Hello to all Is is possible to implement IP authentication in Kamailio? Does Kamailio has a manual to do that? Thanks regards Joao Pereira
On Thursday 11 March 2010, Joao Gomes Pereira wrote:
Is is possible to implement IP authentication in Kamailio? Does Kamailio has a manual to do that?
Hi Joao,
you refer to allowing certain peers to bypass your authentification logic in the script and setting up calls? Sure, this is possible. Just add some logic that checks for a certain IP address and then route the call as you like.
something like:
if (src_ip!=1.2.3.4/24) { # do routing.. } else { # do normal authentification }
you could also use PVs to do this, i think the right one is $si.
Cheers,
Henning
2010/3/11 Henning Westerholt henning.westerholt@1und1.de:
On Thursday 11 March 2010, Joao Gomes Pereira wrote:
Is is possible to implement IP authentication in Kamailio? Does Kamailio has a manual to do that?
Hi Joao,
you refer to allowing certain peers to bypass your authentification logic in the script and setting up calls? Sure, this is possible. Just add some logic that checks for a certain IP address and then route the call as you like.
something like:
if (src_ip!=1.2.3.4/24) { # do routing.. } else { # do normal authentification }
you could also use PVs to do this, i think the right one is $si.
I recommend using the permissions module ("address" table). Very powerful and efficient for such scenarios.
Regards.
On Thursday 11 March 2010, Iñaki Baz Castillo wrote:
you refer to allowing certain peers to bypass your authentification logic in the script and setting up calls? Sure, this is possible. Just add some logic that checks for a certain IP address and then route the call as you like.
something like:
if (src_ip!=1.2.3.4/24) { # do routing.. } else { # do normal authentification }
you could also use PVs to do this, i think the right one is $si.
I recommend using the permissions module ("address" table). Very powerful and efficient for such scenarios.
Hi Iñaki,
this is of course better. Don't used it that much, for no particular reason, so i usually don't thought about it.
Cheers,
Henning
2010/3/11 Henning Westerholt henning.westerholt@1und1.de:
Hi Iñaki,
this is of course better. Don't used it that much, for no particular reason, so i usually don't thought about it.
I use it in production. It's great as it loads the IP's or networks into memory (reloadable via MI command) :) It also returns a $rc code according to the "grp" column of the mathing row in the "address" table so you can identify the client id.
Regards.
Thanks for the help And would be possible to have the IPs in the Database, so I don't need to change Kamailio configuration every time I want to add a new IP? What would be the correct table? Thanks Regards Joao Pereira
Em 11-03-2010 18:05, Iñaki Baz Castillo escreveu:
2010/3/11 Henning Westerholthenning.westerholt@1und1.de:
Hi Iñaki,
this is of course better. Don't used it that much, for no particular reason, so i usually don't thought about it.
I use it in production. It's great as it loads the IP's or networks into memory (reloadable via MI command) :) It also returns a $rc code according to the "grp" column of the mathing row in the "address" table so you can identify the client id.
Regards.
2010/3/12 Joao Gomes Pereira gomespereira@startel.pt:
Thanks for the help And would be possible to have the IPs in the Database, so I don't need to change Kamailio configuration every time I want to add a new IP? What would be the correct table?
Please, check the documentation of the "permissions" module.
Joao,
If you are going to use many hosts/subnets you can use permissions module.
I use it to permit SIP traffic and to avoid auth.
Rgds, Uriel
On Thu, Mar 11, 2010 at 1:46 PM, Henning Westerholt < henning.westerholt@1und1.de> wrote:
On Thursday 11 March 2010, Joao Gomes Pereira wrote:
Is is possible to implement IP authentication in Kamailio? Does Kamailio has a manual to do that?
Hi Joao,
you refer to allowing certain peers to bypass your authentification logic in the script and setting up calls? Sure, this is possible. Just add some logic that checks for a certain IP address and then route the call as you like.
something like:
if (src_ip!=1.2.3.4/24) { # do routing.. } else { # do normal authentification }
you could also use PVs to do this, i think the right one is $si.
Cheers,
Henning
Kamailio (OpenSER) - Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
Don't forget that IP spoofing is very easy with UDP and a single faked INVITE can trigger calls to expensive numbers.
Also, if you do authentication based on source IP you should also use the src IP for billing identification (not From URI)
regards klaus
Am 11.03.2010 17:41, schrieb Joao Gomes Pereira:
Hello to all Is is possible to implement IP authentication in Kamailio? Does Kamailio has a manual to do that? Thanks regards Joao Pereira
-
Henning Westerholt -
Iñaki Baz Castillo -
Joao Gomes Pereira -
Klaus Darilion -
Uriel Rozenbaum