[Freeswitch-users] Getting started wiki page & external gateway: do I understand correctly?

Jim hakkie42 at gmail.com
Fri Jul 6 12:15:06 MSD 2012


Thanks - glad I understood. Comments inline.

On 5-7-2012 17:08, curriegrad2004 wrote:
> Actually I'd say not to modify the wiki at all. It is valid as it
> stands. 
Well, that'll certainly take the least effort required ;)

> Typically most users who use this default diaplan will
> register their SIP provider's gateways on the external profile and all
> of their phones in the internal profile.
Got that.... personnally would like to see some more (even redundant)
explanation of why things are done the way they are so people can
understand the concepts more easily and leaving the fact that no phones
are registered via the external profile more or less unspoken doesn't
really help understanding IMO... but: if you're fine with it, not
modifying the wiki doesn't take any effort, so I'll leave it ;)

(Yes, I'm the kind of guy that is prepared to write multiple posts about
one single word... and proud of it ;)

> Regarding the security part, well said over at that front. * users
> have been burned because of this. You can also set the default
> dialplan for that authenticated profile to be on public and set your
> users's user_context param to whatever context you want the user to be
> on.
Ok, got it.

> And the answer to your last question. Yes you sure as heck as can
> create a new sofia sip profile just for phones to register from the
> outside world.
Ok, thanks ;) Did that, now going on to create users and remove some
more default configs.

Next up: testing with LAN ATA, softphones and with double NAT:
phone---<ATA>---<NAT>----<NAT>---<FreeSwitch>---<ATA>---phone
... thinking I'm going to need NDLB-connectile-dysfunction there...

... but I'll certainly post again if I can't find my way out of trouble.

Thanks for the reply!

> On Thu, Jul 5, 2012 at 12:42 AM, Jim <hakkie42 at gmail.com> wrote:
>> Hi list,
>>
>> More or less beginner, home situation; trying to set up fs (again)..
>>
>> I've got 2 questions:
>>
>> 1. Posting here to make sure I understand before modifying the wiki.
>> Could you please correct me if I'm wrong?
>>
>> Over here
>> http://wiki.freeswitch.org/wiki/Getting_Started_Guide#External
>>
>> it says
>> "The External (formerly "outbound") profile handles outbound
>> registrations to a SIP provider."
>> However, earlier on it also mentions you can let external devices (i.e.
>> user phones in their own networks) register with that profile... so I'd
>> change this to:
>> "The External (formerly "outbound") profile also handles outbound
>> registrations to a SIP provider."
>>
>> Then this:
>> "The external profile allows anonymous calling, which is required as
>> your provider will never authenticate with you to send you a call."
>>
>> Skimmed through the bridge book p78, Receiving calls, which seems to
>> confirm external profile does not require authentication.
>> Ok, fine.
>>
>> Then this:
>> "In order to secure your FreeSWITCH it is wise to link your outbound
>> profile to a dialplan context other than 'default', which in the default
>> configuration is the where authenticated users are placed."
>> Seems this advice mixes a default situation (default dialplan being
>> sensitive) with conditional advice (your outbound profile which would be
>> external in a default config).
>>
>> I would change outbound to external in order to lessen confusion:
>> "In order to secure your FreeSWITCH it is wise to link your exgternal
>> profile to a dialplan context other than 'default', which in the default
>> configuration is where authenticated users are placed."
>>
>> ... although what is probably really meant is something like:
>> "As mentioned, the profile used for outbound registrations allows
>> anonymous, unauthenticated calling. By default, this profile is the
>> external profile. In order to secure your FreeSWITCH, don't link this
>> profile to a dialplan that allows dialing paid numbers or dialing users
>> (who may be bothered/harrassed) without any further checking.
>>
>> Summary: in a default configuration: don't link your external profile to
>> a 'default' dialplan."
>> ... which is a mouthful.
>>
>> 2. Given the above, if I want to have external users in their own
>> network behind NAT register to me, it would be best if I define an
>> additional profile that does require SIP authentication, right?
>>
>> I can then use the external profile to register with SIP trunks etc.



Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list