System information

ManualsBrandsATech Machine ManualsComputer equipmentLIBRA-02 M

541

542

543

544

545

546

547

548

549

550

We’ve added the keyword bypass to the end of the lookup in order to bypass the cache

(in case we wish to perform several tests):

vancouver*CLI> dundi lookup 1000@extensions bypass

1. 0 SIP/dundi:very_secret_secret@172.16.0.161/1000 (EXISTS)

from ff:ff:ff:ff:ff:ff, expires in 3600 s

DUNDi lookup completed in 12 ms

The response of SIP/dundi:very_secret_secret@172.16.0.161/1000 gives us an address

that we can use to call extension 1000. (Of course, we can’t use this address at the

moment because we haven’t configured any peers on the Toronto (or Vancouver) sys-

tem to actually receive the call, but at least we have the DUNDi lookup portion working

now!) In the next section we’ll explore how to receive calls into our system after we’ve

replied to a DUNDi response.

Allowing Remote Connections

Within our sip.conf file, we need to enable a peer that we can accept calls from and

handle that peer’s calls in the dialplan appropriately. The authentication is done using

a password as defined in the mapping within dundi.conf.

If you’re using iax.conf, you can use the ${SECRET} variable in the map-

ping in place of the password, which is dynamically replaced with a

rotated key and is refreshed every 3600 seconds (1 hour). The value of

the secret key is stored in the Asterisk database and is accessed using

the dbsecret option within the peer definition of iax.conf.

Here is the user definition for the dundi user as defined in sip.conf:

[dundi]

type=user

secret=very_secret_secret

context=DUNDi_Incoming

disallow=all

allow=ulaw

allow=alaw

The context entry, DUNDi_Incoming, is where authorized callers are sent in exten-

sions.conf. From there, we can control the call just as we would in the dialplan of any

other incoming connection.

We could also use the permit and deny options for the peer in sip.conf

to control which IP addresses we’ll accept calls from. Controlling the IP

addresses will give us an extra layer of security if we’re only expecting

calls from known endpoints, such as those within our organization.

Be sure to reload chan_sip.so to enable the newly created user in sip.conf:

514 | Chapter 23: Distributed Universal Number Discovery (DUNDi)