Hi All,
I am using the following if statement to allow certain calls from pre authorized IPs.
if ( method == "INVITE" && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx) {
My issues is the number of IPs that need to be authorized this way is getting large and was wondering if there's a module that can be used to read config date from a config file ?
regards,
Ron ________________________________________________________________________ Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
You can use permissions module.
http://www.openser.org/docs/modules/1.1.x/permissions.html
this is an example of with trusted_table.....
loadmodule "/usr/local/lib/openser/modules/permissions.so"
modparam("permissions", "db_url", "postgres or mysql://username:password@localhost/dbname")
#---- Permissions_Module_Parameters ----- modparam("permissions", "db_mode", 0) modparam("permissions", "trusted_table", "trusted") modparam("permissions", "source_col", "src_ip") modparam("permissions", "proto_col", "proto") modparam("permissions", "from_col", "from_pattern")
route[3] {
# ----------------------------------------------------------------- # INVITE Message Handler # -----------------------------------------------------------------
if (allow_trusted()) { route(4); # NAT Traversal Section route(5); # PSTN Handler return; };
Welcome to psql 7.4.13, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms \h for help with SQL commands ? for help on internal slash commands \g or terminate with semicolon to execute query \q to quit dbname=> select * from trusted; src_ip | proto | from_pattern -----------------+-------+------------------------------- 10.1.1.5 | udp | ^sip:120*@*
Regards, Hakan.
----- Original Message ----- From: ronn100200@aim.com To: users@openser.org Sent: Monday, August 14, 2006 5:39 PM Subject: [Users] Module for Config files
Hi All,
I am using the following if statement to allow certain calls from pre authorized IPs.
if ( method == "INVITE" && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx) {
My issues is the number of IPs that need to be authorized this way is getting large and was wondering if there's a module that can be used to read config date from a config file ?
regards,
Ron
------------------------------------------------------------------------------ Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
------------------------------------------------------------------------------
_______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hello Hakan,
I have attached my openser.cfg file if you can see any error:
DB entry is:
select * from trusted where src_ip = '82.113.11.12'; +--------------+-------+--------------+------+ | src_ip | proto | from_pattern | tag | +--------------+-------+--------------+------+ | 82.113.11.12 | udp | ^sip:00*@* | NULL | +--------------+-------+--------------+------+
=====
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/textops.so"
loadmodule "/usr/local/lib/openser/modules/permissions.so" loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" loadmodule "/usr/local/lib/openser/modules/nathelper.so" loadmodule "/usr/local/lib/openser/modules/uri_db.so" loadmodule "/usr/local/lib/openser/modules/uri.so" loadmodule "/usr/local/lib/openser/modules/dispatcher.so"
# ----------------- setting module-specific parameters ---------------
#---- Permissions_Module_Parameters ----- modparam("permissions", "db_mode", 0) modparam("permissions", "trusted_table", "trusted") modparam("permissions", "source_col", "src_ip") modparam("permissions", "proto_col", "proto") modparam("permissions", "from_col", "from_pattern")
modparam("permissions", "db_url", "mysql://openser:openserrw@localhost/openser") # -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database modparam("auth_db|uri_db|usrloc", "db_url", "mysql://openser:openserrw@localhost/openser")
modparam("auth_db", "use_domain", 1) modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password")
modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")
modparam( "registrar", "append_branches", 1 ) modparam( "registrar", "desc_time_order", 1 ) modparam( "registrar", "nat_flag", 6 )
modparam("usrloc", "db_mode", 2)
##modparam("rr", "enable_full_lr", 1) ####### end old ser
# -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route {
########### if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); return; };
if (msg:len > max_len) { sl_send_reply("513", "Message Overflow"); return; };
