[Spce-user] Sipwise CE 2.7 SBC config revisited

William Fulton wfulton at thirdhatch.com
Sat Mar 23 17:34:07 EDT 2013 

Jon,

The SPCE system is multi-homed with eth0 running on a public routable ip address and eth1 running on a private class c network.  We have an asterisk server running in the class c network as well.  We are trying to use the SPCE system to protect the asterisk server while allowing access through the public internet to authenticated users.

So, let’s say SPCE looks like this:
Eth0: x.x.x.x
Eth1: y.y.y.y

The Asterisk Server:
y.y.y.x

The client:
x.x.x.y

I want the client to authenticate against the SPCE, then the SPCE authenticates the client to the Asterisk server.  I can get the client to authenticate against the SPCE but I cannot get the SPCE to authenticate the client against the Asterisk server.

I have set peer_auth_register flag and also provided the credentials to the SPCE server for the client's account on the asterisk server along with the realm address for the asterisk server.  The SPCE never even tries to authenticate to the asterisk server.

Thank you,
William

-----Original Message-----
From: spce-user-bounces at lists.sipwise.com [mailto:spce-user-bounces at lists.sipwise.com] On Behalf Of Jon Bonilla (Manwe)
Sent: Saturday, March 23, 2013 3:13 AM
To: spce-user at lists.sipwise.com
Subject: Re: [Spce-user] Sipwise CE 2.7 SBC config revisited

El Fri, 22 Mar 2013 16:27:39 -0700
"William Fulton" <wfulton at thirdhatch.com> escribió:

> Guys,
> 
>  
> 
> I have spent a couple of weeks trying to make this work with 
> absolutely no luck.  I have read the manual cover to cover and there 
> is clearly a section missing.  Section 6 references a section in 
> Section 7 about advanced network configuration that does not exist.
> 
>  
> 
> I have two interfaces:
> 
>  
> 
> eth0 and eth1
> 
>  
> 
> *         eth0 is on the external subnet and this configuration was easy
> as I simply assigned the sip_ext, web_ext, ssh_ext, etc to this adaptor.
> 
> *         eth1 is on the internal subnet and I have added the role of
> sip_int to this adaptor.  


why did you do this? Why not lo interface for this role?

> 
> *         I created a new subscriber and set the preferences to
> authenticate to the peer and set the peer username, password and realm

Did you also check the "peer_auth_register" option?


> 
> *         Despite my best efforts, I cannot get the subscriber external
> to the Sipwise CE system to authenticate to the Asterisk system 
> internal to the Sipwise CE system.
> 

What? An external subscriber to authenticate against the internal asterisk? The
asterisk system running in the spce is just a voicebox endpoint.

Could you please explain what's you scenario and what you are trying to
achieve? Sorry but I didn't understand.

>  
> 
> What am I missing?  I'm sure it's pretty simple but I can't see it.
> 

Please tell us in more detail what your scenario is and what you did.


cheers,

Jon

More information about the Spce-user mailing list