[Freeswitch-users] Directory and ACL authentication

Victor Chukalovskiy victor.chukalovskiy at gmail.com
Mon May 5 20:13:00 MSD 2014


Hello,

Coming from wholesale background, my FS's run without any registrations. 
So far everything was ACL-based using "apply-inbound-acl" and I did not 
use any directory entries.

The only problem with this is that once I have all IPs together in one 
big ALC, I can't identify which customer the call came from. E.g. need 
to set my_channel_variable=customer1 if a call came from particular IPs 
and my_channel_variable=customer2 if a call came from other IPs.

So I'm trying to move ACL logic into directory by means of defining a 
user with cidr attribute. So far, no matter what I do FS challenges 
INVITE with "407" even-though the INVITE comes from the IP that is 
included in CIDR attribute for a user. I suppose for whatever reason 
switch does not match INVITEs against CIDR's in the directory. Please 
help me with that. WiKi is written from a somewhat different logic / 
perspective, so it's hard to apply.

My SIP profile is:

<profile name="test">
   <gateways>
   </gateways>
   <domains>
   </domains>
   <settings>
     <param name="parse-invite-tel-params" value="true"/>
     <param name="user-agent-string" value="test"/>
     <param name="debug" value="0"/>
     <param name="sip-trace" value="no"/>
     <param name="log-auth-failures" value="true"/>
     <param name="rfc2833-pt" value="101"/>
     <param name="sip-port" value="5060"/>
     <param name="dialplan" value="XML"/>
     <param name="context" value="test"/>
     <param name="country" value="e164"/>
     <param name="dtmf-duration" value="2000"/>
     <param name="inbound-codec-prefs" value="$${default_codec_prefs}"/>
     <param name="outbound-codec-prefs" value="$${default_codec_prefs}"/>
     <param name="caller-id-type" value="none"/>
     <param name="rtp-timer-name" value="soft"/>
     <param name="rtp-ip" value="192.168.1.2"/>
     <param name="sip-ip" value="192.168.1.2"/>
     <param name="manage-presence" value="false"/>
     <param name="manage-shared-appearance" value="false"/>
     <param name="inbound-codec-negotiation" value="greedy"/>
     <param name="disable-transcoding" value="true"/>
     <param name="manual-redirect" value="false"/>
     <param name="disable-transfer" value="true"/>
     <param name="disable-register" value="false"/>
     <param name="auth-calls" value="true"/>
     <param name="rtp-timeout-sec" value="300"/>
     <param name="rtp-hold-timeout-sec" value="1800"/>
     <param name="pass-callee-id" value="false"/>
   </settings>
</profile>


Thanks!
-Victor






Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list