[SR-Users] routing based on TLS auth
Daniel-Constantin Mierla
miconda at gmail.com
Fri Oct 16 16:31:58 CEST 2015
Hello,
you can get the attributes of the certificate via config variables, see:
https://www.kamailio.org/wiki/cookbooks/4.3.x/pseudovariables#tls_module_pseudo-variables
Based on them, you can decide what provider to be used. For example, you
can keep the relation asterisk/certificate and provider (address) in a
database (see sqlops) or hash table (see htable).
Cheers,
Daniel
On 15/10/15 16:41, Max wrote:
> Hi.
>
> I've got bunch of sip gateways to use and bunch of asterisk instances connecting to
> my Kamailio over TLS (own CA used).
>
> I'd like to match source with destination based on TLS authentication:
>
> * all the calls from asterisk A (TLS cert A) allowed via provider A
> * all the calls from asterisk B (TLS cert B) allowed via provider B
> ...
> * all the incoming calls from provider A forwarded to asterisk A (TLS cert A)
> * all the incoming calls from provider B forwarded to asterisk B (TLS cert B)
> ...
> * calls not coming from provider X or via TLS dropped.
>
> Providers are regular VoIP gateways (login:password, connection via SIP).
>
> I'm pretty sure this is possible with Kamailio but I'd appreciate any examples and
> pointers to modules I should use to implement this. Or detailed explanation of why
> this is a bad idea.
>
> Also, I'm not sure where it's better to place user database - should it be separate
> on per-asterisk basis? Central in Kamailio? No user db needed at all?
>
> cheers,
> Max.
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
More information about the sr-users
mailing list