[Freeswitch-users] Radius auth based on IP without sending 407 Proxy authentication required

Michael Jerris mike at jerris.com
Tue Jun 20 19:03:15 UTC 2017


Yes, but he’s specifically said he doesn’t have the users in dir… this option has already been discussed, so what I pointed out is the only other option, and the only way to do this totally dynamically.

> On Jun 20, 2017, at 2:44 PM, Sergey Safarov <s.safarov at gmail.com> wrote:
> 
> Mike user IP may be added to ACL and then FreeSwitch will send directory lookup request.
> 
> вт, 20 июн. 2017 г. в 21:31, Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>>:
> the user directory lookup for auth is not done until after we send the 407.  To do this without an acl you need to not do auth on the sip profile, and handle it in dial plan instead.
> 
>> On Jun 20, 2017, at 2:22 PM, Joseph Waite <joelists at tm.net.uk <mailto:joelists at tm.net.uk>> wrote:
>> 
>> There are no users configured on FreeSwitch, all user config is done on JeraSoft VCS and FreeSwitch authenticates via radius!
>> 
>> FreeSwitch should allow an INVITE from any IP, not send 407, but authenticate via Radius
>>> On 20 Jun 2017, at 19:12, Sergey Safarov <s.safarov at gmail.com <mailto:s.safarov at gmail.com>> wrote:
>>> 
>>> you can add cidr attribute for all users
>>> 
>>> вт, 20 июн. 2017 г. в 20:25, Jospeh Waite <joelists at tm.net.uk <mailto:joelists at tm.net.uk>>:
>>> I don’t want to allow certain users, I want all calls that come in on this Sofia profile to not send the 407 but still authenticate via Radius based on the IP.
>>> 
>>> 
>>>> On 20 Jun 2017, at 18:15, Sergey Safarov <s.safarov at gmail.com <mailto:s.safarov at gmail.com>> wrote:
>>>> 
>>>> When you generate manually ACL with trusted IP or via mod_xml_radius then you can accept call without 407 message.
>>>> Also if you add cird attribute to user directory then FreeSwitch can map call to user via cidr attribute.
>>>> 
>>>> вт, 20 июн. 2017 г. в 19:43, Joseph Waite <joelists at tm.net.uk <mailto:joelists at tm.net.uk>>:
>>>> I am using mod_xml_radius, however my issue is that if I enable auth_calls in profile it sends a 407 Proxy Authentication Required sip message, and if I set auth_calls to false it doesn’t authenticate with Radius, it simply passes call straight into the dial plan.
>>>> 
>>>> 
>>>>> On 20 Jun 2017, at 17:32, Sergey Safarov <s.safarov at gmail.com <mailto:s.safarov at gmail.com>> wrote:
>>>>> 
>>>>> You can try mod_xml_radius and generate directory record with cidr adribute.
>>>>> 
>>>>> 
>>>>> вт, 20 июня 2017 г., 19:25 Joseph Waite <joelists at tm.net.uk <mailto:joelists at tm.net.uk>>:
>>>>> Hi Guys
>>>>> 
>>>>> I am trying to configure a Sofia Profile that will not send a 407 Proxy Authentication Required, but will still authenticate the incoming invite via Radius based on the IP address of the INVITE.
>>>>> 
>>>>> If I change the Auth_calls to false on the Sofia profile, it doesn’t send the 407, but then it doesn’t authenticate the call.
>>>>> 
>>>>> Any help would be most appreciated.
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170620/aa8296fc/attachment.html>


More information about the FreeSWITCH-users mailing list