Добрый вечер, уважаемые гуру Астериска! помогите, пожалуйста, разобраться с логами:
ОС: CentOS release 5.9 (Final)
Asterisk: Asterisk 11.4.0
Сборка: Elastix 2.4.0
sipgeneralcustom.conf
allowguest=no
srvlookup=yes
insecure=invite
language=ru
externip=91.241.4.29
localnet=X.X.X.X/255.255.0.0
videosupport=yes
disallow=all
allow=ulaw
allow=alaw
allow=g729
allow=h263
allow=h263p
allow=h264
sip_additional.conf
[6001]
deny=0.0.0.0/0.0.0.0
type=friend
secret=XXXXXXXXXXXXXXXXXXXX
qualify=yes
port=5060
pickupgroup=
permit=0.0.0.0/0.0.0.0
nat=yes
mailbox=6001@device
host=dynamic
dtmfmode=rfc2833
dial=SIP/6001
context=from-internal
canreinvite=no
callgroup=
callerid=device <6001>
callcounter=yes
faxdetect=no
В логах заметил следующую информацию:
[Jul 19 12:32:29] DEBUG[4878] acl.c: For destination '198.98.113.166', our source address is '91.241.4.29'.
[Jul 19 12:32:29] DEBUG[4878] chan_sip.c: Target address 198.98.113.166:5070 is not local, substituting externaddr
[Jul 19 12:32:29] DEBUG[4878] chansip.c: Setting SIPTRANSPORT_UDP with address 91.241.4.29:5060
[Jul 19 12:32:29] DEBUG[4878] chan_sip.c: Allocating new SIP dialog for a53fb2ba4f2ab4dfef53808d1461a4f5 - INVITE (No RTP)
[Jul 19 12:32:29] DEBUG[4878][C-000001cb] chan_sip.c: Trying to put 'SIP/2.0 401' onto UDP socket destined for 198.98.113.166:5070
[Jul 19 12:32:30] DEBUG[4878][C-000001cb] chan_sip.c: Stopping retransmission on 'a53fb2ba4f2ab4dfef53808d1461a4f5' of Response 1: Match Found
[Jul 19 12:32:30] NOTICE[4878][C-000001cb] chan_sip.c: Failed to authenticate device 104<sip:104@91.241.4.29>;tag=ecb09914
[Jul 19 12:32:30] DEBUG[4878][C-000001cb] chan_sip.c: Trying to put 'SIP/2.0 403' onto UDP socket destined for 198.98.113.166:5070
[Jul 19 12:32:30] DEBUG[4878][C-000001cb] chan_sip.c: Stopping retransmission on 'a53fb2ba4f2ab4dfef53808d1461a4f5' of Response 2: Match Found
Здесь, вроде все понятно - пытается подобрать пароль.... Через некоторое время появилось следующее:
[Jul 19 15:54:33] DEBUG[4878] acl.c: For destination '198.98.113.166', our source address is '91.241.4.29'.
[Jul 19 15:54:33] DEBUG[4878] chan_sip.c: Target address 198.98.113.166:5071 is not local, substituting externaddr
[Jul 19 15:54:33] DEBUG[4878] chansip.c: Setting SIPTRANSPORT_UDP with address 91.241.4.29:5060
[Jul 19 15:54:33] DEBUG[4878] chan_sip.c: Allocating new SIP dialog for 8ee25e2c5b26fddaa4b876632ef7fb0f - INVITE (No RTP)
[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Using engine 'asterisk' for RTP instance '0x2ade5c66f198'
[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Allocated port 15168 for RTP instance '0x2ade5c66f198'
[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: RTP instance '0x2ade5c66f198' is setup and ready to go
[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Using engine 'asterisk' for RTP instance '0x2ade5c3659b8'
[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Allocated port 18166 for RTP instance '0x2ade5c3659b8'
[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: RTP instance '0x2ade5c3659b8' is setup and ready to go
[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Setup RTCP on RTP instance '0x2ade5c3659b8'
[Jul 19 15:54:33] VERBOSE[4878][C-00000208] netsock2.c: == Using SIP VIDEO TOS bits 136
[Jul 19 15:54:33] VERBOSE[4878][C-00000208] netsock2.c: == Using SIP VIDEO CoS mark 6
[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Setup RTCP on RTP instance '0x2ade5c66f198'
[Jul 19 15:54:33] VERBOSE[4878][C-00000208] netsock2.c: == Using SIP RTP TOS bits 184
[Jul 19 15:54:33] VERBOSE[4878][C-00000208] netsock2.c: == Using SIP RTP CoS mark 5
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Setting NAT on RTP to On
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Setting NAT on VRTP to On
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing session-level SDP v=0... UNSUPPORTED OR FAILED.
