Hi, I am facing a similar situation. We need to verify that a REGISTER comes from the same srcip we have configured in our database. I am thinking about doing this by making a select into an AVP and verfying the value of the AVP with the $si. If this is successfull the UA would be saved into the location and/or would be able to make a call.
This should be possible with radius_avp as well. Looking at performance I would make the DIGEST Auth 1st and if this is succesfull check the IPs. BR uwe Tung Tran schrieb: > Hi Mr. Bogdan > > We need it for IP authorize besides DIGEST auth, that is not standard anyway > but business requirements. > We use MSSQL to do DIGEST authorize and we need an extra security layer > based on source IP, that is also a request by govements in my contry. > > So last but not lease, I would like someone can help me how to add this > feature as soon ass possible > > Thank you very much for your help > > Tung > ----- Original Message ----- > From: "Bogdan-Andrei Iancu" <[email protected]> > To: "Tung Tran" <[email protected]> > Cc: <[email protected]> > Sent: Friday, June 26, 2009 2:24 AM > Subject: Re: [OpenSIPS-Users] How to insert the IP address of user in radius > request. > > >> Hi Tung, >> >> I see the difference - unfortunately there is no way (at the moment) to >> add custom info to the RADIUS auth header, but it should be an extension >> that can be done - out of curiosity? why do you need this in the AUTH >> request, as this info is not used in the DIGEST auth. >> >> Regards, >> Bogdan >> >> Tung Tran wrote: >>> Dear Mr. Bogdan, >>> >>> I know we can insert the source IP address in account request before >>> sending it to Radius, however can I insert it in AUTHORIZE request >>> instead? >>> >>> Thank you very much for your reply. >>> Tung >>> >>> ----- Original Message ----- From: "Bogdan-Andrei Iancu" >>> <[email protected]> >>> To: "Tung Tran" <[email protected]> >>> Cc: <[email protected]> >>> Sent: Tuesday, June 23, 2009 6:04 PM >>> Subject: Re: [OpenSIPS-Users] How to insert the IP address of user in >>> radius request. >>> >>> >>>> Hi Tung, >>>> >>>> First of all you should upgrade to 1.5 version (see >>>> http://www.opensips.org/Resources/Downloads). >>>> >>>> For your problem, use extra accounting - you can account whatever extra >>>> info you want. See: >>>> >>>> http://www.opensips.org/html/docs/modules/1.5.x/acc.html#ACC-extra-id >>>> >>>> To get the source IP, use the $si pseudo-variable (see >>>> http://www.opensips.org/Resources/DocsCoreVar15#toc71). >>>> >>>> Regards, >>>> Bogdan >>>> >>>> Tung Tran wrote: >>>>> Hi all, >>>>> >>>>> I get a request to insert the public IP address of the sip softphone or >>>>> IP Phone/ATA (end-point) in the Radius request sending to Radius >>>>> server. >>>>> I am thinking about to mod the auth_radius module to insert that IP in >>>>> SIP-URI-User field, likely this one: >>>>> >>>>> Original >>>>> Sip-Uri-User = "985512405" >>>>> >>>>> After mod: >>>>> Sip-Uri-User = [email protected] >>>>> >>>>> Where 1.2.3.4 is the IP of SIP end-point, not the IP address of >>>>> Opensips/Opensers servers. >>>>> >>>>> But I dont know where I should play with. >>>>> Any one had done it before or know where we can edit, pls help me. >>>>> >>>>> BTW, I am using openser 1.2.2 version. >>>>> Thanks in advance >>>>> Tung >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> [email protected] >>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>> >>>>> >>> > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- kiste lat: 54.322684, lon: 10.13586 _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
