ASTPP + Freeswitch integration with OpenSIPs for IP authentication
653 views
Skip to first unread message
Marc
Dec 22, 2015, 6:50:32 AM12/22/15
to ASTPP
Hello ASTPP community,
first of all let me thank ASTPP team for their great product.
I'm currently testing integration of ASTPP/Freeswitch and OpenSIPs and despite many hours spent on this task I am not able to figure out how the integration should work.
Current setup:
Server1: Freeswitch+ASTPP with local MySQL database
ASTPP v.2.3
FreeSWITCH Version 1.4.26+git~20151207T171851Z~aba5892bdb~64bit (git aba5892 2015-12-07 17:18:51Z 64bit)
Server2: Opensips with link to MySQL DB on server1
opensips 2.1.1 (x86_64/linux)
I know the ASTPP config for OpenSIPs is for v.1.7 but I have managed to add X-AUTH-IP header very easily on the OpenSIPs dialplan so Freeswitch should automatically recognize the IP address passed in "X-AUTH-IP" header and consider it during analyzing ACL to find the IP which belongs to one of the Customers in the local database.
What I did so far?
1. I can get incoming calls on ASTPP/Freeswitch authenticated based on the IP address when call is send directly to Freeswitch.
2. I am not able to get incoming calls on ASTPP/Freeswitch authenticated based on the IP address of the customer when the call is send via OpenSIPs (Proxy)
In this case Freeswitch "sees" only the IP of my OpenSIPs box , doesn't look for "X-AUTH-IP" header.
I have tried with additional SIP Profile parameters:
apply-proxy-acl = default (default is the ACL which keeps all IPs from "ip_map" table , I am able to successfully validate with fs_cli that the IP of the proxy and the IP of the customer is part of that list)
Please note that in my case I do not want to use customers based on their SIP account details but rely only on the IP based authentication - this is the project for wholesale termination service.
fs_cli shows that for incoming call:
2015-12-22 11:43:25.532964 [NOTICE] switch_channel.c:1077 New Channel sofia/WholesaleSIP/9434381345@!PROXY_IP!:5090 [9e22e915-0b43-4796-97f0-776114245745]
2015-12-22 11:43:25.532964 [DEBUG] switch_core_session.c:1062 Send signal sofia/WholesaleSIP/9434381345@!PROXY_IP!:5090 [BREAK]
2015-12-22 11:43:25.532964 [DEBUG] switch_core_session.c:1062 Send signal sofia/WholesaleSIP/9434381345@!PROXY_IP!:5090 [BREAK]
2015-12-22 11:43:25.532964 [DEBUG] switch_core_state_machine.c:472 (sofia/WholesaleSIP/9434381345@!PROXY_IP!:5090) Running State Change CS_NEW
2015-12-22 11:43:25.532964 [DEBUG] sofia.c:8957 sofia/WholesaleSIP/9434381345@!PROXY_IP!:5090 receiving invite from !PROXY_IP!:5090 version: 1.4.26 git aba5892 2015-12-07 17:18:51Z 64bit
2015-12-22 11:43:25.532964 [DEBUG] sofia.c:9069 IP !PROXY_IP! Approved by acl "default[]". Access Granted.
2015-12-22 11:43:25.532964 [DEBUG] sofia.c:6658 Channel sofia/WholesaleSIP/9434381345@!PROXY_IP!:5090 entering state [received][100]
2015-12-22 11:43:25.532964 [DEBUG] sofia.c:6668 Remote SDP:
...
!PROXY_IP! is the IP address of the OpenSIPs. It is simply ignoring the X-AUTH-IP header.
Exemplary INVITE coming to Freeswitch:
recv 1083 bytes from udp/[!PROXY_IP!]:5090 at 11:47:39.612456:
------------------------------------------------------------------------
INVITE sip:11113157244022@!PROXY_IP!:5090 SIP/2.0
Record-Route: <sip:!PROXY_IP!:5090;lr>
Via: SIP/2.0/UDP !PROXY_IP!:5090;branch=z9hG4bK015.7cb90be.0
Via: SIP/2.0/UDP 192.168.1.73:65262;received=!CUSTOMER_IP!;branch=z9hG4bK-524287-1---faf1c51956cfc817;rport=65262
Max-Forwards: 69
Contact: <sip:94343...@192.168.1.73:65262>
To: <sip:11113157244022@!PROXY_IP!:5090>
From: "1905460123"<sip:9434381345@!PROXY_IP!:5090>;tag=7f2b9976
Call-ID: 79049NTgxNDQ0NzlmNjAxMzExMGQzOTExN2I4MmI4YzAxYzA
CSeq: 1 INVITE
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, CANCEL, BYE, REFER, INFO, OPTIONS
Content-Type: application/sdp
Supported: replaces
User-Agent: X-Lite release 4.9.2 stamp 79049
Content-Length: 333
X-Auth-IP: !CUSTOMER_IP!
!CUSTOMER_IP! is the IP address which is the actual IP which originates the traffic.
Does anyone have a solution for this?
first of all let me thank ASTPP team for their great product.
I'm currently testing integration of ASTPP/Freeswitch and OpenSIPs and despite many hours spent on this task I am not able to figure out how the integration should work.
