when i set a sip trunk do i need to identify from my local ipbx or do I need to tide,tify from the provider’s pbx ?
Do I need to set the local endpoint name or the one designed on their pbx ?
when i set a sip trunk do i need to identify from my local ipbx or do I need to tide,tify from the provider’s pbx ?
Do I need to set the local endpoint name or the one designed on their pbx ?
I don’t really understand the first part.
For normal providers, what you call the endpoint and aor is irrelevant, as the provider will send caller ID, not its own identity, in the From user, and won’t send an authorisation user, at all.
Ideally you should disable matching on the endpoint name for a provider, as that allows junk calls to be injected directly (you should not normally send calls from a provider to any context that can make chargeable calls, but that is another potential reason for not allowing matches on endpoint name).
I’m kind of lost… I really don’t understand what is happenning…
When you say that I should not match based on the endpoint name, do you mean that I shouldn’t use “identify_by=username” ?
The default matching rule is to match the From user against the endpoint name. That is generally the right thing to do for the phones on your network. However providers do not do this, and the most common way of identifying them is by IP address. Although people don’t seem to do it, you should really set them to only identify by that.
I understand that I should only use “identify_by=ip” is that what you mean ?
I didi this
[+594594140950]
type=endpoint
transport=transport-udp
context=+594594140950
disallow=all
allow=ulaw,alaw,g722,gsm
rtp_symmetric=yes
force_rport=yes
rewrite_contact=yes
identify_by=ip
aors=+594594140950
auth=+594594140950_auth
outbound_auth=+594594140950_auth
outbound_proxy=sip:sip.telcoz.eu
callerid=+594594140950 +594594140950
Is it secure to set the match option of an identify section to 0.0.0.0 ? So i’ll allow every network to contact me ?
There is a special identify option of anonymous for anyone to contact you, but it is essential that that leads to a context that cannot incur any charge. It will result in large numbers of attempts to make calls to premium rate numbers, so it must be impossible to dial those from any context in which you use it.
Normally the only case where you would use it with chan_pjsip is if you want to allow calls direct to your network without using any infrastructure above the IP level. In practice almost nobody allows that.
If your provider needs any of these, get a better provider!
I’m not aware of any provider that will honour this; setting it will cause all incoming calls to fail, as the provider will be asked for a password which they will not be able to provide. The fact that providers won’t authenticate is why you have to be very careful if you don’t limit them by IP address.
This will prevent incoming caller ID from working, which is something you wouldn’t want to do.
This is unlikely to be right. If the provider needs an outbound proxy at all, they will normally requires \;lr
and possibly also \;hide
modifiers, on the URI. They may well be happy with your sending directly to their contact address, without any proxy.
I got connected with them -didn’t try incoming or outgoing calls- by using
[sip2sip]
;user 9876543210
;Domain sip2sip.info
type = wizard
transport = transport-udp
remote_hosts = sip2sip.info,81.23.228.129,81.23.228.150,85.17.186.7
server_uri = sip:sip2sip.info
client_uri = sip:9876543210@sip2sip.info
sends_registrations = yes
sends_auth = yes
accepts_auth = no
accepts_registrations = no
contact_user = 9876543210
contact = sip:9876543210@sip2sip.info
outbound_proxy = sip:proxy.sipthor.net;lr;hide
realm = sip2sip.info
from_domain = sip2sip.info
;
endpoint/allow = !all,g722,alaw
endpoint/context = from-sip2sip
endpoint/rewrite_contact = yes
outbound_auth/username = 9876543210
outbound_auth/password =
aor/max_contacts = 1
aor/remove_unavailable = yes
–
Daniel
I think this was actually:
outbound_proxy = sip:proxy.sipthor.net\;lr\;hide
Also, this is something that doesn’t normally make sense for a provider, as they will never register with you, only you with them.
Actually,. I think it is dangerous, as, in some cases, it could allow an attacker to hijack your outgoing calls.
I noticed that I can’t emit outgoing call if I don’t specify the outbound_proxy like that.
Could you please explain me the caller ID thing because when i don’t set i cannot instantiate outgoing call neither ? But I didn’t know it could trouble the inbound side.
I don’t really understand the trouble of the auth section. Why wouldn’t it use the options to set credentials ?
And how can I ensure that it is matching based on ip ?
The problem isn’t the type=auth section but referencing it with auth=. That requires the external party to authenticate itself, and that is something that SIP providers do not do.
Caller ID overrides the received caller ID, and has nothing to do with the one you send. When a call comes through a provider, you generally want to know what the inbound caller ID was, as that is who called you. The only real reason for setting it is when you have a phone that doesn’t use its extension number as part of its SIP URI, or to add the name associated with a phone.
They are but disappears in my output
That’s why you should always mark up logs and configuration files as pre-formatted text. (</>
button, single back ticks around a phrase
on a line, or triple back ticks around
multiple
lines.)
Le 16/10/2024 à 16:57, engineirie via Asterisk Community a écrit :
[engineirie] engineirie https://community.asterisk.org/u/engineirie
October 16I noticed that I can’t emit outgoing call if I don’t specify the
outbound_proxy like that.
With the setup I gave I can pass successfull calls to 3333 and 4444.
–
Daniel
–
are these number on the WAN ?
does it mean that I need two endpoints : one for outbound and on for inbound ?
Or is there a way to set the caller ID when I call but not when it get in ?
Do you mean PSTN?
For calling, you set the caller ID using the CALLERID function, or, if From user is used for caller ID, by setting from user for the endpoint. If not sent as From user, you will need additional options, to say how to send it. Details depend on the provider.
You would not normally set caller ID in the endpoint definition, for a provider.
Some providers use from user as an account name, and some of those will not allow you to set caller ID, but will always use the caller ID for the account. (Others may limit caller ID to pre-approved values.)
A question came in mind: did you by credits to call PSTN numbers?