[SR-Users] kamailio :?==?utf-8?q? ROUTE[AUTH] - IPAUTH - use case
Youssef Boujraf
yboujraf at by-research.be
Wed Feb 23 13:43:55 CET 2022
Dear,
I enabled two softphone with ADDRESS.
- codec1 : ip 192.168.30.241/32 5060
- codec2 : ip 192.168.30.242/32 5060
I enable one softphone with SUBSCRIBER
- codec3 : is registered (login/passwd)
codec4 is not part of the domain, is not subriber and address.
Kamailio proxy
- kamailio : ip 192.168.30.240/32 5060
In the kamailio.cfg
ROUTE[AUTH]# IP authorization and user authenticationroute[AUTH] {#!ifdef WITH_AUTH #!ifdef WITH_IPAUTH if((!is_method("REGISTER")) && allow_source_address()) { # source IP allowed return; }#!endif if (is_method("REGISTER") || from_uri==myself) { # authenticate requests if (!auth_check("$fd", "subscriber", "1")) { auth_challenge("$fd", "0"); exit; } # user authenticated - remove auth header if(!is_method("REGISTER|PUBLISH")) consume_credentials(); } # if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (from_uri!=myself && uri!=myself) { sl_send_reply("403","Not relaying"); exit; } #!else # authentication not enabled - do not relay at all to foreign networks if(uri!=myself) { sl_send_reply("403","Not relaying"); exit; } #!endif return;}
Regarding the condition
#!ifdef WITH_IPAUTH if((!is_method("REGISTER")) && allow_source_address()) { # source IP allowed return; }#!endif
USE CASE :
If codec4 (not registered or same domain) tries to INVITE codec3 (in subscriber) the codec, an INVITE MESSAGE is sent and the codec3 could ACK.
- But I don't want to allow the INVITE, I 'd like to not allow the codec4 to reach codec3.
- But if codec1 or codec2 tries to reach codec3, kamailio will allow the INVITE.
Best Regards,
--
Youssef BOUJRAF
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220223/1115b45d/attachment.htm>
More information about the sr-users
mailing list