Routing. Customers Auths. Match conditions issue

przeqpiciel · December 23, 2021, 1:01pm

Hi,
I have at this moment yeti-switch all-in-one (all components at one machine). Could you say what purpose have IP field in Match conditions section?

I though this is to authorize incoming SIP signalling by IP but I have to provide Kamailio IP to make it work. It is bug? I dont know how to configure it?

EAfang · December 23, 2021, 3:13pm

The Match Condition IP field is where you specify the IP Address of your customer (traffic originator).

You usually would not need the kamalio Load Balancer installed if using the all-in-one machine. But if you still wish to specify the Kamalio LB IP, you do this under System → Load Balancers.

For quickly getting started, you can refer to
https://yeti-switch.org/docs/en/quick-start/quick_start.html

przeqpiciel · December 23, 2021, 3:41pm

Ok, I dont want provide Kamailio LB IP, I want provide my customer IP as it is desired. But If I put there IP of customer then I have got 403 - customer not found or locked, after change IP to Kamailio LB IP it works

EAfang · December 23, 2021, 4:11pm

OK, I see why. You call flow is like this:
Customer → Kamalio LB → SEMS
So because SEMS is not receiving directly from customers, you need to use the X Yeti Auth field. Kamalio will pass the customer’s IP and you can match it using the X Yeti Auth field. I don’t remember how again (might need to install an LB to be remember)

refer to: SIP INVITE via LoadBalaner with Require Incoming Auth Enabled - #6 by rabbani

przeqpiciel · December 23, 2021, 4:17pm

In dee, the flow which you describe is exactly what i have, now I checked my Load Balancers and there is something what I screwed. I put there IP and PORT instead just only IP xD

Solved

dmitry.s · December 24, 2021, 1:29pm

if you have kamailio LB as frontend you have to add IP of this LB to trusted IPs at System->components->load balancers. Then you will be able to use IP field at customer auth(put customer IP there).

dmitry.s · December 24, 2021, 1:33pm

No. X Yeti Auth is not designed for this. If SIP signalling IP in trusted list (system->components->load balancers) yeti will use customer ip from special headers X-ORIG… yeti-lb/src/kamailio-yeti.cfg at master · yeti-switch/yeti-lb · GitHub instead of transport IP address

przeqpiciel · December 24, 2021, 1:58pm

Totally agree, kamailio adds few headers with IP and port of origination part. I added ( in dee, correct the IP of lb) and now authentication works