Current setup:
Server1: Freeswitch+ASTPP with local MySQL database
ASTPP v.2.3
FreeSWITCH Version 1.4.26+git~20151207T171851Z~aba5892bdb~64bit (git aba5892 2015-12-07 17:18:51Z 64bit)
Server2: Opensips with link to MySQL DB on server1
opensips 2.1.1 (x86_64/linux)
I know the ASTPP config for OpenSIPs is for v.1.7 but I have managed to add X-AUTH-IP header very easily on the OpenSIPs dialplan so Freeswitch should automatically recognize the IP address passed in "X-AUTH-IP" header and consider it during analyzing ACL to find the IP which belongs to one of the Customers in the local database.
What I did so far?
1. I can get incoming calls on ASTPP/Freeswitch authenticated based on the IP address when call is send directly to Freeswitch.
2. I am not able to get incoming calls on ASTPP/Freeswitch authenticated based on the IP address of the customer when the call is send via OpenSIPs (Proxy)
In this case Freeswitch "sees" only the IP of my OpenSIPs box , doesn't look for "X-AUTH-IP" header.
I have tried with additional SIP Profile parameters:
apply-proxy-acl = default (default is the ACL which keeps all IPs from "ip_map" table , I am able to successfully validate with fs_cli that the IP of the proxy and the IP of the customer is part of that list)
Please note that in my case I do not want to use customers based on their SIP account details but rely only on the IP based authentication - this is the project for wholesale termination service.
fs_cli shows that for incoming call:
2015-12-22 11:43:25.532964 [NOTICE] switch_channel.c:1077 New Channel sofia/WholesaleSIP/9434381345@!PROXY_IP!:5090 [9e22e915-0b43-4796-97f0-776114245745]
2015-12-22 11:43:25.532964 [DEBUG] switch_core_session.c:1062 Send signal sofia/WholesaleSIP/9434381345@!PROXY_IP!:5090 [BREAK]
2015-12-22 11:43:25.532964 [DEBUG] switch_core_session.c:1062 Send signal sofia/WholesaleSIP/9434381345@!PROXY_IP!:5090 [BREAK]
2015-12-22 11:43:25.532964 [DEBUG] switch_core_state_machine.c:472 (sofia/WholesaleSIP/9434381345@!PROXY_IP!:5090) Running State Change CS_NEW
2015-12-22 11:43:25.532964 [DEBUG] sofia.c:8957 sofia/WholesaleSIP/9434381345@!PROXY_IP!:5090 receiving invite from !PROXY_IP!:5090 version: 1.4.26 git aba5892 2015-12-07 17:18:51Z 64bit
2015-12-22 11:43:25.532964 [DEBUG] sofia.c:9069 IP !PROXY_IP! Approved by acl "default[]". Access Granted.
2015-12-22 11:43:25.532964 [DEBUG] sofia.c:6658 Channel sofia/WholesaleSIP/9434381345@!PROXY_IP!:5090 entering state [received][100]
2015-12-22 11:43:25.532964 [DEBUG] sofia.c:6668 Remote SDP:
...
!PROXY_IP! is the IP address of the OpenSIPs. It is simply ignoring the X-AUTH-IP header.
Exemplary INVITE coming to Freeswitch:
recv 1083 bytes from udp/[!PROXY_IP!]:5090 at 11:47:39.612456:
------------------------------------------------------------------------
INVITE sip:11113157244022@!PROXY_IP!:5090 SIP/2.0
Record-Route: <sip:!PROXY_IP!:5090;lr>
Via: SIP/2.0/UDP !PROXY_IP!:5090;branch=z9hG4bK015.7cb90be.0
Via: SIP/2.0/UDP 192.168.1.73:65262;received=!CUSTOMER_IP!;branch=z9hG4bK-524287-1---faf1c51956cfc817;rport=65262
Max-Forwards: 69
Contact: <sip:94343...@192.168.1.73:65262>
To: <sip:11113157244022@!PROXY_IP!:5090>
From: "1905460123"<sip:9434381345@!PROXY_IP!:5090>;tag=7f2b9976
Call-ID: 79049NTgxNDQ0NzlmNjAxMzExMGQzOTExN2I4MmI4YzAxYzA
CSeq: 1 INVITE
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, CANCEL, BYE, REFER, INFO, OPTIONS
Content-Type: application/sdp
Supported: replaces
User-Agent: X-Lite release 4.9.2 stamp 79049
Content-Length: 333
X-Auth-IP: !CUSTOMER_IP!
!CUSTOMER_IP! is the IP address which is the actual IP which originates the traffic.
Does anyone have a solution for this?
Marc
Dec 23, 2015, 5:47:44 AM12/23/15
to ASTPP
Actually I think I will be able to answer by myself.
ASTPP looks for "P-Accountcode" header.
Seems that "X-AUTH-IP" is actually not used by Freeswitch for ACL
ASTPP looks for "P-Accountcode" header.
Seems that "X-AUTH-IP" is actually not used by Freeswitch for ACL
vps4hire
Jan 16, 2016, 7:51:56 AM1/16/16
to ASTPP
please do a step by step implementation method for astpp which files you edit, how you link the databases etc may be we can have a working method for opensips and astpp
Reply all
Reply to author
Forward
0 new messages