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing session-level SDP o=sipcli-Session 1528307456 2045990749 IN IP4 198.98.113.166... OK.
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing session-level SDP s=sipcli... UNSUPPORTED OR FAILED.
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing session-level SDP c=IN IP4 198.98.113.166... OK.
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing session-level SDP t=0 0... UNSUPPORTED OR FAILED.
[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Setting payload 18 based on m type on 0x2ade5a276ac0
[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Setting payload 0 based on m type on 0x2ade5a276ac0
[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Setting payload 8 based on m type on 0x2ade5a276ac0
[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Setting payload 101 based on m type on 0x2ade5a276ac0
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=fmtp:101 0-15... UNSUPPORTED OR FAILED.
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=rtpmap:18 G729/8000... OK.
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=rtpmap:0 PCMU/8000... OK.
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=rtpmap:8 PCMA/8000... OK.
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=rtpmap:101 telephone-event/8000... OK.
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=ptime:20... OK.
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=sendrecv... OK.
[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Setting RTCP address on RTP instance '0x2ade5c66f198'
[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Copying payload 0 from 0x2ade5a276ac0 to 0x2ade5c66f360
[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Copying payload 8 from 0x2ade5a276ac0 to 0x2ade5c66f360
[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Copying payload 18 from 0x2ade5a276ac0 to 0x2ade5c66f360
[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Copying payload 101 from 0x2ade5a276ac0 to 0x2ade5c66f360
[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Ignoring duplicate RTCP property on RTP instance '0x2ade5c66f198'
[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Setting RTCP address on RTP instance '0x2ade5c3659b8'
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: We're settling with these formats: (ulaw|alaw|g729)
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Checking SIP call limits for device
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Updating call counter for incoming call
[Jul 19 15:54:33] DEBUG[4854] chan_sip.c: Checking device state for peer 6001
[Jul 19 15:54:33] DEBUG[4854] devicestate.c: Changing state for SIP/6001 - state 5 (Unavailable)
[Jul 19 15:54:33] DEBUG[4854] devicestate.c: device 'SIP/6001' state '5'
[Jul 19 15:54:33] DEBUG[4893] app_queue.c: Device 'SIP/6001' changed to state '5' (Unavailable) but we don't care because they're not a member of any queue.
[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:
Event: Newchannel
Privilege: call,all
Channel: SIP/6001-000000a5
ChannelState: 0
ChannelStateDesc: Down
CallerIDNum: 6001
CallerIDName: device
AccountCode:
Exten: 000972597637295
Context: from-internal
Uniqueid: 1374234873.179
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: * Our native formats are (ulaw)
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: * Joint capabilities are (ulaw|alaw|g729)
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: * Our capabilities are (ulaw|alaw|g729|h263|h263p|h264)
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chansip.c: *** ASTCODEC_CHOOSE formats are ulaw
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: This channel can handle video! HOLLYWOOD next!
[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:
Event: VarSet
Privilege: dialplan,all
Channel: SIP/6001-000000a5
Variable: SIPURI
Value: sip:6001@198.98.113.166:5071
Uniqueid: 1374234873.179
[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:
Event: VarSet
Privilege: dialplan,all
Channel: SIP/6001-000000a5
Variable: SIPDOMAIN
Value: 91.241.4.29
Uniqueid: 1374234873.179
[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:
Event: VarSet
Privilege: dialplan,all
Channel: SIP/6001-000000a5
Variable: SIPCALLID
Value: 8ee25e2c5b26fddaa4b876632ef7fb0f
Uniqueid: 1374234873.179
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chansip.c: buildroute: Contact hop: <sip:6001@198.98.113.166:5071>
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: SIP/6001-000000a5: New call is still down.... Trying...
