[Freeswitch-users] Authenticate external calls problem

Nandy Dagondon gcd at i.ph
Mon Apr 16 10:25:14 MSD 2012 

i think you should define Netelip as sofia_profiles/external/netelip.xml
because you should register to Netelip. you define netelip in
conf/directory/default/example.conf.xml when you require netelip to
register to your FS.

On Sat, Apr 14, 2012 at 9:11 AM, Jose Miguel Sucasas Mejuto <
jmsucasas at me.com> wrote:

> Hello,
>
>    I have installed freeSwitch 1.1beta from the git repository
> (FreeSWITCH-mod_sofia/1.1.beta1-git-d2edcad 2012-03-31 23-42-27 +0000).  My
> SIP provider (Netelip) is defined in
> conf/directory/default/example.conf.xml:
>
> <include>
>   <user id="$${default_provider}">
>     <gateways>
>       <gateway name="$${default_provider}">
> <param name="username" value="$${default_provider_username}"/>
> <param name="password" value="$${default_provider_password}"/>
> <param name="from-user" value="$${default_provider_username}"/>
> <param name="from-domain" value="$${default_provider_from_domain}"/>
> <param name="expire-seconds" value="600"/>
> <param name="register" value="$${default_provider_register}"/>
> <param name="retry-seconds" value="30"/>
> <param name="extension" value="$${default_provider_contact}"/>
> <param name="auth-calls" value="false"/>
> <!--<param name="contact-params" value="domain_name=$${domain}"/>-->
> <param name="context" value="public"/>
>       </gateway>
>     </gateways>
>     <params>
>       <param name="password" value="$${default_provider_password}"/>
>     </params>
>   </user>
> </include>
>
> and doesn't authenticate inbound calls (insecure=invite in asterisk
> language). When I receive an inbound call,  I receive the following error:
>
> freeswitch at internal>
> recv 1000 bytes from udp/[194.140.135.80]:5060 at 23:23:10.163377:
>    ------------------------------------------------------------------------
>    INVITE sip:34810101189 at sukmad.dyndns-home.com SIP/2.0
>    Via: SIP/2.0/UDP 194.140.135.80:5060;branch=z9hG4bK6bb16a10;rport
>    From: "916495242" <sip:916495242 at 194.140.135.80>;tag=as7a2a97e5
>    To: <sip:34810101189 at sukmad.dyndns-home.com>
>    Contact: <sip:916495242 at 194.140.135.80>
>    Call-ID: 6c47a4064ef8d0641da415d2121e3226 at 194.140.135.80
>    CSeq: 102 INVITE
>    User-Agent: Netelip
>    Max-Forwards: 70
>    Date: Fri, 13 Apr 2012 23:23:51 GMT
>    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
>    Supported: replaces
>    Content-Type: application/sdp
>    Content-Length: 425
>
>    v=0
>    o=root 1249 1249 IN IP4 194.140.135.80
>    s=session
>    c=IN IP4 194.140.135.80
>    t=0 0
>    m=audio 16474 RTP/AVP 8 0 97 3 18 4 101
>    a=rtpmap:8 PCMA/8000
>    a=rtpmap:0 PCMU/8000
>    a=rtpmap:97 iLBC/8000
>    a=fmtp:97 mode=30
>    a=rtpmap:3 GSM/8000
>    a=rtpmap:18 G729/8000
>    a=fmtp:18 annexb=no
>    a=rtpmap:4 G723/8000
>    a=fmtp:4 annexa=no
>    a=rtpmap:101 telephone-event/8000
>    a=fmtp:101 0-16
>    a=silenceSupp:off - - - -
>    a=ptime:20
>    a=sendrecv
>    ------------------------------------------------------------------------
> send 382 bytes to udp/[194.140.135.80]:5060 at 23:23:10.164409:
>    ------------------------------------------------------------------------
>    SIP/2.0 100 Trying
>    Via: SIP/2.0/UDP 194.140.135.80:5060;branch=z9hG4bK6bb16a10;rport=5060
>    From: "916495242" <sip:916495242 at 194.140.135.80>;tag=as7a2a97e5
>    To: <sip:34810101189 at sukmad.dyndns-home.com>
>    Call-ID: 6c47a4064ef8d0641da415d2121e3226 at 194.140.135.80
>    CSeq: 102 INVITE
>    User-Agent: FreeSWITCH-mod_sofia/1.1.beta1-git-d2edcad 2012-03-31
> 23-42-27 +0000
>    Content-Length: 0
>
>    ------------------------------------------------------------------------
> 2012-04-14 01:23:10.162331 [DEBUG] sofia.c:7598 IP 194.140.135.80 Rejected
> by acl "domains". Falling back to Digest auth.
> send 871 bytes to udp/[194.140.135.80]:5060 at 23:23:10.166026:
>    ------------------------------------------------------------------------
> *   SIP/2.0 407 Proxy Authentication Required*
>    Via: SIP/2.0/UDP 194.140.135.80:5060;branch=z9hG4bK6bb16a10;rport=5060
>    From: "916495242" <sip:916495242 at 194.140.135.80>;tag=as7a2a97e5
>    To: <sip:34810101189 at sukmad.dyndns-home.com>;tag=SaBHcvmm7evNF
>    Call-ID: 6c47a4064ef8d0641da415d2121e3226 at 194.140.135.80
>    CSeq: 102 INVITE
>    User-Agent: FreeSWITCH-mod_sofia/1.1.beta1-git-d2edcad 2012-03-31
> 23-42-27 +0000
>    Accept: application/sdp
>    Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO,
> REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
>    Supported: timer, precondition, path, replaces
>    Allow-Events: talk, hold, presence, dialog, line-seize, call-info, sla,
> include-session-description, presence.winfo, message-summary, refer
>    Proxy-Authenticate: Digest realm="194.140.135.80",
> nonce="bc1571d4-0957-4609-a887-7c3359b9ae9c", algorithm=MD5, qop="auth"
>    Content-Length: 0
>
> I have read in forums that the solution to this problem is to add the IP
> to the acl.conf.xml, like this:
>
>     <list name="domains" default="deny">
>       <!-- domain= is special it scans the domain from the directory to
> build the ACL -->
>       <node type="allow" domain="$${domain}"/>
>       <!-- use cidr= if you wish to allow ip ranges to this domains acl.
> -->
>       *<node type="allow" cidr="194.140.135.80/24"/> *
>     </list>
>
> But my SIP provider have a dynamic IP, and it's behind a NAT.  If my SIP
> provider will use any IP, ¿Where can I do this without enabling all IPs to
> enter calls in my system?
>
>
> Thanks in advance,
>
> Regards.
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120416/a9d3795f/attachment.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list