[Freeswitch-users] Conflicting settings in SIP profile in vanilla demo

TTT lists at telium.io
Sat Nov 26 17:25:54 UTC 2022


That’s correct – that’s the concept I’m trying to understand.  If I don’t set a CIDR for a particular user, but add a CIDR range to the ‘domains’ ACL, what would be the effect.

 

I assumed that all users on that IP range would not have to authenticate.  (Documentation says users will not be challenged for authentication, but forums response says these users are “auth-authenticated”).  And as a result, the dialplan should processes them in the ‘default’ context since that is what the user_context variable for this user is set to.

 

However, the user is processed in the ‘public’ dialplan context.  If the user is auto-authenticated then why is the user_context variable not set/respected?  If the user is not authenticated, then what is the impact of adding a CIDR range to the domain acl ( if not all users have a CIDR attribute set.  ).  It would appear that adding a CIDR range to the domains ACL would cause any user without a CIDR to not be challenged for authentication, and will therefor never be treated as internal (or whatever their user_context is set to).

 

 

 

From: FreeSWITCH-users [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Brian West
Sent: Saturday, November 26, 2022 11:45 AM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo

 

I see no cidr definition on that user.

 

On Thu, Nov 24, 2022 at 1:43 PM TTT <lists at telium.io <mailto:lists at telium.io> > wrote:

The user (1019) is exactly as provided in the vanilla condif.  The user_context value is set as expected in the definition.

 

<include>

  <user id="1019">

    <params>

      <param name="password" value="$${default_password}"/>

      <param name="vm-password" value="1019"/>

    </params>

    <variables>

      <variable name="toll_allow" value="domestic,international,local"/>

      <variable name="accountcode" value="1019"/>

      <variable name="user_context" value="default"/>

      <variable name="effective_caller_id_name" value="Extension 1019"/>

      <variable name="effective_caller_id_number" value="1019"/>

      <variable name="outbound_caller_id_name" value="$${outbound_caller_name}"/>

      <variable name="outbound_caller_id_number" value="$${outbound_caller_id}"/>

      <variable name="callgroup" value="techsupport"/>

    </variables>

  </user>

</include>

 

 

From: FreeSWITCH-users [mailto:freeswitch-users-bounces at lists.freeswitch.org <mailto:freeswitch-users-bounces at lists.freeswitch.org> ] On Behalf Of Brian West
Sent: Wednesday, November 23, 2022 11:09 AM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org <mailto:freeswitch-users at lists.freeswitch.org> >
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo

 

what does your user's entry look like??

 

On Wed, Nov 23, 2022 at 10:00 AM TTT <lists at telium.io <mailto:lists at telium.io> > wrote:

After a few days on this topic my head is spinning (and I’ve read the Packt book and the wiki). And I’m using the vanilla demo only.  Maybe if I break this down you could confirm my understanding:

 

1.       The ‘domains’ acl is a list of IP addresses/ranges creating by reading from the users directory (from users who have a CIDR set).  It’s a list of those found CIDR’s.

2.       I can add an IP range to the domains acl by adding an allow node with cidr in the acl definition

3.       If a user registers from an IP matching the domains ACL, they are automatically authenticated, and their vars & params from the user definition are applied

 

Then why if that user tries to dial 5000 are they put into the public context (even though their variables, including user_context, were applied when they autoregistered)?  Their user_context is set to default in the user definition.

 

Something in my chain of logic above must be wrong

 

From: FreeSWITCH-users [mailto:freeswitch-users-bounces at lists.freeswitch.org <mailto:freeswitch-users-bounces at lists.freeswitch.org> ] On Behalf Of Brian West
Sent: Wednesday, November 23, 2022 9:12 AM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org <mailto:freeswitch-users at lists.freeswitch.org> >
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo

 

you're not setting the user_context in the variables that matches the cidr= attribute from the user in the directory.  

 

You can also call set_user to make it apply in the dialplan if needed also.

 

/b

 

 

On Tue, Nov 22, 2022 at 6:13 PM TTT <lists at telium.io <mailto:lists at telium.io> > wrote:

When a user is autoauthenticated, do the variables from the user profile get applied?  Or does that happen only during true authentication?

 

I’m trying to explain a strange behavior of a user being processed in the wrong dialplan context if I add the user’s subnet to the ‘domains’ acl as a cidr.  (A separate post topic)

 

 

From: FreeSWITCH-users [mailto:freeswitch-users-bounces at lists.freeswitch.org <mailto:freeswitch-users-bounces at lists.freeswitch.org> ] On Behalf Of Ken Rice
Sent: Tuesday, November 22, 2022 6:48 PM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org <mailto:freeswitch-users at lists.freeswitch.org> >
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo

 

no, it means users that match the acl are auto authenticated. 

Sent from my iPhone

 

On Nov 22, 2022, at 14:53, TTT <lists at telium.io <mailto:lists at telium.io> > wrote:



I am working with a simple FreeSWITCH installation, with the vanilla demo configuration. I see that the Internal SIP profile contains:

 

  <param name="apply-inbound-acl" value="domains"/>

  <param name="auth-calls" value="$${internal_auth_calls}"/>

 

The first line means that if a caller's IP is on the 'domains' list that they do NOT need to authenticate. The second line means that in order to use this SIP profile the user MUST be authenticated (internal_auth_calls is true).

 

Aren't these two lines contradictory? Why allow a user to not authenticate for this SIP profile, and then say they must authenticate to use this SIP profile?

_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales at freeswitch.com <mailto:sales at freeswitch.com> 
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com

_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales at freeswitch.com <mailto:sales at freeswitch.com> 
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com




 

-- 

 

Brian West | Co-founder and Developer

Need Commercial support? email sales at freeswitch.com <mailto:sales at freeswitch.com>  

FreeSWITCH Solutions |  <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g> 17345 Civic Drive #2531 Brookfield, WI 53045

Email: brian at freeswitch.com <mailto:brian at freeswitch.com> 

Mobile: 918-424-9378

Website:  <https://www.freeswitch.com/> https://www.FreeSWITCH.com

 <https://www.facebook.com/freeswitch>  <https://twitter.com/freeswitch> 

_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales at freeswitch.com <mailto:sales at freeswitch.com> 
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com




 

-- 

 

Brian West | Co-founder and Developer

Need Commercial support? email sales at freeswitch.com <mailto:sales at freeswitch.com>  

FreeSWITCH Solutions |  <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g> 17345 Civic Drive #2531 Brookfield, WI 53045

Email: brian at freeswitch.com <mailto:brian at freeswitch.com> 

Mobile: 918-424-9378

Website:  <https://www.freeswitch.com/> https://www.FreeSWITCH.com

 <https://www.facebook.com/freeswitch>  <https://twitter.com/freeswitch> 

_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales at freeswitch.com <mailto:sales at freeswitch.com> 
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com




 

-- 

 

Brian West | Co-founder and Developer

Need Commercial support? email sales at freeswitch.com <mailto:sales at freeswitch.com>  

FreeSWITCH Solutions |  <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g> 17345 Civic Drive #2531 Brookfield, WI 53045

Email: brian at freeswitch.com <mailto:brian at freeswitch.com> 

Mobile: 918-424-9378

Website:  <https://www.freeswitch.com/> https://www.FreeSWITCH.com

 <https://www.facebook.com/freeswitch>  <https://twitter.com/freeswitch> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20221126/cd38a26e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 344 bytes
Desc: not available
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20221126/cd38a26e/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 344 bytes
Desc: not available
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20221126/cd38a26e/attachment-0003.jpg>


More information about the FreeSWITCH-users mailing list