I am trying to make a phonecall using sipML5 library. The apps can successfully register into the SIP server.
How ever when i try to make a phone call, it says 403 Forbidden soon after ringing.
Here is some screenshot
Does anyone know why i am getting 403 Forbidden ? I can fully authenticate and register my account prior dialing any numbers. But this only happens soon after i dial another SIP number/account.
sipML5 is a SIP client. You should try to connect with a softphone using those credentials and trying to dial the same account/number.
You should see more details on the SIP server side of things if you have access to that.
Related
I have asterisk on a server 104.x.x.x and a main website on another server(204.x.x.x). Now I want to update the browser when someone call a sip number from my asterisk. Is there a better way of doing it? What I'm thinking is to expose an api that will update my telephony system database and do a ajax pooling or websocket on the browser from my website and call that api from dialplan via AGI method, but not sure if that is possible. Vicidial and other telephony system software works this way because their web application was also installed on the same server as asterisk. What this softwares do is call an external php or other language script from their dialplan
You should use the Asterisk manager API:
http://www.voip-info.org/wiki/view/Asterisk+manager+API
http://www.voip-info.org/wiki/view/Asterisk+Manager+API+Action+Monitor
to monitor calls from remote server.
Please check the manager.conf file, on how to allow access to a remote IP,
here's an example:
[usernamehere]
secret=yourpasswordhere
deny=0.0.0.0/0.0.0.0
permit=204.0.0.1/255.255.255.255
read=all,system,call,log,verbose,command,agent,user,originate
;write=command,call,originate
displayconnects=yes
You only need the "write" part if you intend to interact from the remote location back, like hanging up a call...
According to https://wiki.asterisk.org/wiki/display/AST/Asterisk+11+Application_Dial the Dial() application is capable of sending an URL to the extension being called. I suppose there are softphones implementing this, maybe popping up a browser pointing to the given URL - perfect to open up automatically a CRM customer page when receiving a call by identifying his caller id.
Do you know of any softphone implementing this functionality?
Doc have following line:
if the channel driver supports it
For sip protocol will be issued SIP MESSAGE with url. So phone have support messaging via sip.
For jabber protocol will be generated jabber message.
I run my own sip server (asterisk). Apparently my sip server allows to perform an INVITE without doing any REGISTER first. This leads to lots of unsuccessful attacks on my server. IS there any way to allow INVITE requests only from a successfully REGISTERed clients? Through asterisk or iptables?
You need change allowguest parameter to no in your sip.conf.
Check the link below for more tips about security in asterisk:
http://blogs.digium.com/2009/03/28/sip-security/
My study so far tells me that REGISTER is only for asterisk to reach or forward the INVITES but not to authenticate an INVITE request. When an INVITE comes, asterisk tries to check the given user name and if its a valid one, it sends a 407 (Authentication required) back to the client. Then client inserts the password (encrypted) in the response and sends INVITE2 to server. Now server authenticates the user and when credentials match, proceeds with establishing the call.
Conclusion: An INVITE has no relation with REGISTER and so my idea of restricting only REGISTERED clients to send an INVITE is not possible.
As a workaround, I have written my own script. Source is at https://github.com/naidu/JailMe
Consider a real Session Border Controller which pays for itself quickly when you get hacked. However, if you want a "good enough" option then read on:
There is an iptables module called "string" which will search a packet for a given string. In the case of SIP we expect to see "REGISTER" in the first packet from any given address, so combine this with -m state --state NEW or something similar. After that, we would want keep-alive happening to ensure that connection tracking remains open (usually Asterisk sends OPTIONS, but it can send empty UDP). You want that anyway in case the client is behind NAT.
It's not the ideal solution, because iptables cannot figure out whether a registration has been successful, but at least we can insist the other guy makes an attempt at registration. One of the answers linked below shows use of the string module in iptables:
https://security.stackexchange.com/questions/31957/test-firewall-rules-linux
You could also put an AGI script into your dialplan that does some additional checking, potentially looking at IP address and whether the extension is registered... ensure the INVITE comes from the same source IP.
Fail2Ban is an easy way to block unwanted traffic! fail2ban check system logs for failed attempts, if there are too many (exceeding defined threshold) failed attempts in specified time from some remote IP then Fail2Pan consider it as attack, and then add that IP address in iptables to block any type of traffic from it. following links can help
http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
http://www.markinthedark.nl/news/ubuntu-linux-unix/70-configure-fail2ban-for-asterisk-centos-5.html
I am a newbie for Asterisk, so please be patient.
I would like to perform phone call originating by my application via Asterisk. I was recommended to use skype connection to terminate the call.
So, I installed AsteriskNow on VM with CentOs, created Skype Business account, got SIP ID and configured sip.conf and extensions.conf and explained here
http://forum.skype.com/index.php?showtopic=487451
Then I restarted asterisk service and checked log file. I did not see any error messages, so I hope that the configuration is accepted.
Now the question is: what do I have to do now? I want Asterisk to dial some phone number. It should arrive to skype that should forward the call to phone via VoIP gateway.
How can I do this?
Have a look at my answer: Asterisk click to call
You can do similar thing. At first do test with your local VoIP clients. You can probably install 2 SIP soft phones, configure them in sip.conf and using CallFile test if you can make connection between them. If this work, then instead of using Extension: SIP/test1 change it to valid dialable Skype for SIP "number".
I am using Asterisk 1.4 server and I have created a desktop client using the Asterisk.NET Library. I am able to log into the AMI (as a manager) using Asterisk.Net, but I cannot find a way to send the REGISTER command using the AMI, to share my client's location information with the server.
I want to know an AMI or a CLI command that can send a REGISTER request to the Asterisk Server.
Thanks
If you're trying to do a sip register you might want to use an actual sip client API.
What's your end goal in doing this?
This is a fundamentally odd thing to be doing - a bit like looking for an API on a web server that lets you send an HTTP request to it. In many ways Asterisk is a voice analogue to a web server - the dialplan is a little like the Apache config directives that send incoming requests to different files, scripts, or services, AMI is rather like its command-line, AGI is similar conceptually to CGI (hint in the name!).
If you want to SIP-REGISTER something with your Asterisk server, just send a SIP REGISTER message with the right options to the Asterisk box's SIP interface. In AGI I suppose you could use the cURL() application to call localhost, but it would be a horrific hack and would probably break things.