[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Trying to put 'SIP/2.0 100' onto UDP socket destined for 198.98.113.166:5071
[Jul 19 15:54:33] DEBUG[4854] chan_sip.c: Checking device state for peer 6001
[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:
Event: Newstate
Privilege: call,all
Channel: SIP/6001-000000a5
ChannelState: 4
ChannelStateDesc: Ring
CallerIDNum: 6001
CallerIDName: device
ConnectedLineNum:
ConnectedLineName:
Uniqueid: 1374234873.179
[Jul 19 15:54:33] DEBUG[4854] devicestate.c: Changing state for SIP/6001 - state 5 (Unavailable)
[Jul 19 15:54:33] DEBUG[4854] devicestate.c: device 'SIP/6001' state '5'
[Jul 19 15:54:33] DEBUG[4893] app_queue.c: Device 'SIP/6001' changed to state '5' (Unavailable) but we don't care because they're not a member of any queue.
[Jul 19 15:54:33] DEBUG[15689][C-00000208] pbx.c: Launching 'ResetCDR'
[Jul 19 15:54:33] VERBOSE[15689][C-00000208] pbx.c: -- Executing [000972597637295@from-internal:1] ResetCDR("SIP/6001-000000a5", "") in new stack
[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:
Event: Newexten
Privilege: dialplan,all
Channel: SIP/6001-000000a5
Context: from-internal
Extension: 000972597637295
Priority: 1
Application: ResetCDR
AppData:
Uniqueid: 1374234873.179
[Jul 19 15:54:33] DEBUG[15689][C-00000208] pbx.c: Launching 'NoCDR'
[Jul 19 15:54:33] VERBOSE[15689][C-00000208] pbx.c: -- Executing [000972597637295@from-internal:2] NoCDR("SIP/6001-000000a5", "") in new stack
[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:
Event: Newexten
Privilege: dialplan,all
Channel: SIP/6001-000000a5
Context: from-internal
Extension: 000972597637295
Priority: 2
Application: NoCDR
AppData:
Uniqueid: 1374234873.179
[Jul 19 15:54:33] DEBUG[15689][C-00000208] pbx.c: Launching 'Progress'
[Jul 19 15:54:33] VERBOSE[15689][C-00000208] pbx.c: -- Executing [000972597637295@from-internal:3] Progress("SIP/6001-000000a5", "") in new stack
[Jul 19 15:54:33] DEBUG[15689][C-00000208] chan_sip.c: Setting framing from config on incoming call
[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:
Event: Newexten
Privilege: dialplan,all
Channel: SIP/6001-000000a5
Context: from-internal
Extension: 000972597637295
Priority: 3
Application: Progress
AppData:
Uniqueid: 1374234873.179
[Jul 19 15:54:33] DEBUG[15689][C-00000208] chan_sip.c: ** Our capability: (ulaw|alaw|g729) Video flag: True Text flag: True
[Jul 19 15:54:33] DEBUG[15689][C-00000208] chan_sip.c: ** Our prefcodec: (nothing)
[Jul 19 15:54:33] DEBUG[15689][C-00000208] chan_sip.c: -- Done with adding codecs to SDP
[Jul 19 15:54:33] DEBUG[15689][C-00000208] chan_sip.c: Done building SDP. Settling with this capability: (ulaw|alaw|g729)
[Jul 19 15:54:33] DEBUG[15689][C-00000208] chan_sip.c: Trying to put 'SIP/2.0 183' onto UDP socket destined for 198.98.113.166:5071
[Jul 19 15:54:33] DEBUG[15689][C-00000208] pbx.c: Launching 'Wait'
[Jul 19 15:54:33] VERBOSE[15689][C-00000208] pbx.c: -- Executing [000972597637295@from-internal:4] Wait("SIP/6001-000000a5", "1") in new stack
[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:
Event: Newexten
Privilege: dialplan,all
Channel: SIP/6001-000000a5
Context: from-internal
Extension: 000972597637295
Priority: 4
Application: Wait
AppData: 1
Uniqueid: 1374234873.179
[Jul 19 15:54:33] DEBUG[15689][C-00000208] channel.c: Set channel SIP/6001-000000a5 to write format slin
[Jul 19 15:54:33] DEBUG[15689][C-00000208] channel.c: Scheduling timer at (50 requested / 50 actual) timer ticks per second
[Jul 19 15:54:33] DEBUG[15689][C-00000208] channel.c: Prodding channel 'SIP/6001-000000a5'
