Jump to content
Vodia PBX forum
Sign in to follow this  
stoneracer

additional provisioning tags for phone templates

Recommended Posts

Our snom phones within the office are connected to the pbx using sip over tls for security reasons. Some of our users also have a second phone within their home office (using a VPN) where the connection has to pass a firewall between home office and the pbx. SIP signaling works without any problems, but RTP could not pass the firewall as the SIP ALG was unable to inspect the SIP traffic to open the necessary ports. As the connections is already secured by VPN it should be ok to revert back to udp (or tcp) in this cases to make RDP work properly without opening a huge port range in both directions.

To solve this I just have to modify the phone template for phones within the home office and to replace

<user_outbound idx="{lc}" perm="RW">{outbound-ip}:{outbound-port tls};transport=tls</user_outbound>

based on the IP address with

<user_outbound idx="{lc}" perm="RW">{outbound-ip}:{outbound-port udp};transport=udp</user_outbound>

Based on the Provisioning Tags documentation it should be possible to compare the IP of the phone with if_gt but I miss a if_lt (if lower than) or ifn_gt (if not greater than) and an else construct, could someone explain how to achieve this:

{if_gt ip "192.168.0.0"}
  {if_lt ip "192.168.255.255"}
    <user_outbound idx="{lc}" perm="RW">{outbound-ip}:{outbound-port udp};transport=udp</user_outbound>
  {el_lt}
    <user_outbound idx="{lc}" perm="RW">{outbound-ip}:{outbound-port tls};transport=tls</user_outbound>
  {fi_lt}
{el_gt}
  <user_outbound idx="{lc}" perm="RW">{outbound-ip}:{outbound-port tls};transport=tls</user_outbound>
{fi_gt}

 

Share this post


Link to post
Share on other sites

You can use the "outbound proxy pattern" for this (in dom_settings.htm). There are some examples on https://doc.vodia.com/outbound_proxy that should be addressing your problem.

There is a {if} statement that could in principle be used for these things like {if ip > "192.168.1.2" && ip < "192.168.2.255"} but currently that is not available. But it for sure does not hurt to add that possibility to the next version!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...