authenticate IP- user/pass simoultaneous+redirect dynamic IP

[chentron]

1. Brekeke Product Name and Version:
Brekeke SIP Server , Version 3.2.4.3
2. Java version:
1.7.0.40
3. OS type and the version:
debian 7 32 bit
4. UA (phone), gateway or other hardware/software involved:
portech voip-gsm gateway

5. Your problem:
Dear
My scenario is one or more voip-gsm gateways with dynamic IP connected to BSS (hosted in OVH server fixed IP)trough user/password.
BSS will receive voip traffic from other server that must be IP authenticated and redirect this traffic trough the voip gateways.
So first question...
Can I authenticate at same time by IP and with user/pass
second question ...
How can redirect to the gateway with dynamic IP? (maybe with the username of gateway)

Thanks

[hope]

- can the gateway with dynamic IP register to brekeke server?
- use $addr in dial plan rule to capture caller source IP and route to registered gateway with dynamic IP

http://wiki.brekeke.com/wiki/Connecting-Gateways-with-BSS
http://wiki.brekeke.com/wiki/Authenticate-caller-by-IP-address

[chentron]

yes, tthe gateway can register to BSS

yes i am aware of both wiki but ...

this is using static "gateway_IP_address"

Matching Patterns

$request = ^INVITE To = sip:0(.+)@

Deploy Patterns

To = sip:%1@gateway_IP_address

and I have not a static IP. So how can redirect with non static IP ?
thanks for your answer

[hope]

Matching Patterns

$request = ^INVITE $addr = known_source_IP To = sip:0(.+)@

Deploy Patterns

$auth = false To = sip:xxx@

xxx is sip number of dynamic IP gateway registered at Brekeke server
gateway need to support 2-stage dialing and caller need to input destination number again after call has been established with gateway

Brekeke PBX may be better for your needs
pbx can send destination number dialed by caller as DTMF to gateway registered at Brekeke server with 2-stage dialing
then caller donot need to dial destination again.

[chentron]

So ... what You mean is that it is impossible to make a direct call (one dial) from a client trough a voip-gateway without any other considerations.


That is , If I change something on my scenario could I get a direct call ?
thanks

[tuie2]

chentron, which gateway product are you planning to use?
it depends on a gateway product.

If a gateway supports 1-Stage-Dialing and also makes a register to the SIP server, try this dialplan rule.

Matching Patterns

$request = ^INVITE To = sip:0(.+)@ $regAddr("9999") = (.+)

Deploy Patterns

To = sip:%1@%2

"9999" is the gateway's registered username in this example.
if you make a call to 012345678, the SIP server forwards a call to 12345678 through the gateway. (0 is the prefix in this example.)

With the above example, a direct call can be made.
If your gateway doesn't support a SIP REGISTER and 1-stage-dialing... try Brekeke PBX.

[chentron]

gateway is PORTECH DMTV voip-gsm, and it was working 1-stage dialing with other proxy(unknown for me) of a customer.
It is registered to BSS.
thank you But your dialplan doesnt work.
The call doesnt enter in the gateway.
This is the log of the error:
202 sip:100@brekeke_ip sip:0212@gateway_ip:5060 00:00:00.000 2013-10-18 04:21:28.542 2013-10-18 04:21:48.543 Time Out 504 gateway_ip:46220 gateway_ip Error dialplan_name X-Lite release 1002tx stamp 29712

thanks.
suggestions are welcome for new try.

[chentron]

This is the log of the error:
202 sip:100@brekeke_ip sip:0212@gateway_ip:5060 00:00:00.000 2013-10-18 04:21:28.542 2013-10-18 04:21:48.543 Time Out 504 gateway_ip:46220 gateway_ip Error dialplan_name X-Lite release 1002tx stamp 29712

!! I dialed 00212 !!

[tuie2]

The above dialplan works with other brand gateways.
Your log looks like, you got a connection timeout.

> gateway_ip:46220

Why your gateway uses 46220 not 5060??

Try this.

Matching Patterns

$request = ^INVITE To = sip:0(.+)@ $regAddr("9999") = (.+):

Deploy Patterns

To = sip:%1@%2

Add : colon in the end of 3rd line.

And make sure you set a shorter value for the registration period in the gateway setting. for example, 3min or less.

