Authenticaing a user by their IP address

Hi,

We have some users that can not specify usernames/passwords so we need to be able to authenticate them by their IP address in the sip.conf.

Here is the config I’m trying in the sip.conf but it seems asterisk is just ignoring it and sending it to the default context with no callerID or any channel variables.

[ipuser1]
type=peer
host=xxx.yyy.zzz.100
context=ip-users
callerid=ipuser1 <1>
accountcode=1

It also seems strange that asterisk is allowing these calls to hit the dialplan without any authentication at all. We don’t use a default context, but otherwise it seems just anyone could make calls into our servers.

We’re using asterisk 1.6.2-rc2 on centos5.

Any ideas on this would be greatly appreciated.

There is an option that controls this. It is set to allow anonymous callers in the sample configuration, as that results in one less hurdle for people trying to get their initial configuration, however when you run make install, it tells you to read a document about securing Asterisk, which tells you about changing this option.

Note, in a pure SIP world, allowing default open access makes a lot of sense, as SIP doesn’t really need middle men, other than at the IP and DNS levels.