[Freeswitch-users] Stop packet radius
Joseph Waite
joelists at tm.net.uk
Thu Sep 7 10:27:32 UTC 2017
Ok
Firstly, you should always redact and sensitive parts of config files before posting to a public user group. And Hacker now has the access credential for your radius server, I would advise changing the password immediately.
This line should have had the IP and password blanked out <param name="authserver" value="170.84.252.34:1812:J79RSaEh5dswcGdffyP5rg4u”/>
In regards to the issue your having, I would be surprised if it is actually an issue with the radius module as Dmitriy suggests and would suspect that it is the way FS passes the 2 different values used. If you compare the radius packet in your original email, with the radius config file, dst-number-in is using FS variable sip_to_user with a secondary of dialed_extension which is passing the information correctly in the radius packet, however both Called-Station-Id & dst-number-out are using dialed_extension as the variable. A check of the values of the variables at the relevant time would confirm.
Assuming I’m correct above the following change should resolve the issue for you.
In the xml_radius config file change the following line
<param vendor="Cisco" name="Cisco-AVPair" variable="destination_number" format="dst-number-out=%s”/>
to look like this
<param vendor="Cisco" name="Cisco-AVPair" variable="sip_to_user” secondary_variable="destination_number" format="dst-number-out=%s”/>
Also if you need the same for the Called-Station-Id the change the following line
<param name="Called-Station-Id" variable="destination_number" format="%s"/>
to look like
<param name="Called-Station-Id" variable="sip_to_user” secondary_variable="destination_number" format="%s"/>
Hope this helps.
Regards
> On 6 Sep 2017, at 18:39, Phonecall SRL - Nicolas Paleari <npaleari at phonecallsrl.com.ar> wrote:
>
> Hi, copy the contents of the file:
>
> <configuration name="xml_radius.conf" description="Radius XML Gateway">
> <auth_invite>
> <connection name="jerasoft_vcs">
> <param name="authserver" value="170.84.252.34:1812:J79RSaEh5dswcGdffyP5rg4u"/>
> <param name="radius_timeout" value="10"/>
> <param name="radius_retries" value="2"/>
> <param name="radius_deadtime" value="0"/>
> <param name="dictionary" value="/usr/local/freeswitch/conf/dictionaries/dictionary"/>
> <param name="seqfile" value="/var/run/freeswitch/radius.seq"/>
> </connection>
> <fields>
> <param vendor="Cisco" name="Cisco-AVPair" variable="ip" format="src-gw-ip=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_from_user" format="src-gw-name=%s"/>
> <param vendor="Cisco" name="h323-conf-id" variable="Core-UUID" format="%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="ip" format="request-type=number"/>
> <param name="Called-Station-Id" variable="sip_to_user" format="%s"/>
> <param name="Calling-Station-Id" variable="sip_from_user" format="%s"/>
> <param name="User-Name" variable="sip_from_user" format="%s"/>
> <param name="Digest-Response" variable="sip_auth_response" format="%s"/>
> <param name="Digest-Realm" variable="sip_auth_realm" format="%s"/>
> <param name="Digest-Nonce" variable="sip_auth_nonce" format="%s"/>
> <param name="Digest-Username" variable="sip_auth_username" format="%s"/>
> <param name="Digest-URI" variable="sip_auth_uri" format="%s"/>
> <param name="Digest-Method" variable="sip_auth_method" format="%s"/>
> <param name="Digest-Algorithm" variable="sip_auth_method" format="MD5"/>
> <param name="Digest-Qop" variable="sip_auth_qop" format="%s"/>
> <param name="Digest-CNonce" variable="sip_auth_cnonce" format="%s"/>
> <param name="Digest-Nonce-Count" variable="sip_auth_nc" format="%s"/>
> </fields>
> </auth_invite>
> <auth_reg>
> <connection name="jerasoft_vcs">
> <param name="authserver" value="170.84.252.34:1812:J79RSaEh5dswcGdffyP5rg4u"/>
> <param name="radius_timeout" value="10"/>
> <param name="radius_retries" value="2"/>
> <param name="radius_deadtime" value="0"/>
> <param name="dictionary" value="/usr/local/freeswitch/conf/dictionaries/dictionary"/>
> <param name="seqfile" value="/var/run/freeswitch/radius.seq"/>
> </connection>
> <fields>
> <param vendor="Cisco" name="Cisco-AVPair" variable="ip" format="request-type=user"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="ip" format="src-gw-ip=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_from_user" format="src-gw-name=%s"/>
> <param name="User-Name" variable="sip_from_user" format="%s"/>
> <param name="Digest-Response" variable="sip_auth_response" format="%s"/>