[chentron]

still doesnt work.
call dialed number(00212) is originated from a Pc(100) in same LAN than gateway (102).
BSS is internet hosted.

these are the logs:
SID From URI To URI Talking Length Invite Start Time Talk Start Time End Time Result Error UAC Address UAS Address Disconnected By Rule Name UAC User-Agent UAS User-Agent

291 sip:100@BBS_ip sip:0212@81.192.215.68 00:00:00.000 2013-10-19 19:48:20.764 2013-10-19 19:48:40.764 Time Out 504 81.192.215.68:62648 81.192.215.68 Error redirecion X-Lite release 1002tx stamp 29712

81.192.215.68 is the dynamic_ip where gateway and PC is hosted.
On gateway machine 5060 is the port, maybe i wrote in the last message incorrectly the ip number to hide phis.
router has DMZ to the gateway.

[hope]

capture packets at 81.192.215.68 side to see if gateway received the call

[Laurie]

How often does the gateway sends REGISTER to the SIP Server?
If it is a longer than the router's port mapping period, a packet sent from the outside of the LAN doesn't reach to the gateway.
so the gateway must send REGISTER packet more frequently with a shorter REGISTER period.


> other proxy(unknown for me) of a customer.

Ask the customer what they are using.


> 81.192.215.68 is the dynamic_ip where gateway and PC is hosted.

Are they (SIP Server, gateway and caller) located in the same LAN??

[chentron]

YES Finally I got it.
I was BSS on internet. Gateway + softphone on same LAN

I changed: BSS still on internet
gateway with 3G connection dynamic ip, authenticated to BSS
softphone with adsl connection, dynamic ip authenticated to BSS

dialplan working is this:

Matching Patterns

$request = ^INVITE To = sip:0(.+)@ $regAddr("9999") = (.+):

Deploy Patterns

To = sip:%1@%2

(9999 is the gateway user on BSS)

So first goal achieved.
Now the second goal is that softphone not authenticated to BSS, just IP authenticated.

I take the wiki and have a new rule on top:

Matching Patterns

$addr = trusted_IP_address

Deploy Patterns

$auth = false $continue = true

my first question is that when saving the rule, BSS soft ask that is recommended have a $request = ^INVITE .
I tested and it works with or without. I don not see what is the difference.
I also discovered when testing on changing the trusted_ip_address, ... if i delete the first number of the ipnumber, BSS is still authenticating the fake IP, and I see this as a security bug. Maybe I might to complet with other kind of condition.
what do you think, people

thanks to all, for the help !!

[tuie2]

It seems you are not familiar with Regular expression.
I recommend that you start learning about Regular expression before you edit the DialPlan.
https://en.wikipedia.org/wiki/Regular_expression

Also, try to read the document. You will find your answers there.
http://www.brekeke.com/doc/sip/sip_admin_v3.pdf

If you can not understand it, hire someone who has a technical background.

[chentron]

tui2: thanks for your advice.
Yes, I am not deep expert computing, but enough to read technical text.
This is my first contact with regular expression. thanks for link.
It is not easy for a start business have all the sources ready to spend, but in this case I was ready to do it:
- I emailed 5 partners from the brekeke web asking to hire them. none answer
- I contact brekeke sales asking just if my problem has a solution, before to pay, because i dont know the limits of BSS, and my first answer in this topic from a "master" was there is no solution , i might use pbx edition.
brekeke sales said just pay $300 for technical support, because the 500$ of the license gives nothing of technical support.
this is not the way I d like to be , but I dont know other software option as BSS.

So in this situation, and for past experiences, sometimes money is not all.

Excuse for the out of topic, and thanks again the help to all.
I am very close to pay the license and force to me to deep more in knowledging BSS.
tuie2: Maybe other time can I hire to You for helping to me ?

[tuie2]

Hi chentron
I know Regular expression is not easy to understand but many script languages adapt the syntax of the Regular expression. such as awk, perl and Ruby. Using of DialPlan will be a good chance to learn the Regular expression.

There are several Regular expression testers (as simulator) online.
Such as http://rubular.com/

Let you type 192.168.10.20 in the both [Your regular expression] field and [Your test string] field in the above page.
If so, the [Match result] shows the same value.
If you type 192.168.30.40 in the [Your test string], the "No matches" will be shown.

Type 192.168.10.20 in the [Your test string] again, and delete the first number from the [Your regular expression]. so it will be 92.168.10.20.
As you can see, the Regular expression still matches.

It will be the answer to the following question.

> i delete the first number of the ipnumber, BSS is still authenticating
> the fake IP, and I see this as a security bug.


To avoid it, put ^ in the font of the IP address.
$addr = ^trusted_IP_address


FYI:
There are many sample DialPlan rules in this PDF.
http://www.brekeke.com/doc/sip/sip_tutorial_dialplan.pdf



> because i dont know the limits of BSS, and my first answer in this > topic from a "master" was there is no solution , i might use pbx edition.

If the gateway doesn't support 1-stage-dialing, you need to use Brekeke PBX.