[Freeswitch-users] SIP/2.0 403 Forbidden

Al Bogner freeswitch at ml102.pinguin.uni.cc
Tue Jun 28 14:42:50 MSD 2011

Am Di, 28 Jun 2011 01:55:08 CEST schrieb David Ponzone:

Hi David,
> please, show us the content of the following files:
> conf/directory/default.xml
> conf/vars.xml

These files are default.

See below.

> May you also tell us if you see a message in fs_cli when you try to
> register ?

Type /help <enter> to see a list of commands
+OK log level  [7]

I see nothing else. Should I use a specific option? Do you want me to
try another sipclient than twinkle? Linphone is installed too.


cat /opt/freeswitch/conf/directory/default.xml 
    FreeSWITCH works off the concept of users and domains just like
email. You have users that are in domains for example 1000 at domain.com.
    When freeswitch gets a register packet it looks for the user in the
directory based on the from or to domain in the packet depending on how
your sofia profile is configured.  Out of the box the default domain
will be the IP address of the machine running FreeSWITCH.  This IP can
be found by typing "sofia status" at the CLI.  You will register your
phones to the IP and not the hostname by default. If you wish to
register using the domain please open vars.xml in the root conf
directory and set the default domain to the hostname you desire.  Then
you would use the domain name in the client instead of the IP address
to register with FreeSWITCH. 

  <!--the domain or ip (the right hand side of the @ in the addr-->
  <domain name="$${domain}">
      <param name="dial-string"

      <variable name="record_stereo" value="true"/>
      <variable name="default_gateway" value="$${default_provider}"/>
      <variable name="default_areacode" value="$${default_areacode}"/>
      <variable name="transfer_fallback_extension" value="operator"/>

      <group name="default">
	  <X-PRE-PROCESS cmd="include" data="default/*.xml"/>

      <group name="sales">
	      type="pointer" is a pointer so you can have the 
	      same user in multiple groups.  It basically means
	      to keep searching for the user in the directory.
	  <user id="1000" type="pointer"/>
	  <user id="1001" type="pointer"/>
	  <user id="1002" type="pointer"/>
	  <user id="1003" type="pointer"/>
	  <user id="1004" type="pointer"/>

      <group name="billing">
	  <user id="1005" type="pointer"/>
	  <user id="1006" type="pointer"/>
	  <user id="1007" type="pointer"/>
	  <user id="1008" type="pointer"/>
	  <user id="1009" type="pointer"/>

      <group name="support">
	  <user id="1010" type="pointer"/>
	  <user id="1011" type="pointer"/>
	  <user id="1012" type="pointer"/>
	  <user id="1013" type="pointer"/>
	  <user id="1014" type="pointer"/>


cat /opt/freeswitch/conf/vars.xml 
  <!-- Preprocessor Variables
       These are introduced when configuration strings must be
consistent across modules. NOTICE: YOU CAN NOT COMMENT OUT AN
X-PRE-PROCESS line, Remove the line instead. 
       YOU SHOULD CHANGE THIS default_password value if you don't want
to be subject to any toll fraud in the future.  It's your
responsibility to secure your own system. 
       This default config is used to demonstrate the feature set of
  <X-PRE-PROCESS cmd="set" data="default_password=1234"/>
  <!-- Did you change it yet? -->

  <X-PRE-PROCESS cmd="set"

      This setting is what sets the default domain FreeSWITCH will use
  if all else fails. 
      FreeSWICH will default to $${local_ip_v4} unless changed.
  Changing this setting does affect the sip authentication.  Please
  review conf/directory/default.xml for more information on this topic.
  <X-PRE-PROCESS cmd="set" data="domain=$${local_ip_v4}"/>
  <X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/>
  <X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
  <X-PRE-PROCESS cmd="set" data="use_profile=internal"/>

      Enable ZRTP globally you can override this on a per channel basis
      http://wiki.freeswitch.org/wiki/ZRTP (on how to enable zrtp)
  <X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>

       Examples of codec options: (module must be compiled and loaded)
       XX is the frame size must be multples allowed for the codec
       FreeSWITCH can support 10-120ms on some codecs. 
       We do not support exceeding the MTU of the RTP packet.

