybe it's not built into the xml or ecallmgr_fs_authn. Unless were asking for some type of username with the method of IP..
It would just seem odd for security reasons that this wouldn't be viable right?
| lager:debug("looking up credentials of ~s@~s for a ~s", [Username, Realm, Method]), |
It would just seem odd for security reasons that this wouldn't be viable right?
If anyone has it working I would loove to hear that it's even an option.
Thanks :)
Matt - nurango.ca
Jul 3, 2017, 3:05:14 PM7/3/17
to 2600hz-dev
Well I've managed to confirm that inbound calls work with IP auth but no form of dozens of configs will work for outbound calling. I think it might lye in the FS dial plan, I'll keep at it for a bit and post back any findings.
On Thursday, September 5, 2013 at 4:04:21 PM UTC-4, Dayton Turner wrote:
fred
Jul 5, 2017, 11:02:34 AM7/5/17
to 2600hz-dev
Is this for local or global carrier? I think many (most or all?) SIP trunk providers do not allow multiple accounts to use the same IP for IP Authentication. So you may only be able to use IP Authentication for one account or globally but not both if the carrier only allows the IP Auth to be used once.
Matt - nurango.ca
Jul 5, 2017, 10:25:15 PM7/5/17
to 2600hz-dev
Hey Fred, thanks but it's pertaining to endpoints using pbx connector and not to the trusted ACL's ie; carriers.
On Thursday, September 5, 2013 at 4:04:21 PM UTC-4, Dayton Turner wrote:
Reply all
Reply to author
Forward
0 new messages