[Freeswitch-users] Newbie question about inbound calls/NAT (yes I checked wiki first:-) )

Cal Leeming [Simplicity Media Ltd] cal.leeming at simplicitymedialtd.co.uk
Tue Apr 16 14:43:15 MSD 2013


Glad to hear you got it sorted, and thank you for posting back your finding
- hopefully this will help others in the future!

Cal

On Tue, Apr 16, 2013 at 9:29 AM, Jeff Bernhardt <jeff at askcornerstone.net>wrote:

>  You know, I actually just figured it out myself just a couple hours
> ago.... but I'm gonna give your method a shot too since I haven't played
> with ACLs yet and that would give me a chance to.
>
>  I discovered that the problem was actually how I'd setup Vitelity to
> route to the server. I didn't realize this before, but in Vitelity, you can
> either route to the server IP address to allow IP based authentication OR
> you can route to the account login name that the trunk is being registered
> with. The former was giving errors since I didn't have that account setup,
> whereas the latter worked with no problem. I'm guessing this is because
> with the IP based auth method, Vitelity connects to port 5060 (can't change
> this), which is taken as Freeswitch's default internal profile port
> (requires authentication) instead of port 5080 (the public profile with
> doesn't require authentication?), and since there was no internal user for
> what Vitelity was sending essentially unsolicited on 5060, it got denied.
> As to why it works by routing to the registered account login name I'm not
> sure, but perhaps that's part of what registration does; it sends to the
> public profile by default...?
>
>  Anyway, thanks for all the help! Great to see such an active and helpful
> list with something I'll need a lot of help with!
>
>  ------------------------------
> *From:* freeswitch-users-bounces at lists.freeswitch.org [
> freeswitch-users-bounces at lists.freeswitch.org] on behalf of Michael
> Collins [msc at freeswitch.org]
> *Sent:* Monday, April 15, 2013 7:15 PM
>
> *To:* FreeSWITCH Users Help
> *Subject:* Re: [Freeswitch-users] Newbie question about inbound calls/NAT
> (yes I checked wiki first:-) )
>
>  For inbound calls you can skip the authentication by adding the source
> IP address to the "domains" section of conf/autoload_configs/acl.conf.xml.
> This will prevent FreeSWITCH from challenging the inbound call if it comes
> from that IP address. This is more desirable than disabling call
> authentication altogether in your SIP profile. (i.e. you are allowing only
> a specific IP address to come in unauth'd as opposed to letting the whole
> world in!)
>
> Find out the source IP address for your Vitelity SIP traffic and add it to
> the acl.conf.xml file in the "domains" section. It will be something like
> this:
>
> <node type="allow" cidr="1.2.3.4/32"/>
>
> After you save that go to fs_cli and type "reloadacl". NOTE: simply doing
> a "reloadxml" is not sufficient to make the new ACL entry take effect.
> ("reloadxml" simply reloads the XML config; "reloadacl" does a reloadxml
> and then reloads the ACL entries.)
>
> Hope this helps.
> -MC
>
> On Mon, Apr 15, 2013 at 12:30 AM, Jeff Bernhardt <jeff at askcornerstone.net>wrote:
>
>>  Thanks. I had a look at the links and changed "domain and even
>> "domain_name" in vars.xml to be the external ip, but the error now just
>> says  it can's find user abcd_1.2.3.4 at 1.2.3.4 instead of @192.168.10.32.
>>
>>  And actually, I 'm mostly confused because I thought incoming calls
>> were treated as unauthenticated and allowed to pass through. Isn't
>> registering the trunk with the SIP provider enough to get incoming calls
>> accepted?
>>
>>  The errors says "...you must configure your device to use the proper
>> domain in it's authentication credentials," but how is the SIP trunk
>> treated as a device?
>>
>>  Like I said, I think I'm misunderstanding something fundamental about
>> this.
>>
>>  Thanks you.
>>
>>  ------------------------------
>> *From:* freeswitch-users-bounces at lists.freeswitch.org [
>> freeswitch-users-bounces at lists.freeswitch.org] on behalf of Cal Leeming
>> [Simplicity Media Ltd] [cal.leeming at simplicitymedialtd.co.uk]
>> *Sent:* Sunday, April 14, 2013 3:38 PM
>> *To:* FreeSWITCH Users Help
>> *Subject:* Re: [Freeswitch-users] Newbie question about inbound
>> calls/NAT (yes I checked wiki first:-) )
>>
>>   Hello Jeff,
>>
>>  Here is a related thread;
>>
>> http://freeswitch-users.2379917.n2.nabble.com/You-must-define-a-domain-called-xx-com-in-your-directory-td7585944.html
>>
>> http://lists.freeswitch.org/pipermail/freeswitch-users/2008-September/006232.html
>>
>>  You need to configure your domain and username, but as you can see here
>> your gateway/users are sending the domain '192.168.10.32', but you have not
>> configured this domain in sofia.conf.
>>
>>  If you are using multi-tenant then you'll need to put some more thought
>> into how you're going to approach this.
>>
>>  If you are not using multi-tenant (i.e. one domain only) then you could
>> force the domain as discussed here;
>>
>> http://www.feedingedge.co.uk/blog/2010/08/03/techie-post-opensim-and-freeswitch-problems/
>>
>>  Hope this helps
>>
>>  Cal
>>
>> On Sun, Apr 14, 2013 at 10:36 AM, Jeff Bernhardt <jeff at askcornerstone.net
>> > wrote:
>>
>>>  Setting up my first test box with Freeswitch. I'm really excited about
>>> getting it up and running.
>>>
>>>  I'm trying to get inbound calls working from external using a Vitelity
>>> trunk. Let's say my username from Vitelity is "abcd_efg" and password is
>>> "password," external IP is 1.2.3.4 and internal is 192.168.10.32. I get
>>> registered to Vitelity fine  (their web panel shows I'm registered and
>>> fs_cli confirms). However, when I make a call inbound, I get:
>>>
>>>  [WARNING] sofia_reg.c:2621 Can't find user [abcd_1.2.3.4 at 192.168.10.32]
>>> from <vitelity-inbound-trunk-ip>
>>> You must define a domain called '192.168.10.32' in your directory and
>>> add a user with the id="abcd_1.2.3.4" attribute
>>> and you must configure your device to use the proper domain in it's
>>> authentication credentials.
>>>
>>>  I don't know if this is related, but to get around NAT, I have this in
>>> vars.xml:
>>> <X-PRE-PROCESS cmd="set" data="external_rtp_ip=1.2.3.4"/>
>>> <X-PRE-PROCESS cmd="set" data="external_sip_ip=1.2.3.4"/>
>>>
>>>  and this in both internal.xml and external.xml:
>>>  <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
>>> <param name="ext-sip-ip" value="$${external_sip_ip}"/>
>>>
>>>  I have a feeling I've misunderstood something fundamental about
>>> setting up Freeswitch for inbound access. I've put in the above configs as
>>> per what I've found in the wiki, but I'm not sure how to do what the
>>> warning says or if it really means I have something not setup right. What
>>> am I doing wrong?
>>>
>>>  Thank you.
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
>
> --
> Michael S Collins
> Twitter: @mercutioviz
> http://www.FreeSWITCH.org
> http://www.ClueCon.com
> http://www.OSTAG.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130416/c0bf8d1d/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list