[Freeswitch-users] External Softphone Best Practices

Wed Jul 1 00:27:48 MSD 2015

If you are going to create a profile specifically to handle remote sip
phones, you might as well setup the profile with TLS, and configure it
to require register auth. Then by the time the call gets to the
dialplan, it will have already had successful authentication.

William King
Senior Engineer
Quentus Technologies, INC
1037 NE 65th St Suite 273
Seattle, WA 98115
Main:   (877) 211-9337
Office: (206) 388-4772
Cell:   (253) 686-5518
william.king at quentustech.com

On 6/30/15 12:35 PM, Komar, Jason wrote:
> I have set up a couple of PBXs using FreeSWITCH over the last few years.
> I have learned quite a bit, but am certainly no expert.
> 
> Recently, I installed Bria on my Android cell phone and was using it to
> make calls over FreeSWITCH throughout our building on our local network
> wifi. I wanted to be able to make calls from offsite as well, sometimes
> on wifi and sometimes over cellular data. I setup an external5090
> profile as I read on the wiki (didn't see anything in confluence yet). I
> was able to register through this profile, but outgoing calls from my
> softphone hit the public context and didn't go any further.
> 
> The user_context variable is set to default in my directory entry for
> this user, but that didn't seem to make a difference. I tried two things
> that worked, but am not sure if they open up any holes that would cause
> security problems:
> 
> 1.) If I set the context to default rather than public in the
> external5090 profile, it works, but I am unsure if this is at all secure.
> 
> 2.) If I leave the context as public in the external5090 profile and
> uncomment this section in the public.xml dialplan,
> 
>     <!--
> If you have made it this far lets challenge the caller and if they
> authenticate
> lets try what they dialed in the default context. (commented out by default)
>     -->
> 
>     <extension name="check_auth" continue="true">
>       <condition field="${sip_authorized}" expression="^true$"
> break="never">
> <anti-action application="respond" data="407"/>
>       </condition>
>     </extension>
>     
>     <extension name="transfer_to_default">
>       <condition>
> <action application="transfer" data="${destination_number} XML default"/>
>       </condition>
>     </extension>
> 
> it also works. This one seems the better option, but again, I'm not sure
> so I am asking the opinion of the experts on the list.
> 
> I spent several hours searching and reading everything I could find
> through Google and the mailing list archives, but came up a bit short.
> 
> Thanks in advance for your help.
> 
> Jason
> jkomar at jbox.ca <mailto:jkomar at jbox.ca>
> 
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services: 
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
> 