> <param name="Digest-Realm" variable="sip_auth_realm" format="%s"/>
> <param name="Digest-Nonce" variable="sip_auth_nonce" format="%s"/>
> <param name="Digest-Username" variable="sip_auth_username" format="%s"/>
> <param name="Digest-URI" variable="sip_auth_uri" format="%s"/>
> <param name="Digest-Method" variable="sip_auth_method" format="%s"/>
> <param name="Digest-Algorithm" variable="sip_auth_method" format="MD5"/>
> <param name="Digest-Qop" variable="sip_auth_qop" format="%s"/>
> <param name="Digest-CNonce" variable="sip_auth_cnonce" format="%s"/>
> <param name="Digest-Nonce-Count" variable="sip_auth_nc" format="%s"/>
> </fields>
> </auth_reg>
> <auth_app>
> <connection name="jerasoft_vcs">
> <param name="authserver" value="170.84.252.34:1812:J79RSaEh5dswcGdffyP5rg4u"/>
> <param name="radius_timeout" value="10"/>
> <param name="radius_retries" value="2"/>
> <param name="radius_deadtime" value="0"/>
> <param name="dictionary" value="/usr/local/freeswitch/conf/dictionaries/dictionary"/>
> <param name="seqfile" value="/var/run/freeswitch/radius.seq"/>
> </connection>
> <fields>
> <param vendor="Cisco" name="h323-conf-id" variable_secondary="uuid" variable="originating_leg_uuid" format="%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="uuid" format="h323-call-id=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_network_ip" format="src-gw-ip=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_from_user" format="src-gw-name=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_from_user" format="src-number-in=%s" />
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_to_user" format="dst-number-in=%s" />
> <param name="Called-Station-Id" variable="sip_to_user" format="%s"/>
> <param name="Calling-Station-Id" variable="sip_from_user" format="%s"/>
> </fields>
> </auth_app>
> <acct_start>
> <connection name="jerasoft_vcs">
> <param name="acctserver" value="170.84.252.34:1813:J79RSaEh5dswcGdffyP5rg4u"/>
> <param name="radius_timeout" value="10"/>
> <param name="radius_retries" value="0"/>
> <param name="radius_deadtime" value="0"/>
> <param name="dictionary" value="/usr/local/freeswitch/conf/dictionaries/dictionary"/>
> <param name="seqfile" value="/var/run/freeswitch/radius.seq"/>
> </connection>
> <fields>
> <param vendor="Cisco" name="h323-call-origin" variable="h323-call-origin" default="answer" format="%s"/>
> <param vendor="Cisco" name="h323-conf-id" variable_secondary="uuid" variable="originating_leg_uuid" format="%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="uuid" format="h323-call-id=%s"/>
>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_contact_host" format="src-gw-ip=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_from_user" variable_secondary="ani" format="src-gw-name=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_from_user" variable_secondary="ani" format="src-number-in=%s" />
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_from_user" variable_secondary="ani" format="src-number-out=%s" />
> <param name="Calling-Station-Id" variable="sip_from_user" variable_secondary="ani" format="%s"/>
>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_to_host" format="dst-gw-ip=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="destination_number" format="dst-gw-name=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_to_user" format="dst-number-in=%s" />
> <param vendor="Cisco" name="Cisco-AVPair" variable="destination_number" format="dst-number-out=%s" />
> <param name="Called-Station-Id" variable="destination_number" format="%s"/>
>
> <param vendor="Cisco" name="h323-setup-time"/>
> </fields>
> <conditions>
> <condition>
> <param var="sip_to_host" regex="^127\.0\.0\.1" anti="true"/>
> </condition>
> </conditions>
> </acct_start>
> <acct_end>
> <connection name="jerasoft_vcs">
> <param name="acctserver" value="170.84.252.34:1813:J79RSaEh5dswcGdffyP5rg4u"/>
> <param name="radius_timeout" value="10"/>
> <param name="radius_retries" value="0"/>
> <param name="radius_deadtime" value="0"/>
> <param name="dictionary" value="/usr/local/freeswitch/conf/dictionaries/dictionary"/>
> <param name="seqfile" value="/var/run/freeswitch/radius.seq"/>
> </connection>
> <fields>
> <param vendor="Cisco" name="h323-call-origin" variable="h323-call-origin" default="answer" format="%s"/>
> <param vendor="Cisco" name="h323-conf-id" variable_secondary="uuid" variable="originating_leg_uuid" format="%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="uuid" format="h323-call-id=%s"/>
>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_contact_host" format="src-gw-ip=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_from_user" variable_secondary="ani" format="src-gw-name=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_from_user" variable_secondary="ani" format="src-number-in=%s" />
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_from_user" variable_secondary="ani" format="src-number-out=%s" />
> <param name="Calling-Station-Id" variable="sip_from_user" variable_secondary="ani" format="%s"/>
>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_to_host" format="dst-gw-ip=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_to_user" variable_secondary="dialed_extension" format="dst-gw-name=%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable="sip_to_user" variable_secondary="dialed_extension" format="dst-number-in=%s" />
> <param name="Called-Station-Id" variable="destination_number" format="%s"/>
> <param vendor="Cisco" name="h323-setup-time"/>
> <param vendor="Cisco" name="h323-connect-time"/>
> <param vendor="Cisco" name="h323-disconnect-time"/>
> <param vendor="Cisco" name="h323-disconnect-cause"/>
> <param name="Acct-Session-Time" variable="billsec" format="%s"/>
> <param vendor="Cisco" name="Cisco-AVPair" variable_secondary="progresssec" variable="progress_mediasec" format="pdd-time=%s"/>
>
> <param vendor="Cisco" name="Cisco-AVPair" variable="destination_number" format="dst-number-out=%s"/>
> </fields>
> <conditions>
> <condition>
> <param var="sip_to_host" regex="^170\.84\.252\.34" anti="true"/>
> </condition>
> </conditions>
> </acct_end>
> </configuration>
> Best regards
> <Firma Nico Phonecall_new.jpg>
> El 6/9/2017 a las 11:59 a. m., Jospeh Waite escribió:
>> Could you supply a copy of your xml_radius.conf.xml?
>>
>> Might have a clue in there.
>>> On 6 Sep 2017, at 12:03, Nicolas Paleari <npaleari at phonecallsrl.com.ar <mailto:npaleari at phonecallsrl.com.ar>> wrote:
>>>
>>> Hello, change does Freeswitch, I understand why it does a coding, I need to receive #, this is how the carrier calls waiting
>>>
>>> El 6 sep. 2017 7:08 AM, "Joseph Waite" <joelists at tm.net.uk <mailto:joelists at tm.net.uk>> escribió:
>>> I'm your radius config are you using the same variable to set both?
>>>
>>> If not and they will always be the same, may be worth trying changing to use the same. That way can figure out if it's the radius module or freeswitch making the change.
>>>
>>> Joe Waite
>>>
>>> On 5 Sep 2017, at 14:22, Nicolas Paleari <npaleari at phonecallsrl.com.ar <mailto:npaleari at phonecallsrl.com.ar>> wrote:
>>>
>>>> Friends, I need help, I get incorrect information in the stop packet of raduis that sends freeswitch, in the field dst-number-out the number has %23 instead of #, I do not understand why it replaces it,dst-number-out should be equal to field dst-number-in = 492482 # 541151995330
>>>> Send stop package where you see the problem:
>>>>
>>>> [2017-09-01 19:03:46,119] DEBUG WORKER 38 - [pkt#175515/ACCT-STOP]
>>>> --- START: [pkt#175515/ACCT-STOP] --------------------------------------
>>>> pdd-time => 0
>>>> called-station-id => 492482%23541151995330
>>>> nas-port => 0
>>>> dst-number-out => 492482%23541151995330
>>>> h323-conf-id => cd0f2a0d-4b7f-414c-b5be-d1b937a414db
>>>> h323-setup-time => 2017-09-01T15:03:36.328927-0400
>>>> acct-status-type => Stop
>>>> h323-disconnect-cause => 10
>>>> dst-gw-ip => 190.210.240.37
>>>> h323-disconnect-time => 2017-09-01T15:03:43.929039-0400
>>>> h323-call-id => 7a34a7be-d643-4f82-a66a-cd1eb0658b6c
>>>> src-gw-ip => 190.210.240.37
>>>> dst-number-in => 492482#541151995330
>>>> h323-call-origin => originate
>>>> nas-ip-address => 107.170.35.75
>>>> src-number-in => 7680858053
>>>> dst-gw-name => 492482#541151995330
>>>> h323-connect-time => 2017-09-01T15:03:38.268917-0400
>>>> src-gw-name => 7680858053
>>>> acct-session-time => 5
>>>> acct-delay-time => 0
>>>> src-number-out => 7680858053
>>>> calling-station-id => 7680858053
>>>> --- END: [pkt#175515/ACCT-STOP] --------------------------------------
>>>>
>>>> I hope you can help me
>>>>
>>>> Thank you
>>>>
>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Libre de virus. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>_________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>> http://www.cluecon.com <http://www.cluecon.com/>
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org <http://www.freeswitch.org/>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170907/9d8402dc/attachment-0001.html>
More information about the FreeSWITCH-users
mailing list