       iLBC at 30i         - iLBC using mode=30 which will win in all
       cases. DVI4 at 8000h@20i   - IMA ADPCM 8kHz using 20ms ptime.
       (multiples of 10) DVI4 at 16000h@40i  - IMA ADPCM 16kHz using 40ms
       ptime. (multiples of 10) speex at 8000h@20i  - Speex 8kHz using
       20ms ptime. speex at 16000h@20i - Speex 16kHz using 20ms ptime.
       speex at 32000h@20i - Speex 32kHz using 20ms ptime.
       BV16             - BroadVoice 16kb/s narrowband, 8kHz
       BV32             - BroadVoice 32kb/s wideband, 16kHz
       G7221 at 16000h     - G722.1 16kHz (aka Siren 7)
       G7221 at 32000h     - G722.1C 32kHz (aka Siren 14)
       CELT at 32000h      - CELT 32kHz, only 10ms supported
       CELT at 48000h      - CELT 48kHz, only 10ms supported
       GSM at 40i          - GSM 8kHz using 40ms ptime. (GSM is done in
       multiples of 20, Default is 20ms) G722             - G722 16kHz
       using default 20ms ptime. (multiples of 10) PCMU             -
       G711 8kHz ulaw using default 20ms ptime. (multiples of 10)
       PCMA             - G711 8kHz alaw using default 20ms ptime.
       (multiples of 10) G726-16          - G726 16kbit adpcm using
       default 20ms ptime. (multiples of 10) G726-24          - G726
       24kbit adpcm using default 20ms ptime. (multiples of 10)
       G726-32          - G726 32kbit adpcm using default 20ms ptime.
       (multiples of 10) G726-40          - G726 40kbit adpcm using
       default 20ms ptime. (multiples of 10) AAL2-G726-16     - Same as
       G726-16 but using AAL2 packing. (multiples of 10)
       AAL2-G726-24     - Same as G726-24 but using AAL2 packing.
       (multiples of 10) AAL2-G726-32     - Same as G726-32 but using
       AAL2 packing. (multiples of 10) AAL2-G726-40     - Same as
       G726-40 but using AAL2 packing. (multiples of 10)
       LPC              - LPC10 using 90ms ptime (only supports 90ms at
       this time in FreeSWITCH) L16              - L16 isn't
       recommended for VoIP but you can do it. L16 can exceed the MTU
       rather quickly. These are the passthru audio codecs:
       G729             - G729 in passthru mode. (mod_g729)
       G723             - G723.1 in passthru mode. (mod_g723_1)
       AMR              - AMR in passthru mode. (mod_amr) These are the
       passthru video codecs: (mod_h26x) H261             - H.261 Video
       H263             - H.263 Video
       H263-1998        - H.263-1998 Video
       H263-2000        - H.263-2000 Video
       H264             - H.264 Video
       RTP Dynamic Payload Numbers currently used in FreeSWITCH and
       what for.

       96  - AMR
       97  - iLBC (30)
       98  - iLBC (20)
       99  - Speex 8kHz, 16kHz, 32kHz
       100 -
       101 - telephone-event
       102 -
       103 - 
       104 - 
       105 - 
       106 - BV16
       107 - G722.1 (16kHz)
       108 -
       109 -
       110 -
       111 -
       112 -
       113 -
       114 - CELT 32kHz, 48kHz
       115 - G722.1C (32kHz)
       116 -
       117 - SILK 8kHz
       118 - SILK 12kHz
       119 - SILK 16kHz
       120 - SILK 24kHz
       121 - AAL2-G726-40 && G726-40
       122 - AAL2-G726-32 && G726-32
       123 - AAL2-G726-24 && G726-24
       124 - AAL2-G726-16 && G726-16
       125 - 
       126 -
       127 - BV32

  <X-PRE-PROCESS cmd="set"
  data="global_codec_prefs=G7221 at 32000h,G7221 at 16000h,G722,PCMU,PCMA,GSM"/>
  <X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=PCMU,PCMA,GSM"/>

      xmpp_client_profile and xmpp_server_profile
      xmpp_client_profile can be any string. 
      xmpp_server_profile is appended to "dingaling_" to form the
  database name containing the "subscriptions" table.
      used by: dingaling.conf.xml enum.conf.xml 

  <X-PRE-PROCESS cmd="set" data="xmpp_client_profile=xmppc"/>
  <X-PRE-PROCESS cmd="set" data="xmpp_server_profile=xmpps"/>


       Can be an ip address, a dns name, or "auto". 
       This determines an ip address available on this host to bind.
       If you are separating RTP and SIP traffic, you will want to have
       use different addresses where this variable appears.
       Used by: dingaling.conf.xml
  <X-PRE-PROCESS cmd="set" data="bind_server_ip=auto"/>

       If you're going to load test FreeSWITCH please input real IP
  addresses for external_rtp_ip and external_sip_ip

  <!-- external_rtp_ip
       Can be an one of:
           ip address: ""
           a stun server lookup: "stun:stun.server.com"
           a DNS name: "host:host.server.com"
       where fs.mydomain.com is a DNS A record-useful when fs is on
       a dynamic IP address, and uses a dynamic DNS updater.
       If unspecified, the bind_server_ip value is used.
       Used by: sofia.conf.xml dingaling.conf.xml
  <X-PRE-PROCESS cmd="set"

