Summary:ASTERISK-08561: Check PEER first
Reporter:Stephan Monette (monettes)Labels:
Date Opened:2007-01-11 17:44:27.000-0600Date Closed:2007-02-01 15:32:25.000-0600
Versions:Frequency of
Environment:Attachments:( 0) chan_sip.c
Description:For each incoming SIP calls, Asterisk always check the incoming caller if he's a user or a peer. If he's a user, Asterisk request SIP authentication. But if the caller is coming from a peer with a user's callerid, Asterisk will ask to authenticate the call which is impossible from our gateways.

I created a patch to add a parameter in the general section of sip.conf:


With the parameter checkpeerfirst=yes, Asterisk will check the IP address of the incoming caller first. If it finds the IP address first, it will accept the call and not ask for SIP authentification.

I tested the application with our Softswitch and gateways from Versatel Networks and it works perfectly now.


I tried to create a patch file from the source code, but it always removed everything then add everything again! So I decided to include the whole chan_sip.c file.

Comments:By: Anthony LaMantia (alamantia) 2007-01-11 17:52:58.000-0600

can you please upload a svn diff, as well as fax in a disclaimer to digium.

By: Serge Vecher (serge-v) 2007-01-12 09:31:04.000-0600

why can't you use the insecure setting?

By: Emmanuel BUU (neutrino88) 2007-01-12 11:59:13.000-0600

Why not simply define the gateways as peers ?

By: Stephan Monette (monettes) 2007-01-12 12:30:59.000-0600

This is what we did, set the gateway as a peer, but asterisk always asked our gateway to register since the callerid number is one of the SIP user.

This is why I wrote this patch to fix my issue with VoIP to VoIP calls when all calls needs to go to the main gateway. On our network, our softswitch runs on a VersatelGateway and needs to get all the calls for billing reasons.

By: Anthony LaMantia (alamantia) 2007-01-15 12:35:03.000-0600

can you provide the patch as a svn diff, or a diff -u it's really hard to see the changes you have made without one.

By: Anthony LaMantia (alamantia) 2007-01-15 12:35:24.000-0600

also, what is the status of your disclaimer?

By: Olle Johansson (oej) 2007-01-23 02:26:35.000-0600

I don't agree with this patch. You have to pick user names that don't collide with caller ID's of peers. This has been discussed many times on the mailing lists.

We need to check users first, since a type=user is an object for incoming calls.

In the long run, yes, I agree - this is a broken architecture that is about to change dramatically. My feelings are that this option will confuse people even more and generate more support. Better to learn to understand the namespaces, how they may collide and choose god names for your user objects, names that won't collide with any caller ID on incoming calls.