[Jul 19 15:54:33] DEBUG[15689][C-00000208] resrtpasterisk.c: Received frame with no data for RTP instance '0x2ade5c66f198' so dropping frame
[Jul 19 15:54:33] DEBUG[15689][C-00000208] channel.c: Started silence generator on 'SIP/6001-000000a5'
[Jul 19 15:54:33] DEBUG[15689][C-00000208] resrtpasterisk.c: Ooh, format changed from unknown to ulaw
[Jul 19 15:54:33] DEBUG[15689][C-00000208] resrtpasterisk.c: Created smoother: format: ulaw ms: 20 len: 160
[Jul 19 15:54:33] DEBUG[15689][C-00000208] resrtpasterisk.c: Starting RTCP transmission on RTP instance '0x2ade5c66f198'
[Jul 19 15:54:34] DEBUG[15689][C-00000208] channel.c: Scheduling timer at (0 requested / 0 actual) timer ticks per second
[Jul 19 15:54:34] DEBUG[15689][C-00000208] channel.c: Stopped silence generator on 'SIP/6001-000000a5'
[Jul 19 15:54:34] DEBUG[15689][C-00000208] channel.c: Set channel SIP/6001-000000a5 to write format ulaw
[Jul 19 15:54:34] DEBUG[15689][C-00000208] pbx.c: Launching 'Progress'
[Jul 19 15:54:34] VERBOSE[15689][C-00000208] pbx.c: -- Executing [000972597637295@from-internal:5] Progress("SIP/6001-000000a5", "") in new stack
[Jul 19 15:54:34] DEBUG[4932] manager.c: Examining event:
Event: Newexten
Privilege: dialplan,all
Channel: SIP/6001-000000a5
Context: from-internal
Extension: 000972597637295
Priority: 5
Application: Progress
AppData:
Uniqueid: 1374234873.179
[Jul 19 15:54:34] DEBUG[15689][C-00000208] pbx.c: Launching 'Playback'
[Jul 19 15:54:34] VERBOSE[15689][C-00000208] pbx.c: -- Executing [000972597637295@from-internal:6] Playback("SIP/6001-000000a5", "silence/1&cannot-complete-as-dialed&check-number-dial-again,noanswer") in new stack
[Jul 19 15:54:34] DEBUG[4932] manager.c: Examining event:
Event: Newexten
Privilege: dialplan,all
Channel: SIP/6001-000000a5
Context: from-internal
Extension: 000972597637295
Priority: 6
Application: Playback
AppData: silence/1&cannot-complete-as-dialed&check-number-dial-again,noanswer
Uniqueid: 1374234873.179
Выходит, он все же смог позвонить через контекст from-internal экстеншена 6001? как это возможно? Экстеншен 6001 даже не был зарегистрирован (+пароль 20 символов)(!) Подскажите ,пожалуйста, куда копать?
регистрация это не обязательное условие для звонка, она нужна чтобы астериск знал где абонент. Мало того что вы совершили великую глупость, выставив астериск в инет, так еще сделали insecure=invite, т.е. вы разрешили всем звонить через ваш астериск без авторизации. Т.е. взлома как такового и не было. Если через вас назвонили на пару килобаксов, то это будет хорошим уроком.
Задан: 2013-07-20 01:37:42 +0400
Просмотрен: 32,647 раз
Обновлен: Jul 20 '13
Проект компании "АТС Дизайн"
Asterisk® и Digium® являются зарегистрированными торговыми марками компании
Digium, Inc., США.
IP АТС Asterisk распространяется под лицензией
GNU GPL.
Спасибо за ответ. мне самому не нравится выставлять Астериск в интернет (к слову, опубликовал я только SIP и RTP), но таково требование бизнеса - сотрудникам необходима возможность подключения к IP АТС, безо всяких VPN. насчет insecure, действительно, в качестве глобального параметра, он мне не нужен - убрал. но если не ошибаюсь, параметр invite не требует аутентификации входящих сообщений INVITE, но никак не позволяет звонить без авторизации через Asterisk?
deni ( 2013-07-21 00:42:29 +0400 )редактироватьеще как, может. вы сими попробуйте с софтфона без регистрации позвонить с включенной опцией insecure=invite
eyt5297 ( 2013-07-22 10:43:51 +0400 )редактироватьДа, Вы правы - можно. не пробовал, более подробно прочитал про этот параметр. Спасибо вам всем большое за помощь!
deni ( 2013-07-23 15:50:43 +0400 )редактировать