11 Mar
2010
11 Mar
'10
6:41 p.m.
Hello to all
Is is possible to implement IP authentication in Kamailio?
Does Kamailio has a manual to do that?
Thanks
regards
Joao Pereira
--
StarTel - A Rede Livre
Joao Gomes Pereira
www.startel.pt
+351 304500650
sip: gomespereira(a)startel.pt
11 Mar
11 Mar
6:46 p.m.
On Thursday 11 March 2010, Joao Gomes Pereira wrote:
Is is possible to implement IP authentication in
Kamailio?
Does Kamailio has a manual to do that?
Hi Joao,
you refer to allowing certain peers to bypass your authentification logic in
the script and setting up calls? Sure, this is possible. Just add some logic
that checks for a certain IP address and then route the call as you like.
something like:
if (src_ip!=1.2.3.4/24) {
# do routing..
} else {
# do normal authentification
}
you could also use PVs to do this, i think the right one is $si.
Cheers,
Henning
7:48 p.m.
2010/3/11 Henning Westerholt <henning.westerholt(a)1und1.de>de>:
On Thursday 11 March 2010, Joao Gomes Pereira wrote:
I recommend using the permissions module ("address" table). Very
powerful and efficient for such scenarios.
Regards.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
Is is possible to implement IP authentication in
Kamailio?
Does Kamailio has a manual to do that?
Hi Joao,
you refer to allowing certain peers to bypass your authentification logic in
the script and setting up calls? Sure, this is possible. Just add some logic
that checks for a certain IP address and then route the call as you like.
something like:
if (src_ip!=1.2.3.4/24) {
# do routing..
} else {
# do normal authentification
}
you could also use PVs to do this, i think the right one is $si.
7:52 p.m.
On Thursday 11 March 2010, Iñaki Baz Castillo wrote:
Hi Iñaki,
this is of course better. Don't used it that much, for no particular reason,
so i usually don't thought about it.
Cheers,
Henning
you refer to
allowing certain peers to bypass your authentification logic
in the script and setting up calls? Sure, this is possible. Just add some
logic that checks for a certain IP address and then route the call as you
like.
something like:
if (src_ip!=1.2.3.4/24) {
# do routing..
} else {
# do normal authentification
}
you could also use PVs to do this, i think the right one is $si.
I recommend using the permissions module ("address" table). Very
powerful and efficient for such scenarios.
8:05 p.m.
2010/3/11 Henning Westerholt <henning.westerholt(a)1und1.de>de>:
Hi Iñaki,
this is of course better. Don't used it that much, for no particular reason,
so i usually don't thought about it.
I use it in production. It's great as it loads the IP's or networks
into memory (reloadable via MI command) :)
It also returns a $rc code according to the "grp" column of the
mathing row in the "address" table so you can identify the client id.
Regards.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
12 Mar
12 Mar
11:02 a.m.
Thanks for the help
And would be possible to have the IPs in the Database, so I don't need
to change Kamailio configuration every time I want to add a new IP?
What would be the correct table?
Thanks
Regards
Joao Pereira
Em 11-03-2010 18:05, Iñaki Baz Castillo escreveu:
2010/3/11 Henning
Westerholt<henning.westerholt(a)1und1.de>de>:
Hi Iñaki,
this is of course better. Don't used it that much, for no particular reason,
so i usually don't thought about it.
I use it in production. It's great as it loads the IP's or networks
into memory (reloadable via MI command) :)
It also returns a $rc code according to the "grp" column of the
mathing row in the "address" table so you can identify the client id.
Regards.
noon
2010/3/12 Joao Gomes Pereira <gomespereira(a)startel.pt>pt>:
Thanks for the help
And would be possible to have the IPs in the Database, so I don't need to
change Kamailio configuration every time I want to add a new IP?
What would be the correct table?
Please, check the documentation of the "permissions" module.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
11 Mar
11 Mar
7:49 p.m.
Joao,
If you are going to use many hosts/subnets you can use permissions module.
I use it to permit SIP traffic and to avoid auth.
Rgds,
Uriel
On Thu, Mar 11, 2010 at 1:46 PM, Henning Westerholt <
henning.westerholt(a)1und1.de> wrote:
On Thursday 11 March 2010, Joao Gomes Pereira wrote:
Is is possible to implement IP authentication in
Kamailio?
Does Kamailio has a manual to do that?
Hi Joao,
you refer to allowing certain peers to bypass your authentification logic
in
the script and setting up calls? Sure, this is possible. Just add some
logic
that checks for a certain IP address and then route the call as you like.
something like:
if (src_ip!=1.2.3.4/24) {
# do routing..
} else {
# do normal authentification
}
you could also use PVs to do this, i think the right one is $si.
Cheers,
Henning
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
12 Mar
12 Mar
11:06 a.m.
Don't forget that IP spoofing is very easy with UDP and a single faked
INVITE can trigger calls to expensive numbers.
Also, if you do authentication based on source IP you should also use
the src IP for billing identification (not From URI)
regards
klaus
Am 11.03.2010 17:41, schrieb Joao Gomes Pereira:
Hello to all
Is is possible to implement IP authentication in Kamailio?
Does Kamailio has a manual to do that?
Thanks
regards
Joao Pereira
5369
days inactive
5370
days old
8 comments
5 participants
participants (5)
-
Henning Westerholt -
Iñaki Baz Castillo -
Joao Gomes Pereira -
Klaus Darilion -
Uriel Rozenbaum