############### if ( method != "REGISTER" ) { record_route(); };
if ( nat_uac_test( "3" ) ) { setflag( 6 ); force_rport(); fix_nated_contact(); };
if ( method=="INVITE" ) { force_rtp_proxy(); };
if ( loose_route() ) { route( 1 ); return; };
if ( uri == myself ) { if ( method == "REGISTER" ) { if ( ! www_authorize( "", "subscriber" ) ) { www_challenge( "", "0" ); return; };
if ( ! check_to() ) { sl_send_reply( "403", "Authentication user must match username" ); return; };
save( "location" ); return; };
if (allow_trusted()) {
if ( uri =~ "sip:00[1-9]+@.*" ) {
if ( src_ip == 82.113.11.12){ prefix("2333"); };
prefix("11"); ds_select_dst( "1", "0" ); route( 1 ); return; }
};
} else { if ( method == "INVITE" ) { sl_send_reply( "403", "Host part forbidden" ); return; }; };
route( 1 ); }
route[1] { t_on_reply( "1" ); if ( ! t_relay() ) { sl_reply_error(); }; }
onreply_route[1] { if ( status =~ "(180)|(183)|2[0-9][0-9]" ) { if ( ! search( "^Content-Length:\ +0" ) ) { force_rtp_proxy(); }; };
if ( nat_uac_test( "3" ) ) { force_rport(); fix_nated_contact(); }; }
##=================
-----Original Message----- From: hakanyasti@gmail.com To: ronn100200@aim.com; users@openser.org Sent: Mon, 14 Aug 2006 8:10 AM Subject: Re: [Users] Module for Config files
You can use permissions module. http://www.openser.org/docs/modules/1.1.x/permissions.html this is an example of with trusted_table..... loadmodule "/usr/local/lib/openser/modules/permissions.so" modparam("permissions", "db_url", "postgres or mysql://username:password@localhost/dbname") #---- Permissions_Module_Parameters ----- modparam("permissions", "db_mode", 0) modparam("permissions", "trusted_table", "trusted") modparam("permissions", "source_col", "src_ip") modparam("permissions", "proto_col", "proto") modparam("permissions", "from_col", "from_pattern") route[3] { # ----------------------------------------------------------------- # INVITE Message Handler # ----------------------------------------------------------------- if (allow_trusted()) { route(4); # NAT Traversal Section route(5); # PSTN Handler return; }; Welcome to psql 7.4.13, the PostgreSQL interactive terminal. Type: \copyright for distribution terms \h for help with SQL commands ? for help on internal slash commands \g or terminate with semicolon to execute query \q to quit dbname=> select * from trusted; src_ip | proto | from_pattern -----------------+-------+------------------------------- 10.1.1.5 | udp | ^sip:120*@* Regards, Hakan. ----- Original Message ----- From: ronn100200@aim.com To: users@openser.org Sent: Monday, August 14, 2006 5:39 PM Subject: [Users] Module for Config files Hi All,
I am using the following if statement to allow certain calls from pre authorized IPs.
if ( method == "INVITE" && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx) {
My issues is the number of IPs that need to be authorized this way is getting large and was wondering if there's a module that can be used to read config date from a config file ?
regards,
Ron Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
________________________________________________________________________ Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
Ser can something like ...src_ip != 195.xxx.xxx.128/25... (which is quite cheap). Probably OpenSer can do this, too.
On 8/14/06, ronn100200@aim.com ronn100200@aim.com wrote:
Hi All,
I am using the following if statement to allow certain calls from pre authorized IPs.
if ( method == "INVITE" && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx) {
My issues is the number of IPs that need to be authorized this way is getting large and was wondering if there's a module that can be used to read config date from a config file ?
regards,
Ron
*Check Out the new free AIM(R) Mail*http://pr.atwola.com/promoclk/100122638x1081283466x1074645346/aol?redir=http%3A%2F%2Fwww%2Eaim%2Ecom%2Ffun%2Fmail%2F-- 2 GB of storage and industry-leading spam and email virus protection.
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
If you cannot apply a mask to match the IP, you can use database to store the list of IP addresses and the via avpops module check if the source IP address is there. See avp_db_query():
http://www.openser.org/docs/modules/1.1.x/avpops.html#AEN268
IP/mask can be used with openser as well.
Cheers, Daniel
On 08/14/06 18:22, Weiter Leiter wrote:
Ser can something like ...src_ip != 195.xxx.xxx.128/25... (which is quite cheap). Probably OpenSer can do this, too.
