diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index e39ceae95e763eab1ad5236820cb1323ec2146c3..30a40a0dfb483c2f352f3dff58457fa689cacd53 100755
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -4502,6 +4502,11 @@ static int check_user(struct sip_pvt *p, struct sip_request *req, char *cmd, cha
 					strncpy(p->context, peer->context, sizeof(p->context) - 1);
 				strncpy(p->peersecret, peer->secret, sizeof(p->peersecret) - 1);
 				strncpy(p->peermd5secret, peer->md5secret, sizeof(p->peermd5secret) - 1);
+				if (peer->insecure > 1) {
+					/* Pretend there is no required authentication if insecure is "very" */
+					strcpy(p->peersecret, "");
+					strcpy(p->peermd5secret, "");
+				}
 				p->callgroup = peer->callgroup;
 				p->pickupgroup = peer->pickupgroup;
 				p->capability = peer->capability;
@@ -6704,7 +6709,12 @@ static struct sip_peer *build_peer(char *name, struct ast_variable *v)
 				else
 					peer->capability &= ~format;
 			} else if (!strcasecmp(v->name, "insecure")) {
-				peer->insecure = ast_true(v->value);
+				if (!strcasecmp(v->value, "very")) {
+					peer->insecure = 2;
+				} else if (ast_true(v->value))
+					peer->insecure = 1;
+				else
+					peer->insecure = 0;
 			} else if (!strcasecmp(v->name, "qualify")) {
 				if (!strcasecmp(v->value, "no")) {
 					peer->maxms = 0;
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample
index 0c9dd0ebff0bd55d53c1a998322b0a8044c42ce5..773f3719f108ce2b3bf657d8f93b1594202888fe 100755
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@@ -81,6 +81,8 @@ context = default		; Default context for incoming calls
 ;defaultip=192.168.0.59
 ;mailbox=1234,2345		; Mailbox for message waiting indicator
 ;restrictcid=yes		; To have the callerid restriced -> sent as ANI
+;insecure=yes			; To match a peer based by IP address only and not peer
+;insecure=very			; To allow registered hosts to call without re-authenticating
 
 ;[pingtel]
 ;type=friend