10 Apr
2006
10 Apr
'06
8:21 p.m.
Well... my hack seems to work. I'll see if I managed to break anything,
though. It shouldn't affect reinvites or require using trusted tables as other
machines aren't going to claim they're local users.
The Snom phones will use PKI certs if you want. But I can't guarantee all our
users will want to buy one. ;)
I'm less interested in checking if the host is local to the proxy, though as,
again, we're an open proxy. I just want to avoid bob(a)ourdomain.com (a
non-existent user) using the ourdomain.com proxy to send calls through, having
it trace back to us and causing problems.
N.
On Mon, 10 Apr 2006 20:59:14 +0300, Juha Heinanen wrote
sip writes:
Am I going to have to do a
search("^From:.*@my.domain.com")) and then
proxy_authorise and check from... essentially only authenticating
users who >
claim to be from my system?
there is even a function to check if from host is local to your proxy.
I'll give it a shot. Seems kind of backward,
though.
another option is to use pki certificates that both UAs can verify, but
i haven't seen those implemented in UAs.
-- juha