On 8/14/06, * ronn100200@aim.com mailto:ronn100200@aim.com* <ronn100200@aim.com mailto:ronn100200@aim.com> wrote:
Hi All, I am using the following if statement to allow certain calls from pre authorized IPs. if ( method == "INVITE" && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx) { My issues is the number of IPs that need to be authorized this way is getting large and was wondering if there's a module that can be used to read config date from a config file ? regards, Ron ------------------------------------------------------------------------ *Check Out the new free AIM(R) Mail * <http://pr.atwola.com/promoclk/100122638x1081283466x1074645346/aol?redir=http%3A%2F%2Fwww%2Eaim%2Ecom%2Ffun%2Fmail%2F> -- 2 GB of storage and industry-leading spam and email virus protection. _______________________________________________ Users mailing list Users@openser.org <mailto:Users@openser.org> http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi Hakan,
I have followed your example but openser is still doing SIP/2.0 407 Proxy Authentication Required.
When I start openser I'm seeing these messages:
0(0) WARNING: File not found: /usr/local/etc/openser/permissions.allow 0(0) Default allow file (/usr/local/etc/openser/permissions.allow) not found => empty rule set 0(0) WARNING: File not found: /usr/local/etc/openser/permissions.deny 0(0) Default deny file (/usr/local/etc/openser/permissions.deny) not found => empty rule set
Do I need to specify the default permission files for this to work?
thanks,
Ron
-----Original Message----- From: bp4mls@googlemail.com To: ronn100200@aim.com Cc: users@openser.org Sent: Mon, 14 Aug 2006 8:22 AM Subject: Re: [Users] Module for Config files
Ser can something like ...src_ip != 195.xxx.xxx.128/25... (which is quite cheap). Probably OpenSer can do this, too.
On 8/14/06, ronn100200@aim.com ronn100200@aim.com wrote: Hi All,
I am using the following if statement to allow certain calls from pre authorized IPs.
if ( method == "INVITE" && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx) {
My issues is the number of IPs that need to be authorized this way is getting large and was wondering if there's a module that can be used to read config date from a config file ?
regards,
Ron Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
_______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
________________________________________________________________________ Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
Hello,
On 08/15/06 15:29, ronn100200@aim.com wrote:
Hi Hakan,
I have followed your example but openser is still doing SIP/2.0 407 Proxy Authentication Required.
the 407 is generated by proxy_challenge() function from auth module. It is not related to permissions module.
http://www.openser.org/docs/modules/1.1.x/auth.html#AEN148
Cheers, Daniel
When I start openser I'm seeing these messages:
0(0) WARNING: File not found: /usr/local/etc/openser/permissions.allow 0(0) Default allow file (/usr/local/etc/openser/permissions.allow) not found => empty rule set 0(0) WARNING: File not found: /usr/local/etc/openser/permissions.deny 0(0) Default deny file (/usr/local/etc/openser/permissions.deny) not found => empty rule set
Do I need to specify the default permission files for this to work?
thanks,
Ron
-----Original Message----- From: bp4mls@googlemail.com To: ronn100200@aim.com Cc: users@openser.org Sent: Mon, 14 Aug 2006 8:22 AM Subject: Re: [Users] Module for Config files
Ser can something like ...src_ip != 195.xxx.xxx.128/25... (which is quite cheap). Probably OpenSer can do this, too.
On 8/14/06, * ronn100200@aim.com javascript:parent.ComposeTo('ronn100200@aim.com');* <ronn100200@aim.com javascript:parent.ComposeTo('ronn100200@aim.com');> wrote:
Hi All, I am using the following if statement to allow certain calls from pre authorized IPs. if ( method == "INVITE" && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx) { My issues is the number of IPs that need to be authorized this way is getting large and was wondering if there's a module that can be used to read config date from a config file ? regards, Ron ------------------------------------------------------------------------ *Check Out the new free AIM(R) Mail * <http://pr.atwola.com/promoclk/100122638x1081283466x1074645346/aol?redir=http%3A%2F%2Fwww%2Eaim%2Ecom%2Ffun%2Fmail%2F> -- 2 GB of storage and industry-leading spam and email virus protection. _______________________________________________ Users mailing list Users@openser.org <javascript:parent.ComposeTo('Users@openser.org');> http://openser.org/cgi-bin/mailman/listinfo/users
*Check Out the new free AIM(R) Mail* http://pr.atwola.com/promoclk/100122638x1081283466x1074645346/aol?redir=http%3A%2F%2Fwww%2Eaim%2Ecom%2Ffun%2Fmail%2F
-- 2 GB of storage and industry-leading spam and email virus protection.
