[Freeswitch-users] [!!Mass Mail] Connecting Freeswitch and Asterisk with outgoingregistration

Markus Bönke mbodbg at gmx.net
Wed Sep 2 11:19:26 MSD 2015


No the IP is not in the ACL, I know when I add it the calls are accepted and hit the configured context in the dial plan. My question is more about understanding the concept of gateways with outgoing registration. Why do I need ACL when I’m working with registration. I do not want to trust the IP in general, only if the gateway is registered. Let me give you more information about the message flow with that configuration.

Before I see the warning that the user cannot be found, I can see that the first SIP INVITE message is answered with:

...
 SIP/2.0 407 Proxy Authentication Required
...

After that, Asterisk sends the Proxy-Authorization in a second SIP INVITE message

...
Proxy-Authorization: Digest username="MyCustomSipTrunk1m", realm="sip.testprovider.com", algorithm=MD5, uri="sip:MyCustomSipTrunk1 at 192.168.1.151:5090", nonce="58602966-50f3-11e5-8fee-67e27a4a02bf", response="f85d7926c4ea17b5c88321f286ef7b71", qop=auth, cnonce="04b5d5ff", nc=00000001
...

Actually Asterisk is sending the authentication credentials of the user which is used by the freeswitch gateway to register. As this user does not exist in my directory, it explains why we see the warning in the log. If I add the user in my directory, like

 <domain name="sip.testprovider.com">
    <groups>
      <group name="default">
        <users>
          <user id="MyCustomSipTrunk1" />
        </users>
      </group>
    </groups>
  </domain>    

the authorization works and the call hits the dial plan. But configuring a user for a domain which does not belong to my server to do the authorization looks a bit strange for me. I already configured username and password in the gateway why can’t freeswitch use those information to authorize the incoming call?

Even if the call hits the dialplan with this configuration, it seems that it is not associated with the gateway. The channel variable sip_gateway_name is not set, and if I look on the status of the gateway (sofia status gateway …) I see the counters CallsIN and FailedCallsIN are still 0. Maybe that’s also the reason why the credentials of the gateway are not used?  

Thanks and Regards

Markus


> Am 02.09.2015 um 07:11 schrieb Fred Schulz <lte at lte-net.de>:
> 
> Do you have edited the acl.conf.xml in autload_configs to allow the Asterisk server?
> 
> 2015-09-02 00:06:28.877729 [DEBUG] sofia.c:9001 IP 192.168.1.202 Rejected by acl "domains". Falling back to Digest auth.​
> 
> ??
> 
> Von: freeswitch-users-bounces at lists.freeswitch.org <freeswitch-users-bounces at lists.freeswitch.org> im Auftrag von Markus Bönke <mbodbg at gmx.net>
> Gesendet: Mittwoch, 2. September 2015 00:25
> An: FreeSWITCH Users Help
> Betreff: [!!Mass Mail][Freeswitch-users] Connecting Freeswitch and Asterisk with outgoingregistration
>  
> Hello,
> 
> I’ve  connected freeswitch with an asterisk server via sip trunk with the following configuration in my test environment: 
> 
> Freeswitch side:
> 
>  <gateway name="sip.testprovider.com <http://sip.testprovider.com/>">
>               <param name="username" value="MyCustomSipTrunk1"/>
>               <param name="password" value="easy123"/>
>               <param name="extension" value="trunk"/>
>               <param name="register" value="true"/>
>               <param name="from_domain" value="sip.testprovider.com <http://sip.testprovider.com/>"/>
>  </gateway>
> 
> 
> Asterisk side:
> 
> sip.conf
> 
> [MyCustomSipTrunk1]
> type=peer
> callerid="MyCustomSipTrunk1" <MyCustomSipTrunk1>
> host=dynamic                   
> nat=no
> username=MyCustomSipTrunk1     
> fromdomain=sip.testprovider.com <http://sip.testprovider.com/>
> directmedia=no                  
> disallow=all
> allow=gsm                       
> allow=ulaw
> allow=alaw
> secret=easy123
> context=kamailio
> 
> extensions.conf
> 
> [kamailio]
> exten => _X.,1,Dial(SIP/${EXTEN}@MyCustomSipTrunk1,60,tr)
> 
> If I send a call from asterisk to freeswitch, I can see the following in the log:
> 
> 2015-09-02 00:06:28.877729 [DEBUG] sofia.c:9001 IP 192.168.1.202 Rejected by acl "domains". Falling back to Digest auth.
> 2015-09-02 00:06:28.877729 [WARNING] sofia_reg.c:2827 Can't find user [MyCustomSipTrunk1 at sip.testprovider.com <mailto:MyCustomSipTrunk1 at sip.testprovider.com>] from 192.168.1.202
> You must define a domain called 'sip.testprovider.com <http://sip.testprovider.com/>' in your directory and add a user with the id="MyCustomSipTrunk1" attribute
> and you must configure your device to use the proper domain in it's authentication credentials.
> 
> 
> If I create the user in the directory for the domain, it works - but why do I need to create this user however the gateway is already already registered and authenticated with the asterisk server?
> 
> Thanks
> 
> Markus
> 
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services: 
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150902/8031b6a0/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list