[Freeswitch-users] Two Major Problems

Tue Apr 20 14:35:59 PDT 2010

Wow, that did it. Thanks!

Ken

From: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Anthony
Minessale
Sent: Tuesday, April 20, 2010 4:21 PM
To: freeswitch-users at lists.freeswitch.org
Subject: Re: [Freeswitch-users] Two Major Problems

sometimes on sipx you need

<param name="accept-blind-auth" value="true"/>

in your profile because it tries to send auth info even when it's not
necessary and FS will enforce
auth packets even with everything else wide open.

On Tue, Apr 20, 2010 at 3:52 PM, Ken Fulmer
<kenfulmer at icstechnologysolutions.com> wrote:

I’ve tried this setting as well:

    <param name="apply-inbound-acl" value="lan"/> 

Neither way seems to work. What’s strange is, I have an Adtran voice gateway
at 172.16.15.11 that is sending calls to the FS box without any problems.
The sipX server on the same subnet, 10.10.3.0 /25 can’t send calls without
generating the Proxy Authentication Required message. Is this just because
it’s on the same LAN as the FS box? 

Thanks,

Ken

From: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of David
Ponzone
Sent: Tuesday, April 20, 2010 3:25 PM

To: freeswitch-users at lists.freeswitch.org
Subject: Re: [Freeswitch-users] Two Major Problems

ken,

are you sure it's not apply-inbound-acl you want to set ?

David Ponzone  Direction Technique

email: david.ponzone at ipeva.fr

tel:      01 74 03 18 97

gsm:   06 66 98 76 34

Service Client IPeva

tel:      0811 46 26 26

www.ipeva.fr  -   www.ipeva-studio.com

Ce message et toutes les pièces jointes sont confidentiels et établis à
l'intention exclusive de ses destinataires. Toute utilisation ou diffusion
non autorisée est interdite. Tout message électronique est susceptible
d'altération. IPeva décline toute responsabilité au titre de ce message s'il
a été altéré, déformé ou falsifié. Si vous n'êtes pas destinataire de ce
message, merci de le détruire immédiatement et d'avertir l'expéditeur.

Le 20/04/2010 à 22:03, Ken Fulmer a écrit :

I’m now using an ACL list called “lan”.

    <list name="lan" default="allow">

     <node type="allow" cidr="10.10.3.0/25"/>

    </list>

In the external sip profile, I have the following statement:

    <param name="local-network-acl" value="lan"/>

I still get the Proxy Authentication Required error. Am I doing something
wrong?

Thanks,

Ken

From: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Tjardick
van der Kraan
Sent: Sunday, April 11, 2010 4:36 PM
To: freeswitch-users at lists.freeswitch.org
Subject: Re: [Freeswitch-users] Two Major Problems

Use the CIDR XML key not domain:

http://wiki.freeswitch.org/wiki/Acl

Regards,

Tj

On 09 Apr 2010, at 19:07, Ken Fulmer wrote:

Per your suggestion, I changed the following in the
conf/autoload_configs/acl.conf.xml file:

    <list name="domains" default="deny">

      <node type="allow" domain="10.10.3.10"/>

      <node type="allow" domain="10.10.3.11"/>

    </list>

10.10.3.10 and 10.10.3.11 are the ip addresses of our internal servers.
However, the calls still fail with the 407 Proxy Authentication Required
message.

I get the following log output when I issue the command, reloadacl:

2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:954 Created ip list
rfc1918.auto default (deny)

freeswitch at internal> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195
Adding 10.0.0.0/8 (allow) [] to list rfc1918.auto

2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding 172.16.0.0/12
(allow) [] to list rfc1918.auto

2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding 192.168.0.0/16
(allow) [] to list rfc1918.auto

2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:962 Created ip list
wan.auto default (allow)

2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding 10.0.0.0/8
(deny) [] to list wan.auto

2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding 172.16.0.0/12
(deny) [] to list wan.auto

2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding 192.168.0.0/16
(deny) [] to list wan.auto

2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:970 Created ip list
nat.auto default (deny)

2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:972 Adding
10.10.3.12/255.255.255.128 (deny) to list nat.auto

2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding 10.0.0.0/8
(allow) [] to list nat.auto

2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding 172.16.0.0/12
(allow) [] to list nat.auto

2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding 192.168.0.0/16
(allow) [] to list nat.auto

2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:981 Created ip list
loopback.auto default (deny)

2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding 127.0.0.0/8
(allow) [] to list loopback.auto

2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:987 Created ip list
localnet.auto default (deny)

2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:990 Adding
10.10.3.12/255.255.255.128 (allow) to list localnet.auto

2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:1015 Created ip list
domains default (deny)

2010-04-09 12:06:31.259954 [WARNING] switch_core.c:1046 Cannot locate domain
10.10.3.10

2010-04-09 12:06:31.259954 [WARNING] switch_core.c:1046 Cannot locate domain
10.10.3.11

Am I doing something incorrectly?

Thanks,

Ken

From: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Michael
Collins
Sent: Thursday, April 08, 2010 6:25 PM
To: freeswitch-users at lists.freeswitch.org
Subject: Re: [Freeswitch-users] Two Major Problems

On Thu, Apr 8, 2010 at 3:18 PM, Ken Fulmer
<kenfulmer at icstechnologysolutions.com> wrote:

Actually, I did purchase a license and installed it today. One call
establishes at 729. When I hang up the phone and try again, it’s 711.

Make sure that the encoder/decoder isn't still in use prior to trying the
second call. After you hang up, do a "show channels" and see if the call is
still "up" or not. Also, do "g729_status" to see if the encoder or decoder
is in use. Keep doing "g729_status" until the 'coders are not in use. If
there is a long delay then open up a JIRA ticket on jira.freeswitch.org.

The Proxy Authentication Required is being sent by FreeSwitch to the
internal PBX. I have registration disabled on the FreeSwitch gateway and the
internal server.

By default the SIP profile will challenge if the IP address of the caller is
not in the ACL. Open conf/autoload_configs/acl.conf.xml and locate the
"domains" node. Add your PBX's IP address. You'll see an example in the
comments. Once you're done editing, save the file and then go to the fs_cli
and do:
reloadacl reloadxml

Then make a call from PBX to FS and it should go through.
-MC

_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

-- 
Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
Twitter: http://twitter.com/FreeSWITCH_wire

AIM: anthm
MSN:anthony_minessale at hotmail.com
<mailto:MSN%3Aanthony_minessale at hotmail.com> 
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
<mailto:PAYPAL%3Aanthony.minessale at gmail.com> 
IRC: irc.freenode.net #freeswitch

FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org
<mailto:sip%3A888 at conference.freeswitch.org> 
googletalk:conf+888 at conference.freeswitch.org
<mailto:googletalk%3Aconf%2B888 at conference.freeswitch.org> 
pstn:+19193869900

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20100420/e7118b6a/attachment-0001.html 