[Freeswitch-users] Directory and ACL authentication

Steven Ayre steveayre at gmail.com
Mon May 5 20:24:26 MSD 2014


You need this:
    <param name="apply-inbound-acl" value="domains"/>



On 5 May 2014 17:13, Victor Chukalovskiy <victor.chukalovskiy at gmail.com>wrote:

> Hello,
>
> Coming from wholesale background, my FS's run without any registrations.
> So far everything was ACL-based using "apply-inbound-acl" and I did not
> use any directory entries.
>
> The only problem with this is that once I have all IPs together in one
> big ALC, I can't identify which customer the call came from. E.g. need
> to set my_channel_variable=customer1 if a call came from particular IPs
> and my_channel_variable=customer2 if a call came from other IPs.
>
> So I'm trying to move ACL logic into directory by means of defining a
> user with cidr attribute. So far, no matter what I do FS challenges
> INVITE with "407" even-though the INVITE comes from the IP that is
> included in CIDR attribute for a user. I suppose for whatever reason
> switch does not match INVITEs against CIDR's in the directory. Please
> help me with that. WiKi is written from a somewhat different logic /
> perspective, so it's hard to apply.
>
> My SIP profile is:
>
> <profile name="test">
>    <gateways>
>    </gateways>
>    <domains>
>    </domains>
>    <settings>
>      <param name="parse-invite-tel-params" value="true"/>
>      <param name="user-agent-string" value="test"/>
>      <param name="debug" value="0"/>
>      <param name="sip-trace" value="no"/>
>      <param name="log-auth-failures" value="true"/>
>      <param name="rfc2833-pt" value="101"/>
>      <param name="sip-port" value="5060"/>
>      <param name="dialplan" value="XML"/>
>      <param name="context" value="test"/>
>      <param name="country" value="e164"/>
>      <param name="dtmf-duration" value="2000"/>
>      <param name="inbound-codec-prefs" value="$${default_codec_prefs}"/>
>      <param name="outbound-codec-prefs" value="$${default_codec_prefs}"/>
>      <param name="caller-id-type" value="none"/>
>      <param name="rtp-timer-name" value="soft"/>
>      <param name="rtp-ip" value="192.168.1.2"/>
>      <param name="sip-ip" value="192.168.1.2"/>
>      <param name="manage-presence" value="false"/>
>      <param name="manage-shared-appearance" value="false"/>
>      <param name="inbound-codec-negotiation" value="greedy"/>
>      <param name="disable-transcoding" value="true"/>
>      <param name="manual-redirect" value="false"/>
>      <param name="disable-transfer" value="true"/>
>      <param name="disable-register" value="false"/>
>      <param name="auth-calls" value="true"/>
>      <param name="rtp-timeout-sec" value="300"/>
>      <param name="rtp-hold-timeout-sec" value="1800"/>
>      <param name="pass-callee-id" value="false"/>
>    </settings>
> </profile>
>
>
> Thanks!
> -Victor
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140505/f34caeb7/attachment.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list