[Users] Re: [Serusers] trusting peers
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Oct 11 15:46:44 CEST 2005
Jan Janak wrote:
> On 11-10-2005 14:55, Klaus Darilion wrote:
>
>>Hi all!
>>
>>I want to differ between _incoming_ SIP requests from trusted peers and
>>from untrused (for different call routing). I came to the following
>>solutions. All of them has some disadvantages, and I would like to now
>>which you would prefer:
>>
>>1. src_ip: incoming request are authenticated using the src_ip (only in
>>TCP mode useful)
>>+: easy to implement
>>+: easy to differ authenticated from unauthenticated incoming calls
>>-: lots of configuration (IP addresses may change, )
>>This can be implemented using if src_ip==... blocks in openser.cfg,
>>which would require the change the script everytime the IP addresses are
>>changed. Also requires restart of the proxy.
>
>
> You can also use trusted table and permission module.
Right! I think this should be documented somewhere :-)
Maybe we can adopt the this function to verify the doman of the client
certificate?
regards
klaus
More information about the Users
mailing list