Sip user agent

i am using asterisk SVN-trunk-r355531 and want to restrict some phones to call with dialplan .
i found way to restric this with SIP USER AGENT of Predefined Channel Variables :

exten => _NXXNXXXXXX,n,GotoIf($["${SIPUSERAGENT}"!="Sipura/SPA1001-3.1.8(SEc)"]?hangup:continue)
exten => _NXXNXXXXXX,n(hangup),NoCDR()
exten => _NXXNXXXXXX,n,Hangup()
exten => _NXXNXXXXXX,n(continue),…
exten => _NXXNXXXXXX,n,…

but seems "${SIPUSERAGENT} values does not work …

is there similar way to block phones ?

sorry for bad english

Why are you using a development version, rather than a production version?

There is no such variable defined in the trunk source code.

Are you trying to block certain brands? If so there is a function for obtaining the values of SIP headers, SIP_HEADER(), and there is a function for obtaining information about a peer, SIP_PEER().

Otherwise, you should be making sure allowguest = no, and choosing appropriate contexts.

thanks david55,
yes . i want to block certain brands.
I had problem with SSL/SRTP , after this , when i configured certificates , I notised that phones like BLINK , PHONERLITE and etc … registered w/o certificate. I have not installed certificates , but they registered and called well.

my config was :

[100]
type=friend
context=somecontest
host=dynamic
nat=no
secret=1234
dtmfmode=rfc2833
disallow=all
allow=ulaw
transport=tls
encryption=yes

then i wanted to block all softphone else conuterpath eyebeam.

that’s all

is there some way to block phone registration if client does not have a root certificate ?

  1. I presume you also want to block invites.

  2. I presume you mean a client with a certificate which cannot be traced to a root certificate you hold, as it would rather strange for a client to actually use a self signed certificate.

I seem to remember a recent question about how to accept a self signed certificate, so I would have though that this was default behaviour.

Do you have allowguest defaulting to yes, by any chance?

my allowguest is set to NO.

I have a asterisk server . I configured SSL/SRP and want to register and call only the phones which have my certificate installed. and all other phones will be rejected .
but i dont know how to configure this.

if you can help me , i will be very grateful