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi Ron,
The messages are just "warnings". Sample files can be found in the source tree at: sip-server/modules/permissions/config
Perhaps placing entries into the "trusted" table will help solve your problem. I don't know if the trusted table supports wildcard matching of the IP address, if not, it might be a good enhancement.
Regards, Norm
ronn100200@aim.com wrote:
Hi Hakan,
I have followed your example but openser is still doing SIP/2.0 407 Proxy Authentication Required.
When I start openser I'm seeing these messages:
0(0) WARNING: File not found: /usr/local/etc/openser/permissions.allow 0(0) Default allow file (/usr/local/etc/openser/permissions.allow) not found => empty rule set 0(0) WARNING: File not found: /usr/local/etc/openser/permissions.deny 0(0) Default deny file (/usr/local/etc/openser/permissions.deny) not found => empty rule set
Do I need to specify the default permission files for this to work?
thanks,
Ron
-----Original Message----- From: bp4mls@googlemail.com To: ronn100200@aim.com Cc: users@openser.org Sent: Mon, 14 Aug 2006 8:22 AM Subject: Re: [Users] Module for Config files
Ser can something like ...src_ip != 195.xxx.xxx.128/25... (which is quite cheap). Probably OpenSer can do this, too.
On 8/14/06, ronn100200@aim.com ronn100200@aim.com wrote: Hi All,
I am using the following if statement to allow certain calls from pre authorized IPs.
if ( method == "INVITE" && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx) {
My issues is the number of IPs that need to be authorized this way is getting large and was wondering if there's a module that can be used to read config date from a config file ?
regards,
Ron Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.10/418 - Release Date: 8/14/2006
Check the values from the sip message coming to your proxy with the values at trusted table. May be you mismatch something there.
Hakan.
----- Original Message ----- From: ronn100200@aim.com To: bp4mls@googlemail.com Cc: users@openser.org Sent: Tuesday, August 15, 2006 3:29 PM Subject: Re: [Users] Module for Config files
Hi Hakan,
I have followed your example but openser is still doing SIP/2.0 407 Proxy Authentication Required.
When I start openser I'm seeing these messages:
0(0) WARNING: File not found: /usr/local/etc/openser/permissions.allow 0(0) Default allow file (/usr/local/etc/openser/permissions.allow) not found => empty rule set 0(0) WARNING: File not found: /usr/local/etc/openser/permissions.deny 0(0) Default deny file (/usr/local/etc/openser/permissions.deny) not found => empty rule set
Do I need to specify the default permission files for this to work?
thanks,
Ron
-----Original Message----- From: bp4mls@googlemail.com To: ronn100200@aim.com Cc: users@openser.org Sent: Mon, 14 Aug 2006 8:22 AM Subject: Re: [Users] Module for Config files
Ser can something like ...src_ip != 195.xxx.xxx.128/25... (which is quite cheap). Probably OpenSer can do this, too.
On 8/14/06, ronn100200@aim.com ronn100200@aim.com wrote: Hi All,
I am using the following if statement to allow certain calls from pre authorized IPs.
if ( method == "INVITE" && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx) {
My issues is the number of IPs that need to be authorized this way is getting large and was wondering if there's a module that can be used to read config date from a config file ?
regards,
Ron
---------------------------------------------------------------------------- Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
_______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
------------------------------------------------------------------------------ Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
------------------------------------------------------------------------------
_______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Daniel-Constantin Mierla -
Hakan YASTI -
Norman Brandinger -
ronn100200@aim.com -
Weiter Leiter