[OpenSIPS-Users] is_from_gw() DNS Names

Mark Farmer farmorg at gmail.com
Mon Feb 28 08:50:45 UTC 2022 

Thanks Ovidiu, that is great information.

I am using wolfssl as that seems to be the way to go these days.
I wonder given the rising popularity of Direct Routing if it would be
possible/sensible to have wolfsssl populate the $tls_peer_subject_cn
variable in the future?

Mark.





On Fri, 25 Feb 2022 at 17:32, Ovidiu Sas <osas at voipembedded.com> wrote:

> With MS, you can authenticate based on $tls_peer_subject_cn. This
> works ok with openssl but not with wolfssl. When wolfssl is using
> session tickets to establish new connections, the $tls_peer_subject_cn
> is not populated.
> Another alternative is to perform a lookup for each request received
> over a tls connection using the ip.resolve transformation and enable
> dbs_cache to help a little bit. It's messy but it works.
>
> -ovidiu
>
> On Fri, Feb 25, 2022 at 6:51 AM Mark Farmer <farmorg at gmail.com> wrote:
> >
> > Thanks Bogdan
> >
> > It's no secret really, I was just speaking generically.
> > They are the MS Direct Routing domains, EG sip.pstnhub.microsoft.com
> >
> > Mark.
> >
> >
> >
> > On Tue, 22 Feb 2022 at 12:50, Bogdan-Andrei Iancu <bogdan at opensips.org>
> wrote:
> >>
> >> Hi Mark,
> >>
> >> You say the DNS is publishing only one IP for the domain, but one may
> change ? If you want, you can PM me the actual domain to see how the DNS
> records looks like.
> >>
> >> Regards,
> >>
> >> Bogdan-Andrei Iancu
> >>
> >> OpenSIPS Founder and Developer
> >>   https://www.opensips-solutions.com
> >> OpenSIPS eBootcamp
> >>   https://www.opensips.org/Training/Bootcamp
> >>
> >> On 2/22/22 12:31 PM, Mark Farmer wrote:
> >>
> >> Hi Bogdan
> >>
> >> The GW's have 2 CNAME records which I have no control over. DR has
> entries like subdomain.example.com:5061
> >> I suspect the issue arises when the CNAMES swap around resulting in a
> mismatch.
> >>
> >> Currently I am using this to identify the source of the message which
> is probably not the best in terms of security.
> >>
> >> $avp(fd) = "subdomain.example.com";
> >> if($(ct.fields(uri){s.index, $avp(fd)}) != NULL)
> >>
> >> Perhaps there is a better way?
> >>
> >> Best regards
> >> Mark.
> >>
> >>
> >>
> >> On Tue, 22 Feb 2022 at 08:56, Bogdan-Andrei Iancu <bogdan at opensips.org>
> wrote:
> >>>
> >>> Hi Mark,
> >>>
> >>> If a gw is defined via FQDN, that will by DNS resolved (NAPTR, SRV, A
> records) when DB data is (re)loaded by DR module, and used later for such
> checks. All found IPs (from DNS) will be stored on the GW.
> >>>
> >>> How do you specify the GW address in DB and what kind of DNS records
> do you have for it ?
> >>>
> >>> Best regards,
> >>>
> >>> Bogdan-Andrei Iancu
> >>>
> >>> OpenSIPS Founder and Developer
> >>>   https://www.opensips-solutions.com
> >>> OpenSIPS eBootcamp
> >>>   https://www.opensips.org/Training/Bootcamp
> >>>
> >>> On 2/18/22 6:04 PM, Mark Farmer wrote:
> >>>
> >>> Hi everyone
> >>>
> >>> I am using is_from_gw() to match against a group of gateways specified
> by DNS names which resolve to multiple IP addresses but it seems to be
> failing to match.
> >>>
> >>> Is this supported functionality or do I need to do something else in
> this case?
> >>>
> >>> Thanks and regards
> >>> Mark.
> >>>
> >>>
> >>> _______________________________________________
> >>> Users mailing list
> >>> Users at lists.opensips.org
> >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >>>
> >>>
> >>
> >>
> >> --
> >> Mark Farmer
> >> farmorg at gmail.com
> >>
> >>
> >
> >
> > --
> > Mark Farmer
> > farmorg at gmail.com
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> --
> VoIP Embedded, Inc.
> http://www.voipembedded.com
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>


-- 
Mark Farmer
farmorg at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220228/efe4c5ae/attachment.html>

More information about the Users mailing list