[OpenSIPS-Users] src ip check on Register => Re: How to insert the IP address of user in radius request.

Uwe Kastens kiste at kiste.org
Tue Jun 30 16:30:22 CEST 2009 

Hi,

this is the script part, that is doing the job. ATM just only logging

loadmodule "avpops.so"

# ---- avpops
modparam("avpops", "db_url","mysql://xxxx:xxxx@abcd.domain.de/testdb")

 if (method=="REGISTER") {
        if (!radius_www_authorize("")) {
         www_challenge("", "0");
         exit;
         };
        avp_db_query("select ip from src_ip where number='$au'",
"$avp(s:srcip)");
        if ($avp(s:srcip)!=$si){
         xlog("$au should have SRC_IP $avp(s:srcip), but has $si");
        }
 save("location") ;
 exit;
 }

BR

Uwe


Uwe Kastens schrieb:
> Hi,
> 
> I am facing a similar situation. We need to verify that a REGISTER comes
> from the same srcip we have configured in our database. I am thinking
> about doing this by making a select into an AVP and verfying the value
> of the AVP with the $si. If this is successfull the UA would be saved
> into the location and/or would be able to make a call.
> 
> This should be possible with radius_avp as well.
> 
> Looking at performance I would make the DIGEST Auth 1st and if this is
> succesfull check the IPs.
> 
> BR
> 
> uwe
> 
> 
> Tung Tran schrieb:
>> Hi Mr. Bogdan
>>
>> We need it for IP authorize besides DIGEST auth, that is not standard anyway 
>> but business requirements.
>> We use MSSQL to do DIGEST authorize and we need an extra security layer 
>> based on source IP, that is also a request by govements in my contry.
>>
>> So last but not lease, I would like someone can help me how to add this 
>> feature as soon ass possible
>>
>> Thank you very much for your help
>>
>> Tung
>> ----- Original Message ----- 
>> From: "Bogdan-Andrei Iancu" <bogdan at voice-system.ro>
>> To: "Tung Tran" <tr.tung at gmail.com>
>> Cc: <users at lists.opensips.org>
>> Sent: Friday, June 26, 2009 2:24 AM
>> Subject: Re: [OpenSIPS-Users] How to insert the IP address of user in radius 
>> request.
>>
>>
>>> Hi Tung,
>>>
>>> I see the difference - unfortunately there is no way (at the moment) to 
>>> add custom info to the RADIUS auth header, but it should be an extension 
>>> that can be done - out of curiosity? why do you need this in the AUTH 
>>> request, as this info is not used in the DIGEST auth.
>>>
>>> Regards,
>>> Bogdan
>>>
>>> Tung Tran wrote:
>>>> Dear Mr. Bogdan,
>>>>
>>>> I know we can insert the source IP address in account request before 
>>>> sending it to Radius, however can I insert it in AUTHORIZE request 
>>>> instead?
>>>>
>>>> Thank you very much for your reply.
>>>> Tung
>>>>
>>>> ----- Original Message ----- From: "Bogdan-Andrei Iancu" 
>>>> <bogdan at voice-system.ro>
>>>> To: "Tung Tran" <tr.tung at gmail.com>
>>>> Cc: <users at lists.opensips.org>
>>>> Sent: Tuesday, June 23, 2009 6:04 PM
>>>> Subject: Re: [OpenSIPS-Users] How to insert the IP address of user in 
>>>> radius request.
>>>>
>>>>
>>>>> Hi Tung,
>>>>>
>>>>> First of all you should upgrade to 1.5 version (see 
>>>>> http://www.opensips.org/Resources/Downloads).
>>>>>
>>>>> For your problem, use extra accounting - you can account whatever extra 
>>>>> info you want. See:
>>>>>
>>>>> http://www.opensips.org/html/docs/modules/1.5.x/acc.html#ACC-extra-id
>>>>>
>>>>> To get the source IP, use the $si pseudo-variable (see 
>>>>> http://www.opensips.org/Resources/DocsCoreVar15#toc71).
>>>>>
>>>>> Regards,
>>>>> Bogdan
>>>>>
>>>>> Tung Tran wrote:
>>>>>> Hi all,
>>>>>>
>>>>>> I get a request to insert the public IP address of the sip softphone or 
>>>>>> IP Phone/ATA (end-point) in the Radius request sending to Radius 
>>>>>> server.
>>>>>> I am thinking about to mod the auth_radius module to insert that IP in 
>>>>>> SIP-URI-User field, likely this one:
>>>>>>
>>>>>> Original
>>>>>> Sip-Uri-User = "985512405"
>>>>>>
>>>>>> After mod:
>>>>>> Sip-Uri-User = 985512405 at 1.2.3.4
>>>>>>
>>>>>> Where 1.2.3.4 is the IP of SIP end-point, not the IP address of 
>>>>>> Opensips/Opensers servers.
>>>>>>
>>>>>> But I dont know where I should play with.
>>>>>> Any one had done it before or know where we can edit, pls help  me.
>>>>>>
>>>>>> BTW, I am using openser 1.2.2 version.
>>>>>> Thanks in advance
>>>>>> Tung
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at lists.opensips.org
>>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>>
>>>>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
> 
> 


-- 

kiste lat: 54.322684, lon: 10.13586

More information about the Users mailing list