[SR-Users] routing based on TLS auth

Daniel-Constantin Mierla miconda at gmail.com
Fri Oct 16 16:31:58 CEST 2015


you can get the attributes of the certificate via config variables, see:


Based on them, you can decide what provider to be used. For example, you
can keep the relation asterisk/certificate and provider (address) in a
database (see  sqlops) or hash table (see htable).


On 15/10/15 16:41, Max wrote:
> Hi.
> I've got bunch of sip gateways to use and bunch of asterisk instances connecting to
> my Kamailio over TLS (own CA used).
> I'd like to match source with destination based on TLS authentication:
> * all the calls from asterisk A (TLS cert A) allowed via provider A
> * all the calls from asterisk B (TLS cert B) allowed via provider B
> ...
> * all the incoming calls from provider A forwarded to asterisk A (TLS cert A)
> * all the incoming calls from provider B forwarded to asterisk B (TLS cert B)
> ...
> * calls not coming from provider X or via TLS dropped.
> Providers are regular VoIP gateways (login:password, connection via SIP).
> I'm pretty sure this is possible with Kamailio but I'd appreciate any examples and
> pointers to modules I should use to implement this. Or detailed explanation of why
> this is a bad idea.
> Also, I'm not sure where it's better to place user database - should it be separate
> on per-asterisk basis? Central in Kamailio? No user db needed at all?
> cheers,
> Max.
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com

More information about the sr-users mailing list