[SR-Users] Re: OT: MS Teams source IP address ranges

Hello, correct me if I am wrong, but the second group of addresses ("/16") is included in the first group ("/14"), right? Regarding the large IP scope, this is the way Microsoft designed it, unfortunately. There is not that much what you can do about. Cheers, Henning -----Original Message----- From: Jon Bonilla (Manwe) <manwe(a)sipdoc.net> Sent: Montag, 20. Februar 2023 09:12 To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Subject: [SR-Users] OT: MS Teams source IP address ranges Hi Sorry for the OT but I think here's the place where I an find a lot of Ms teams integrations I've been working on MS teams direct routing integration for PekePBX. It works. I guess I've done it as everybody else, using Henning's guide as base and extending it for multitenant setup (thanks Henning!) What I've realized is that the source IP address of calls coming from MS are not always matching dispatcher hosts. Sometimes they come from another source IP and failover to the dispatcher hosts when they receive no response. That makes some of the calls to have an additional latency Searching in the MS doc I see that they document these nets as source of their signaling: 52.112.0.0/14 52.120.0.0/14 But I've seen IP addresses outside of this range as source. In this blog https://erwinbierens.com/microsoft-teams-direct-routing-ip-addresses/ The ranges are listed as 52.112.0.0/16 52.113.0.0/16 52.114.0.0/16 52.115.0.0/16 52.120.0.0/16 52.121.0.0/16 52.122.0.0/16 52.123.0.0/16 which looks better but scares me out. Having no auth is it secure to bind so many ranges to MS? Do you use anything else than certificate verification for these calls? cheers, Jon -- PekePBX, the multitenant PBX solution https://pekepbx.com