[SOLVED] allowguest=no and calls from PSTN

qzu · December 2, 2014, 2:27pm

Hello everybody!
I haven’t found useful info on the web about allowing incoming calls from my sip provider while blocking guests.

Scenario: PSTN -> SIP PROVIDER -> [sip] -> MY ASTERISK BOX

While placing a call from PSTN to my provider I got 401 'ed:

Using INVITE request as basis request - 426bf5c377b06329799d135f53025b35 @ sip.messagenet.it
No matching peer for ‘+3933xxxxxxxxxx’ from '212.97.59.76:5061’
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 212.97.59.76:5061;branch=z9hG4bK7c8b.3461fe13.0;received=212.97.59.76
Via: SIP/2.0/UDP 212.97.59.85:5060;branch=z9hG4bK083593e4
From: “+3933xxxxxxxxxx” sip:+3933xxxxxxxxxx@sip.messagenet.it;tag=as27658ac4

+3933xxxxxxxx is my cell phone trying to call the pstn number I’m being provided.
With allowguest=yes the call is connected OK.

Any help will be highly appreciated.

david55 · December 2, 2014, 5:16pm

You neither have a user with section name ‘+3933xxxxxxxxxx’ nor a peer with the address 212.97.59.76:5061.

qzu · December 2, 2014, 5:51pm

.
I can’t define a [user] for any possible callerid! But…

Do I need to define a peer if the SIP Provider is used only for incoming calls?

Thank you for your reply!

david55 · December 3, 2014, 8:17am

Sometimes From is used as the account name. You didn’t say the xxxx was unknown, rather than redacted.

You need a peer definition (friend adds nothing, if From is the CLID, and can be confusing, and user is useless, here) for every address from which the ITSP can originate calls. If that number of addresses is excessive, the only real option is to use allowguest with good firewall rules.

qzu · December 3, 2014, 5:31pm

.
I wish to say thank you because this worked perfectly.

For anyone using the Italian Sip Provider “Messagenet.it” this sip.conf will “harden” your box a bit.

As David55 suggested, I had to define a peer even if I use the provider only for incoming calls:

[general]
context=amici
alwaysauthreject=yes
allowguest=no

register=xxxxx:xxxxx@sip.messagenet.it:5061/06xxxxxxxx

[messagenet-incoming]
type = peer
defaultuser = xxxxxx
fromuser = xxxxxx ;(same as the above)
secret = xxxxxxxxxxx
host = sip.messagenet.it
port = 5061
qualify = yes
insecure = invite

[someinternalfolk]
type=friend
host=dynamic
secret=xxxxxxxxxx
…
…

Topic		Replies	Views
Allowguest Issue Asterisk Support	9	283	December 15, 2013
Permit/deny for peer Asterisk SIP	2	2347	May 9, 2017
Allowguest .. replacment available? Asterisk Support	5	272	September 8, 2011
403 Forbiden Asterisk Support	2	289	April 25, 2012
How to allow Incoming Calls from PSTN Asterisk Support	4	1538	January 15, 2008

[SOLVED] allowguest=no and calls from PSTN

Related topics