[Freeswitch-users] IP authentication
Jed Stafford
jedsta at gmail.com
Thu May 1 00:17:39 PDT 2008
Thank you, all is working much better now.
On Wed, Apr 30, 2008 at 6:14 AM, Anthony Minessale <
anthony.minessale at gmail.com> wrote:
> it seems a bit confusing but if you want to do ip auth the way you
> describe, you actually have to disable the digest auth so that the other end
> is not challenged for auth credentials on top of the ip auth.
>
> search your profile for this:
>
> <param name="auth-calls" value="true"/>
>
> and comment it by encapsulating it in <!-- and -->
>
> then add this line:
>
> <param name="apply-inbound-acl" value="sip_ip_auth"/>
>
> Then make sip_ip_auth by editing acl.conf.xml and add a new list to the
> <network-lists> tag.
> assuming the ip you trust is 200.2.2.2:
>
> <list name="sip_ip_auth" default="deny">
> <node type="allow" cidr="200.2.2.2/32"/>
> </list>
>
> Now all sip calls will be rejected unless they are originated by 200.2.2.2
>
>
>
>
>
> On Tue, Apr 29, 2008 at 8:17 PM, Brian West <brian at freeswitch.org> wrote:
>
> > Jed,
> > here are the list of things you can do:
> >
> > 1. sip_profiles/default.xml -> change context to default and set auth-
> > calls=false
> > 2. Then you can use ${network_addr} in your conditions or the ${acl()}
> > function an example is in the default.xml dialplan.
> >
> > /b
> >
> >
> > On Apr 29, 2008, at 4:44 PM, Jed Stafford wrote:
> >
> > > This feel's like a very stupid question, but i've scoured for hours
> > > through the documents, and samples I can find without finding an
> > > answer. I'm assuming I'm missing something very obvious.
> > >
> > > I'm just trying to have freeswitch accept a call from a static IP
> > > address, then forward that call to a provider, essentially a very
> > > static SIP proxy.
> > >
> > > I've tried added my IP in question to the acl.xml file, but no
> > > success. All calls are rejected with a 407 Auth required.
> > >
> > > Thanks for any pointers. I think I will write a paragraph or two on
> > > this when I get it working, as it's something I think a lot of
> > > people are looking to try. Asterisk will not scale enough, and I
> > > don't want to do this via OpenSER/RTPProxy, etc.
> > >
> > >
> > > -Jed
> > >
> > > _______________________________________________
> > > Freeswitch-users mailing list
> > > Freeswitch-users at lists.freeswitch.org
> > > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > > UNSUBSCRIBE:
> > http://lists.freeswitch.org/mailman/options/freeswitch-users
> > > http://www.freeswitch.org
> >
> >
> > _______________________________________________
> > Freeswitch-users mailing list
> > Freeswitch-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
> >
>
>
>
> --
> Anthony Minessale II
>
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
>
> AIM: anthm
> MSN:anthony_minessale at hotmail.com <MSN%3Aanthony_minessale at hotmail.com>
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com<PAYPAL%3Aanthony.minessale at gmail.com>
> IRC: irc.freenode.net #freeswitch
>
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org <sip%3A888 at conference.freeswitch.org>
> iax:guest at conference.freeswitch.org/888
> googletalk:conf+888 at conference.freeswitch.org<googletalk%3Aconf%2B888 at conference.freeswitch.org>
> pstn:213-799-1400
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20080501/bf28fdfa/attachment-0002.html
More information about the FreeSWITCH-users
mailing list