Yeah, don’t trust that IP range blindly. It’s just Azure space. The only logical approach I’ve seen appears to be certificate validation and checking.
On 20 Feb 2023, at 7:00 pm, Jon Bonilla (Manwe) manwe@sipdoc.net wrote:
Hi
Sorry for the OT but I think here's the place where I an find a lot of Ms teams integrations
I've been working on MS teams direct routing integration for PekePBX. It works. I guess I've done it as everybody else, using Henning's guide as base and extending it for multitenant setup (thanks Henning!)
What I've realized is that the source IP address of calls coming from MS are not always matching dispatcher hosts. Sometimes they come from another source IP and failover to the dispatcher hosts when they receive no response. That makes some of the calls to have an additional latency
Searching in the MS doc I see that they document these nets as source of their signaling:
52.112.0.0/14 52.120.0.0/14
But I've seen IP addresses outside of this range as source. In this blog https://erwinbierens.com/microsoft-teams-direct-routing-ip-addresses/
The ranges are listed as
52.112.0.0/16 52.113.0.0/16 52.114.0.0/16 52.115.0.0/16 52.120.0.0/16 52.121.0.0/16 52.122.0.0/16 52.123.0.0/16
which looks better but scares me out. Having no auth is it secure to bind so many ranges to MS?
Do you use anything else than certificate verification for these calls?
cheers,
Jon
-- PekePBX, the multitenant PBX solution https://pekepbx.com __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: