Hi,
customers PBX----trunk-----kamailio------------freeswitch-------------carrier
We already add Trusted IP’s via SIREMIS 4.0
is it possible with Kamailio to have customers calls come in on a trusted IP and when they send calls we add a header with a [client id] which we can remove on the next ip switch upstream
So example
Call comes in from customer with IP: their trusted IP source xx.xx.xx.xx add header with their client ID
route to PSTN
Then my upstream switch will process the customers call and remove the header before sending to our voip carrier. Basically my ip switch will evaluate the client id header for billing, process and strip the header back out.
Thanks
Tony
On Thursday 27 February 2014 18:06:13 Tony Turner wrote:
is it possible with Kamailio to have customers calls come in on a trusted IP and when they send calls we add a header with a [client id] which we can remove on the next ip switch upstream
So example
Call comes in from customer with IP: their trusted IP source xx.xx.xx.xx add header with their client ID
Offcourse this is possible. I do something similar to indicat to upstream sip servers the call is accounted for.
I store trusted IPs in the address table and check for INVITES from those IPs. If one matches I make a lookup in the usr_preferences table to figure out what client it is for:
route[AUTHENTICATE] { if(!is_method("REGISTER") && allow_address("3", "$si", "$sp") && $proto=="tcp") { if(!avp_db_query("select username from usr_preferences where attribute='ip_authentication' and (value='$si:$sp' or value like '$si:%') order by length(value) limit 1")) { sl_send_reply("403", "Not Allowed"); exit; }
$avp(au)=$avp(i:1); } else { #normal authentication ...
append_hf() to append a header. Be sure to remove the header from all incoming requests first (remove_hf()).
BTW this is insecure for udp traffic. If someone is able to spoof source adresses this might be abused, hence the tcp only condition.
Hi Daniel,
Perfect thanks
regards
Tony
-----Original Message----- From: Daniel Tryba Sent: Friday, February 28, 2014 9:29 AM To: sr-users@lists.sip-router.org Subject: Re: [SR-Users] Add Header
On Thursday 27 February 2014 18:06:13 Tony Turner wrote:
is it possible with Kamailio to have customers calls come in on a trusted IP and when they send calls we add a header with a [client id] which we can remove on the next ip switch upstream
So example
Call comes in from customer with IP: their trusted IP source xx.xx.xx.xx add header with their client ID
Offcourse this is possible. I do something similar to indicat to upstream sip servers the call is accounted for.
I store trusted IPs in the address table and check for INVITES from those IPs. If one matches I make a lookup in the usr_preferences table to figure out what client it is for:
route[AUTHENTICATE] { if(!is_method("REGISTER") && allow_address("3", "$si", "$sp") && $proto=="tcp") { if(!avp_db_query("select username from usr_preferences where attribute='ip_authentication' and (value='$si:$sp' or value like '$si:%') order by length(value) limit 1")) { sl_send_reply("403", "Not Allowed"); exit; }
$avp(au)=$avp(i:1); } else { #normal authentication ...
append_hf() to append a header. Be sure to remove the header from all incoming requests first (remove_hf()).
BTW this is insecure for udp traffic. If someone is able to spoof source adresses this might be abused, hence the tcp only condition.
-
Daniel Tryba -
Tony Turner