nice to see that howto. Thanks.
Maybe interesting for the list - i try to verify the ms-teams calls with tls and use the permission module functions as "helper":
# account only INVITEs
if (is_method("INVITE")) {
setflag(FLT_ACC); # do accounting
xlog("L_INFO", "-----------> tls_peer_subject <$tls_peer_subject> tls_peer_subject_cn <$tls_peer_subject_cn> tls_peer_verified <$tls_peer_verified> tls_peer_server_name <$tls_peer_server_name> \n");
xlog("L_INFO", "-----------> $Ri:$Rp src_user=$fU src_domain=$fd src_ip=$si dst_ouser=$tU dst_user=$rU dst_domain=$rd\n");
if($tls_peer_verified == -1) {
xlog("L_INFO", "tls_peer_subject_cn $tls_peer_subject_cn is NOT verfied!\n");
return;
}
$var(dns) = $tls_peer_subject_cn;
$var(group) = allow_address_group($var(dns), $Rp);
xlog("L_INFO", "-----------> allow_address_group var(group) $var(group) var(dns) $var(dns) Rp $Rp\n");
if ($var(group) == -1) {
xlog("L_INFO", "Trunk is not activate for registrar DNS_GROUP:[$var(dns)], Source: [$si], Destination: [$Ri] Port:[$Rp]\n");
return;
}
}
Oct 30 07:55:46 sbc1 /usr/sbin/kamailio[2689]: INFO: {1 1 INVITE 34b77c805b475a39a669b03544f87fae} <script>: -----------> tls_peer_subject <<null>> tls_peer_subject_cn <
sip.pstnhub.microsoft.com> tls_peer_verified <1> tls_peer_server_name <SBC-DNS-NAME>
Oct 30 07:55:46 sbc1 /usr/sbin/kamailio[2689]: INFO: {1 1 INVITE 34b77c805b475a39a669b03544f87fae} <script>: -----------> allow_address_group var(group) 1 var(dns)
sip.pstnhub.microsoft.com Rp 5061