[OpenSIPS-Users] is_from_gw() DNS Names

Ovidiu Sas osas at voipembedded.com
Mon Feb 28 15:06:18 UTC 2022 

There is a feature request for it:
https://github.com/OpenSIPS/opensips/issues/2736

-ovidiu

On Mon, Feb 28, 2022 at 3:51 AM Mark Farmer <farmorg at gmail.com> wrote:
>
> Thanks Ovidiu, that is great information.
>
> I am using wolfssl as that seems to be the way to go these days.
> I wonder given the rising popularity of Direct Routing if it would be possible/sensible to have wolfsssl populate the $tls_peer_subject_cn variable in the future?
>
> Mark.
>
>
>
>
>
> On Fri, 25 Feb 2022 at 17:32, Ovidiu Sas <osas at voipembedded.com> wrote:
>>
>> With MS, you can authenticate based on $tls_peer_subject_cn. This
>> works ok with openssl but not with wolfssl. When wolfssl is using
>> session tickets to establish new connections, the $tls_peer_subject_cn
>> is not populated.
>> Another alternative is to perform a lookup for each request received
>> over a tls connection using the ip.resolve transformation and enable
>> dbs_cache to help a little bit. It's messy but it works.
>>
>> -ovidiu
>>
>> On Fri, Feb 25, 2022 at 6:51 AM Mark Farmer <farmorg at gmail.com> wrote:
>> >
>> > Thanks Bogdan
>> >
>> > It's no secret really, I was just speaking generically.
>> > They are the MS Direct Routing domains, EG sip.pstnhub.microsoft.com
>> >
>> > Mark.
>> >
>> >
>> >
>> > On Tue, 22 Feb 2022 at 12:50, Bogdan-Andrei Iancu <bogdan at opensips.org> wrote:
>> >>
>> >> Hi Mark,
>> >>
>> >> You say the DNS is publishing only one IP for the domain, but one may change ? If you want, you can PM me the actual domain to see how the DNS records looks like.
>> >>
>> >> Regards,
>> >>
>> >> Bogdan-Andrei Iancu
>> >>
>> >> OpenSIPS Founder and Developer
>> >>   https://www.opensips-solutions.com
>> >> OpenSIPS eBootcamp
>> >>   https://www.opensips.org/Training/Bootcamp
>> >>
>> >> On 2/22/22 12:31 PM, Mark Farmer wrote:
>> >>
>> >> Hi Bogdan
>> >>
>> >> The GW's have 2 CNAME records which I have no control over. DR has entries like subdomain.example.com:5061
>> >> I suspect the issue arises when the CNAMES swap around resulting in a mismatch.
>> >>
>> >> Currently I am using this to identify the source of the message which is probably not the best in terms of security.
>> >>
>> >> $avp(fd) = "subdomain.example.com";
>> >> if($(ct.fields(uri){s.index, $avp(fd)}) != NULL)
>> >>
>> >> Perhaps there is a better way?
>> >>
>> >> Best regards
>> >> Mark.
>> >>
>> >>
>> >>
>> >> On Tue, 22 Feb 2022 at 08:56, Bogdan-Andrei Iancu <bogdan at opensips.org> wrote:
>> >>>
>> >>> Hi Mark,
>> >>>
>> >>> If a gw is defined via FQDN, that will by DNS resolved (NAPTR, SRV, A records) when DB data is (re)loaded by DR module, and used later for such checks. All found IPs (from DNS) will be stored on the GW.
>> >>>
>> >>> How do you specify the GW address in DB and what kind of DNS records do you have for it ?
>> >>>
>> >>> Best regards,
>> >>>
>> >>> Bogdan-Andrei Iancu
>> >>>
>> >>> OpenSIPS Founder and Developer
>> >>>   https://www.opensips-solutions.com
>> >>> OpenSIPS eBootcamp
>> >>>   https://www.opensips.org/Training/Bootcamp
>> >>>
>> >>> On 2/18/22 6:04 PM, Mark Farmer wrote:
>> >>>
>> >>> Hi everyone
>> >>>
>> >>> I am using is_from_gw() to match against a group of gateways specified by DNS names which resolve to multiple IP addresses but it seems to be failing to match.
>> >>>
>> >>> Is this supported functionality or do I need to do something else in this case?
>> >>>
>> >>> Thanks and regards
>> >>> Mark.
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> Users mailing list
>> >>> Users at lists.opensips.org
>> >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> >>>
>> >>>
>> >>
>> >>
>> >> --
>> >> Mark Farmer
>> >> farmorg at gmail.com
>> >>
>> >>
>> >
>> >
>> > --
>> > Mark Farmer
>> > farmorg at gmail.com
>> > _______________________________________________
>> > Users mailing list
>> > Users at lists.opensips.org
>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>> --
>> VoIP Embedded, Inc.
>> http://www.voipembedded.com
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> --
> Mark Farmer
> farmorg at gmail.com
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users



-- 
VoIP Embedded, Inc.
http://www.voipembedded.com

More information about the Users mailing list