[Freeswitch-users] IP authentication
Anthony Minessale
anthony.minessale at gmail.com
Wed Apr 30 09:14:26 EDT 2008
it seems a bit confusing but if you want to do ip auth the way you describe,
you actually have to disable the digest auth so that the other end is not
challenged for auth credentials on top of the ip auth.
search your profile for this:
<param name="auth-calls" value="true"/>
and comment it by encapsulating it in <!-- and -->
then add this line:
<param name="apply-inbound-acl" value="sip_ip_auth"/>
Then make sip_ip_auth by editing acl.conf.xml and add a new list to the
<network-lists> tag.
assuming the ip you trust is 200.2.2.2:
<list name="sip_ip_auth" default="deny">
<node type="allow" cidr="200.2.2.2/32"/>
</list>
Now all sip calls will be rejected unless they are originated by 200.2.2.2
On Tue, Apr 29, 2008 at 8:17 PM, Brian West <brian at freeswitch.org> wrote:
> Jed,
> here are the list of things you can do:
>
> 1. sip_profiles/default.xml -> change context to default and set auth-
> calls=false
> 2. Then you can use ${network_addr} in your conditions or the ${acl()}
> function an example is in the default.xml dialplan.
>
> /b
>
>
> On Apr 29, 2008, at 4:44 PM, Jed Stafford wrote:
>
> > This feel's like a very stupid question, but i've scoured for hours
> > through the documents, and samples I can find without finding an
> > answer. I'm assuming I'm missing something very obvious.
> >
> > I'm just trying to have freeswitch accept a call from a static IP
> > address, then forward that call to a provider, essentially a very
> > static SIP proxy.
> >
> > I've tried added my IP in question to the acl.xml file, but no
> > success. All calls are rejected with a 407 Auth required.
> >
> > Thanks for any pointers. I think I will write a paragraph or two on
> > this when I get it working, as it's something I think a lot of
> > people are looking to try. Asterisk will not scale enough, and I
> > don't want to do this via OpenSER/RTPProxy, etc.
> >
> >
> > -Jed
> >
> > _______________________________________________
> > Freeswitch-users mailing list
> > Freeswitch-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
Anthony Minessale II
FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
AIM: anthm
MSN:anthony_minessale at hotmail.com <MSN%3Aanthony_minessale at hotmail.com>
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com<PAYPAL%3Aanthony.minessale at gmail.com>
IRC: irc.freenode.net #freeswitch
FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org <sip%3A888 at conference.freeswitch.org>
iax:guest at conference.freeswitch.org/888
googletalk:conf+888 at conference.freeswitch.org<googletalk%3Aconf%2B888 at conference.freeswitch.org>
pstn:213-799-1400
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20080430/652447a8/attachment-0001.html
More information about the Freeswitch-users
mailing list