[OpenSIPS-Users] is_from_gw() DNS Names

Mark Farmer farmorg at gmail.com
Tue Mar 1 14:05:49 UTC 2022 

Thanks both, will do.

Mark.


On Tue, 1 Mar 2022 at 09:56, Vlad Patrascu <vladp at opensips.org> wrote:

> Hi Mark,
>
> We are aware of this limitation with wolfssl, and do plan to address it
> somehow but we have not found a straight-forward solution yet. Keep an eye
> on the feature request Ovidiu mentioned.
>
> Regards,
>
> --
> Vlad Patrascu
> OpenSIPS Core Developerhttp://www.opensips-solutions.com
>
> On 28.02.2022 10:50, Mark Farmer wrote:
>
> Thanks Ovidiu, that is great information.
>
> I am using wolfssl as that seems to be the way to go these days.
> I wonder given the rising popularity of Direct Routing if it would be
> possible/sensible to have wolfsssl populate the $tls_peer_subject_cn
> variable in the future?
>
> Mark.
>
>
>
>
>
> On Fri, 25 Feb 2022 at 17:32, Ovidiu Sas <osas at voipembedded.com> wrote:
>
>> With MS, you can authenticate based on $tls_peer_subject_cn. This
>> works ok with openssl but not with wolfssl. When wolfssl is using
>> session tickets to establish new connections, the $tls_peer_subject_cn
>> is not populated.
>> Another alternative is to perform a lookup for each request received
>> over a tls connection using the ip.resolve transformation and enable
>> dbs_cache to help a little bit. It's messy but it works.
>>
>> -ovidiu
>>
>> On Fri, Feb 25, 2022 at 6:51 AM Mark Farmer <farmorg at gmail.com> wrote:
>> >
>> > Thanks Bogdan
>> >
>> > It's no secret really, I was just speaking generically.
>> > They are the MS Direct Routing domains, EG sip.pstnhub.microsoft.com
>> >
>> > Mark.
>> >
>> >
>> >
>> > On Tue, 22 Feb 2022 at 12:50, Bogdan-Andrei Iancu <bogdan at opensips.org>
>> wrote:
>> >>
>> >> Hi Mark,
>> >>
>> >> You say the DNS is publishing only one IP for the domain, but one may
>> change ? If you want, you can PM me the actual domain to see how the DNS
>> records looks like.
>> >>
>> >> Regards,
>> >>
>> >> Bogdan-Andrei Iancu
>> >>
>> >> OpenSIPS Founder and Developer
>> >>   https://www.opensips-solutions.com
>> >> OpenSIPS eBootcamp
>> >>   https://www.opensips.org/Training/Bootcamp
>> >>
>> >> On 2/22/22 12:31 PM, Mark Farmer wrote:
>> >>
>> >> Hi Bogdan
>> >>
>> >> The GW's have 2 CNAME records which I have no control over. DR has
>> entries like subdomain.example.com:5061
>> >> I suspect the issue arises when the CNAMES swap around resulting in a
>> mismatch.
>> >>
>> >> Currently I am using this to identify the source of the message which
>> is probably not the best in terms of security.
>> >>
>> >> $avp(fd) = "subdomain.example.com";
>> >> if($(ct.fields(uri){s.index, $avp(fd)}) != NULL)
>> >>
>> >> Perhaps there is a better way?
>> >>
>> >> Best regards
>> >> Mark.
>> >>
>> >>
>> >>
>> >> On Tue, 22 Feb 2022 at 08:56, Bogdan-Andrei Iancu <bogdan at opensips.org>
>> wrote:
>> >>>
>> >>> Hi Mark,
>> >>>
>> >>> If a gw is defined via FQDN, that will by DNS resolved (NAPTR, SRV, A
>> records) when DB data is (re)loaded by DR module, and used later for such
>> checks. All found IPs (from DNS) will be stored on the GW.
>> >>>
>> >>> How do you specify the GW address in DB and what kind of DNS records
>> do you have for it ?
>> >>>
>> >>> Best regards,
>> >>>
>> >>> Bogdan-Andrei Iancu
>> >>>
>> >>> OpenSIPS Founder and Developer
>> >>>   https://www.opensips-solutions.com
>> >>> OpenSIPS eBootcamp
>> >>>   https://www.opensips.org/Training/Bootcamp
>> >>>
>> >>> On 2/18/22 6:04 PM, Mark Farmer wrote:
>> >>>
>> >>> Hi everyone
>> >>>
>> >>> I am using is_from_gw() to match against a group of gateways
>> specified by DNS names which resolve to multiple IP addresses but it seems
>> to be failing to match.
>> >>>
>> >>> Is this supported functionality or do I need to do something else in
>> this case?
>> >>>
>> >>> Thanks and regards
>> >>> Mark.
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> Users mailing list
>> >>> Users at lists.opensips.org
>> >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> >>>
>> >>>
>> >>
>> >>
>> >> --
>> >> Mark Farmer
>> >> farmorg at gmail.com
>> >>
>> >>
>> >
>> >
>> > --
>> > Mark Farmer
>> > farmorg at gmail.com
>> > _______________________________________________
>> > Users mailing list
>> > Users at lists.opensips.org
>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>> --
>> VoIP Embedded, Inc.
>> http://www.voipembedded.com
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
> --
> Mark Farmer
> farmorg at gmail.com
>
> _______________________________________________
> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>


-- 
Mark Farmer
farmorg at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220301/f8be79f6/attachment.html>

More information about the Users mailing list