[Freeswitch-users] sip_to_user and destination number

Sergey Safarov s.safarov at gmail.com
Sat May 2 22:55:35 MSD 2015


In log you can see invite arrived from IP address 91.121.129.20
Change IP 10.7.1.60/32 to 91.121.129.20/32

I'm not sure to understand why i should use a so strange trick. Using
"internal" profile for external trunk can't be a security leak ?
It is not problem. In this case profile used for authenticate call by user
"provider_gw1". Real call processing executed in dialplan
"provider_inbound_calls". In this dialplan you can allow one DID number and
block all other.

If my provider change something about the 10.7.6.60 gateway, the trunk will
no longer work until i update my configuration ?
If provider can configure username and password for DID call authentication
you can remove "cird" attribute.
If username and password can't be configured, then say me how much DID
number provider assigned for you.

Sergey



On Sat, May 2, 2015 at 7:52 PM, Tanguy <phenix at vfemail.net> wrote:

>  Hello
>
> I'm not sure to understand why i should use a so strange trick. Using
> "internal" profile for external trunk can't be a security leak ? If my
> provider change something about the 10.7.6.60 gateway, the trunk will no
> longer work until i update my configuration ?
>
> Nevertheless i tried to apply your advice, so i moved by gateway in
> internal profile and i created a new user
>
> /usr/local/freeswitch/conf/dialplan/provider_inbound_calls/user.xml
>
> <include>
>   <user id="provider_gw1"  cidr="10.7.1.60/32" >
>     <params>
>       <param name="password" value="xxxxxx"/>
>     </params>
>   </user>
>   <variables>
>      <variable name="user_context" value="provider_inbound_calls"/>
>   </variables>
>
> </include>
>
> Unfortunately it did not work, but i have the good DID number in [
> 0557590xxx at 10.7.1.60]
>
> 2015-05-02 18:30:15.940354 [DEBUG] sofia.c:9015 IP 91.121.129.20 Rejected
> by acl "domains". Falling back to Digest auth.
> 2015-05-02 18:30:15.940354 [WARNING] sofia_reg.c:2827 Can't find user [
> anonymous at 10.7.1.60] from 91.121.129.20
> You must define a domain called '10.7.1.60' in your directory and add a
> user with the id="anonymous" attribute
> and you must configure your device to use the proper domain in it's
> authentication credentials.
> 2015-05-02 18:30:15.940354 [WARNING] sofia_reg.c:1687 SIP auth failure
> (INVITE) on sofia profile 'internal' for *[0557590xxx at 10.7.1.60
> <0557590xxx at 10.7.1.60>] *from ip 91.121.129.20
> 2015-05-02 18:30:15.940354 [DEBUG] switch_core_session.c:1061 Send signal
> sofia/internal/0967212xxx at sip.ovh.fr [BREAK]
> 2015-05-02 18:30:15.940354 [NOTICE] sofia.c:2063 Hangup
> sofia/internal/0967212xxx at sip.ovh.fr [CS_NEW] [CALL_REJECTED]
>
>
>
> Just for fun i created a user anonymous in domain 10.7.1.60 and reloaded
> with reloadxml but i still have the same message.
>
> /usr/local/freeswitch/conf/dialplan/10.7.1.60/user.xml
>
> <include>
>   <user id="anonymous"  cidr="10.7.1.60/32" >
>     <params>
>       <param name="password" value="xxxxx"/>
>     </params>
>   </user>
>   <variables>
>      <variable name="user_context" value="10.7.1.60"/>
>   </variables>
> </include>
>
>
>
>
> Thanks
>
>
> On 02/05/2015 08:17, Sergey Safarov wrote:
>
> Try
> 1) link gateway to "internal" profile;
> 2) create dialplan with name "provider_inbound_calls" and add required
> extensions;
> 3) create user "provider_gw1" in directory with attribute cidr="
> 10.7.1.60/32" (value from you example), with random value in param
> "password", and "provider_inbound_calls"  value in variable "user_context"
> After it you can make inbound call from.
> If provider has several gateways, add user record in directory for each
> gateway.
>
>  Sergey
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150502/1bbe695a/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list