  <!-- external_sip_ip
      Used as the public IP address for SDP.
       Can be an one of:
           ip address: ""
           a stun server lookup: "stun:stun.server.com"
           a DNS name: "host:host.server.com"
       where fs.mydomain.com is a DNS A record-useful when fs is on
       a dynamic IP address, and uses a dynamic DNS updater.
       If unspecified, the bind_server_ip value is used.
       Used by: sofia.conf.xml dingaling.conf.xml
  <X-PRE-PROCESS cmd="set"

  <!-- unroll-loops
       Used to turn on sip loopback unrolling.
  <X-PRE-PROCESS cmd="set" data="unroll_loops=true"/>

  <!-- outbound_caller_id and outbound_caller_name
       The caller ID telephone number we should use when calling out.
       Used by: conference.conf.xml and user directory for default
       outbound callerid name and number.
  <X-PRE-PROCESS cmd="set" data="outbound_caller_name=FreeSWITCH"/>
  <X-PRE-PROCESS cmd="set" data="outbound_caller_id=0000000000"/>

  <!-- various debug and defaults -->
  <X-PRE-PROCESS cmd="set" data="call_debug=false"/>
  <X-PRE-PROCESS cmd="set" data="console_loglevel=info"/>
  <X-PRE-PROCESS cmd="set" data="default_areacode=918"/>
  <X-PRE-PROCESS cmd="set" data="default_country=US"/>

  <X-PRE-PROCESS cmd="set" data="be-ring=%(1000,3000,425)"/>
  <X-PRE-PROCESS cmd="set" data="ca-ring=%(2000,4000,440,480)"/>
  <X-PRE-PROCESS cmd="set" data="cn-ring=%(1000,4000,450)"/>
  <X-PRE-PROCESS cmd="set" data="cy-ring=%(1500,3000,425)"/>
  <X-PRE-PROCESS cmd="set" data="cz-ring=%(1000,4000,425)"/>
  <X-PRE-PROCESS cmd="set" data="de-ring=%(1000,4000,425)"/>
  <X-PRE-PROCESS cmd="set" data="dk-ring=%(1000,4000,425)"/>
  <X-PRE-PROCESS cmd="set" data="dz-ring=%(1500,3500,425)"/>
  <X-PRE-PROCESS cmd="set" data="eg-ring=%(2000,1000,475,375)"/>
  <X-PRE-PROCESS cmd="set" data="fi-ring=%(1000,4000,425)"/>
  <X-PRE-PROCESS cmd="set" data="fr-ring=%(1500,3500,440)"/>
  <X-PRE-PROCESS cmd="set"
  <X-PRE-PROCESS cmd="set" data="hu-ring=%(1250,3750,425)"/>
  <X-PRE-PROCESS cmd="set" data="il-ring=%(1000,3000,400)"/>
  <X-PRE-PROCESS cmd="set"
  <X-PRE-PROCESS cmd="set" data="jp-ring=%(1000,2000,420,380)"/>
  <X-PRE-PROCESS cmd="set" data="ko-ring=%(1000,2000,440,480)"/>
  <X-PRE-PROCESS cmd="set" data="pk-ring=%(1000,2000,400)"/>
  <X-PRE-PROCESS cmd="set" data="pl-ring=%(1000,4000,425)"/>
  <X-PRE-PROCESS cmd="set" data="ro-ring=%(1850,4150,475,425)"/>
  <X-PRE-PROCESS cmd="set" data="rs-ring=%(1000,4000,425)"/>
  <X-PRE-PROCESS cmd="set" data="ru-ring=%(800,3200,425)"/>
  <X-PRE-PROCESS cmd="set" data="sa-ring=%(1200,4600,425)"/>
  <X-PRE-PROCESS cmd="set" data="tr-ring=%(2000,4000,450)"/>
  <X-PRE-PROCESS cmd="set"
  <X-PRE-PROCESS cmd="set" data="us-ring=%(2000,4000,440,480)"/>
  <X-PRE-PROCESS cmd="set"
  <X-PRE-PROCESS cmd="set"
  data="sit=%(274,0,913.8);%(274,0,1370.6);%(380,0,1776.7)"/> <!--
  Setting up your default sip provider is easy. Below are some values
  that should work in most cases. These are for
  conf/directory/default/example.com.xml --> <X-PRE-PROCESS cmd="set"
  data="default_provider=example.com"/> <X-PRE-PROCESS cmd="set"
  data="default_provider_username=joeuser"/> <X-PRE-PROCESS cmd="set"
  data="default_provider_password=password"/> <X-PRE-PROCESS cmd="set"
  data="default_provider_from_domain=example.com"/> <!-- true or false
  --> <X-PRE-PROCESS cmd="set" data="default_provider_register=false"/>
  <X-PRE-PROCESS cmd="set" data="default_provider_contact=5000"/>

      SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
  <X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1"/>

  <!-- Internal SIP Profile -->
  <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
  <X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>
  <X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/>
  <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=false"/>
  <X-PRE-PROCESS cmd="set"

  <!-- External SIP Profile -->
  <X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/>
  <X-PRE-PROCESS cmd="set" data="external_sip_port=5080"/>
  <X-PRE-PROCESS cmd="set" data="external_tls_port=5081"/>
  <X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/>
  <X-PRE-PROCESS cmd="set"
  data="external_ssl_dir=$${base_dir}/conf/ssl"/> </include>

> David Ponzone  Direction Technique
> email: david.ponzone at ipeva.fr
> tel:      01 74 03 18 97
> gsm:   06 66 98 76 34
> Service Client IPeva
> tel:      0811 46 26 26
> www.ipeva.fr  -   www.ipeva-studio.com
> Ce message et toutes les pièces jointes sont confidentiels et établis
> à l'intention exclusive de ses destinataires. Toute utilisation ou
> diffusion non autorisée est interdite. Tout message électronique est
> susceptible d'altération. IPeva décline toute responsabilité au titre
> de ce message s'il a été altéré, déformé ou falsifié. Si vous n'êtes
> pas destinataire de ce message, merci de le détruire immédiatement et
> d'avertir l'expéditeur.
> Le 27/06/2011 à 22:05, Al Bogner a écrit :
> > I am doing my first steps with freeswitch. 
> > 
> > I have installed on an Ubuntu 11.04 server:
> > 
> > ii  freeswitch                           1.0.7~20110603-0natty6  
> > ii  freeswitch-codec-passthru-g7231      1.0.7~20110603-0natty6  
> > ii  freeswitch-codec-passthru-g729       1.0.7~20110603-0natty6  
> > ii  freeswitch-lang-de                   1.0.7~20110603-0natty6  
> > ii  freeswitch-lang-en                   1.0.7~20110603-0natty6
> > 
> > 
> > Following the tutorial at
> > http://www.onlinesolution.co.nz/viewtopic.php?t=102
> > I modified /opt/freeswitch/conf/directory/default/1000.xml
> > 
> > <include>
> >  <user id="1000">
> >    <params>
> >      <param name="password" value="siptest"/>
> >      <param name="vm-password" value="siptest"/>
> >    </params>
> >    <variables>
> >      <variable name="toll_allow" value="domestic,local"/>
> >      <variable name="accountcode" value="1000"/>
> >      <variable name="user_context" value="default"/>
> >      <variable name="effective_caller_id_name" value="Extension
> > 1000"/> <variable name="effective_caller_id_number" value="1000"/>
> >      <variable name="outbound_caller_id_name"
> > value="$${outbound_caller_name}"/> <variable
> > name="outbound_caller_id_number" value="$${outbound_caller_id}"/>
> > <variable name="callgroup" value="techsupport"/> </variables>
> >  </user>
> > </include>
> > 
> > 
> > Then I tried to connect to the server from another machine:
> > 
> > 
> > +++ 27-6-2011 17:07:30.279796 INFO SIP ::send_sip_udp
> > Send to: udp:
> > REGISTER sip: SIP/2.0
> > Via: SIP/2.0/UDP;rport;branch=z9hG4bKcvkohckk
> > Max-Forwards: 70
> > To: "FS Admin" <sip:1000 at>
> > From: "FS Admin" <sip:1000 at>;tag=nyyvz
> > Call-ID: zmjxppampyrrgxk at client.local.tld
> > CSeq: 645 REGISTER
> > Contact: <sip:1000 at>;expires=3600
> > Allow:
> > User-Agent: Twinkle/1.4.2 Content-Length: 0
> > 
> > 
> > ---
> > 
> > +++ 27-6-2011 17:07:30.281799 INFO SIP ::process_sip_msg
> > Received from: udp:
> > SIP/2.0 403 Forbidden
> > Via: SIP/2.0/UDP
> >;received=;rport=5060;branch=z9hG4bKcvkohckk
> > To: "FS Admin" <sip:1000 at>;tag=iairy From: "FS Admin"
> > <sip:1000 at>;tag=nyyvz Call-ID:
> > zmjxppampyrrgxk at client.local.tld CSeq: 645 REGISTER
> > Server: Twinkle/1.4.2
> > Content-Length: 0
> > 
> > 
> > What could be wrong, so I can't connect?
> > 
> > Al
> > 
> > _______________________________________________
> > Join us at ClueCon 2011, Aug 9-11, Chicago
> > http://www.cluecon.com 877-7-4ACLUE
> > 
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org

More information about the FreeSWITCH-users mailing list