I am looking to implement SIP based authentication for a new sip peer. Can someone please outline what the different commands are to enable authentication on asterisk running 1.4 and 1.8? This peer will be used for inbound and outbound dialing.
From what I have seen this far, I understand the username, secret and insecure are the only parama needed for authentication?
[peer-incoming-outbound]
qualify=yes
type=friend
context=sip
host=10.10.10.10
port=xxxx
username=tammari
secret=********
insecure=invite,port (asterisk 1.8) and insecure=very (for Asterisk 1.4)
The peer end will have similar params configured on their end. Is this call that’s needed?
You need to read this document for better understanding . But here you have some basic points that you must know
[quote]Note: The parameter “username” is not the username and in most cases is
not needed at all. Check below. In later releases, it’s renamed
to “defaultuser” which is a better name, since it is used in
combination with the “defaultip” setting
[/quote]
[quote]
insecure=port Allow matching of peer by IP address without
matching port number
insecure=invite Do not require authentication of incoming INVITEs
insecure=port,invite (both)[/quote]
insecure is not neededfor authentication, and, in most cases should be unnecessary on modern versions of Asterisk, which support remotesecret. insecure=invite turns off authentication for incoming calls. Before remotesecret, this was often necessary with ITSPs, because they wouldn’t authenticate to the customer system. remotesecret allows specifying authentication parameters that are only used outbound (and even allows different secrets each way).
Also, the probable reason for removing insecure=very is that it forces you to think about the individual options. insecure=port has nothing to do with password processing at all, and is often not needed. Unfortunately, removing very hasn’t worked, as people simply use cook book recpes that say replace very by invite,port.
username is often not needed. fromuser is quite often needed. fromdomain is needed by some ITSPs.
There is no advantage in friend over peer, and some disadvantages.
Thank you all so much for the prompt response. If I understood this correct, all I need is just the below to enable sip authentication on a per peer basis
[peer-incoming-outbound]
qualify=yes
type=friend
context=sip
host=10.10.10.10
port=xxxx secret=******** -------> for calls incoming into Asterisk
remotesecret=********** for calls made by asterisk.
Can someone please confirm if the above peer configs will work on asterisk 1.4 and 1.8?