Yeah, don’t trust that IP range blindly. It’s just Azure space. The only logical approach I’ve seen appears to be certificate validation and checking.
> On 20 Feb 2023, at 7:00 pm, Jon Bonilla (Manwe) <[email protected]> wrote: > > Hi > > Sorry for the OT but I think here's the place where I an find a lot of Ms > teams > integrations > > I've been working on MS teams direct routing integration for PekePBX. It > works. > I guess I've done it as everybody else, using Henning's guide as base and > extending it for multitenant setup (thanks Henning!) > > What I've realized is that the source IP address of calls coming from MS are > not always matching dispatcher hosts. Sometimes they come from another source > IP and failover to the dispatcher hosts when they receive no response. That > makes some of the calls to have an additional latency > > Searching in the MS doc I see that they document these nets as source of their > signaling: > > > 52.112.0.0/14 > 52.120.0.0/14 > > But I've seen IP addresses outside of this range as source. > In this blog > https://erwinbierens.com/microsoft-teams-direct-routing-ip-addresses/ > > The ranges are listed as > > > 52.112.0.0/16 > 52.113.0.0/16 > 52.114.0.0/16 > 52.115.0.0/16 > 52.120.0.0/16 > 52.121.0.0/16 > 52.122.0.0/16 > 52.123.0.0/16 > > which looks better but scares me out. Having no auth is it secure to bind so > many ranges to MS? > > Do you use anything else than certificate verification for these calls? > > > cheers, > > Jon > > > > -- > PekePBX, the multitenant PBX solution > https://pekepbx.com > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to [email protected] > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
