[OpenSIPS-Users] is_from_gw() DNS Names
Vlad Patrascu
vladp at opensips.org
Tue Mar 1 09:53:12 UTC 2022
Hi Mark,
We are aware of this limitation with wolfssl, and do plan to address it
somehow but we have not found a straight-forward solution yet. Keep an
eye on the feature request Ovidiu mentioned.
Regards,
--
Vlad Patrascu
OpenSIPS Core Developer
http://www.opensips-solutions.com
On 28.02.2022 10:50, Mark Farmer wrote:
> Thanks Ovidiu, that is great information.
>
> I am using wolfssl as that seems to be the way to go these days.
> I wonder given the rising popularity of Direct Routing if it would be
> possible/sensible to have wolfsssl populate the $tls_peer_subject_cn
> variable in the future?
>
> Mark.
>
>
>
>
>
> On Fri, 25 Feb 2022 at 17:32, Ovidiu Sas <osas at voipembedded.com> wrote:
>
> With MS, you can authenticate based on $tls_peer_subject_cn. This
> works ok with openssl but not with wolfssl. When wolfssl is using
> session tickets to establish new connections, the $tls_peer_subject_cn
> is not populated.
> Another alternative is to perform a lookup for each request received
> over a tls connection using the ip.resolve transformation and enable
> dbs_cache to help a little bit. It's messy but it works.
>
> -ovidiu
>
> On Fri, Feb 25, 2022 at 6:51 AM Mark Farmer <farmorg at gmail.com> wrote:
> >
> > Thanks Bogdan
> >
> > It's no secret really, I was just speaking generically.
> > They are the MS Direct Routing domains, EG
> sip.pstnhub.microsoft.com <http://sip.pstnhub.microsoft.com>
> >
> > Mark.
> >
> >
> >
> > On Tue, 22 Feb 2022 at 12:50, Bogdan-Andrei Iancu
> <bogdan at opensips.org> wrote:
> >>
> >> Hi Mark,
> >>
> >> You say the DNS is publishing only one IP for the domain, but
> one may change ? If you want, you can PM me the actual domain to
> see how the DNS records looks like.
> >>
> >> Regards,
> >>
> >> Bogdan-Andrei Iancu
> >>
> >> OpenSIPS Founder and Developer
> >> https://www.opensips-solutions.com
> >> OpenSIPS eBootcamp
> >> https://www.opensips.org/Training/Bootcamp
> >>
> >> On 2/22/22 12:31 PM, Mark Farmer wrote:
> >>
> >> Hi Bogdan
> >>
> >> The GW's have 2 CNAME records which I have no control over. DR
> has entries like subdomain.example.com:5061
> <http://subdomain.example.com:5061>
> >> I suspect the issue arises when the CNAMES swap around
> resulting in a mismatch.
> >>
> >> Currently I am using this to identify the source of the message
> which is probably not the best in terms of security.
> >>
> >> $avp(fd) = "subdomain.example.com <http://subdomain.example.com>";
> >> if($(ct.fields(uri){s.index, $avp(fd)}) != NULL)
> >>
> >> Perhaps there is a better way?
> >>
> >> Best regards
> >> Mark.
> >>
> >>
> >>
> >> On Tue, 22 Feb 2022 at 08:56, Bogdan-Andrei Iancu
> <bogdan at opensips.org> wrote:
> >>>
> >>> Hi Mark,
> >>>
> >>> If a gw is defined via FQDN, that will by DNS resolved (NAPTR,
> SRV, A records) when DB data is (re)loaded by DR module, and used
> later for such checks. All found IPs (from DNS) will be stored on
> the GW.
> >>>
> >>> How do you specify the GW address in DB and what kind of DNS
> records do you have for it ?
> >>>
> >>> Best regards,
> >>>
> >>> Bogdan-Andrei Iancu
> >>>
> >>> OpenSIPS Founder and Developer
> >>> https://www.opensips-solutions.com
> >>> OpenSIPS eBootcamp
> >>> https://www.opensips.org/Training/Bootcamp
> >>>
> >>> On 2/18/22 6:04 PM, Mark Farmer wrote:
> >>>
> >>> Hi everyone
> >>>
> >>> I am using is_from_gw() to match against a group of gateways
> specified by DNS names which resolve to multiple IP addresses but
> it seems to be failing to match.
> >>>
> >>> Is this supported functionality or do I need to do something
> else in this case?
> >>>
> >>> Thanks and regards
> >>> Mark.
> >>>
> >>>
> >>> _______________________________________________
> >>> Users mailing list
> >>> Users at lists.opensips.org
> >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >>>
> >>>
> >>
> >>
> >> --
> >> Mark Farmer
> >> farmorg at gmail.com
> >>
> >>
> >
> >
> > --
> > Mark Farmer
> > farmorg at gmail.com
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> --
> VoIP Embedded, Inc.
> http://www.voipembedded.com
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> --
> Mark Farmer
> farmorg at gmail.com
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220301/1838cdab/attachment-0001.html>
More information about the Users
mailing list