[Freeswitch-users] Conflicting settings in SIP profile in vanilla demo

Brian West brian at freeswitch.com
Sat Nov 26 17:31:57 UTC 2022


The domain ACL is special, it's built from the cidr= from the directory.
When you mix ip auth there is very little flexibility.  If you have users
that intersect then it's going to be the first to match.  I hope you can
understand why this is a bad approach?

You can't add or remove things to the domains acl using the acl.conf.xml it
disconnects the tie to the user in the directory if you do that, so you'll
have to use set_user to switch to the appropriate user.

/b


On Sat, Nov 26, 2022 at 11:27 AM TTT <lists at telium.io> wrote:

> That’s correct – that’s the concept I’m trying to understand.  If I don’t
> set a CIDR for a particular user, but add a CIDR range to the ‘domains’
> ACL, what would be the effect.
>
>
>
> I assumed that all users on that IP range would not have to authenticate.
> (Documentation says users will not be challenged for authentication, but
> forums response says these users are “auth-authenticated”).  And as a
> result, the dialplan should processes them in the ‘default’ context since
> that is what the user_context variable for this user is set to.
>
>
>
> However, the user is processed in the ‘public’ dialplan context.  If the
> user is auto-authenticated then why is the user_context variable not
> set/respected?  If the user is not authenticated, then what is the impact
> of adding a CIDR range to the domain acl ( if not all users have a CIDR
> attribute set.  ).  It would appear that adding a CIDR range to the domains
> ACL would cause any user without a CIDR to not be challenged for
> authentication, and will therefor never be treated as internal (or whatever
> their user_context is set to).
>
>
>
>
>
>
>
> *From:* FreeSWITCH-users [mailto:
> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Brian West
> *Sent:* Saturday, November 26, 2022 11:45 AM
> *To:* FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> *Subject:* Re: [Freeswitch-users] Conflicting settings in SIP profile in
> vanilla demo
>
>
>
> I see no cidr definition on that user.
>
>
>
> On Thu, Nov 24, 2022 at 1:43 PM TTT <lists at telium.io> wrote:
>
> The user (1019) is exactly as provided in the vanilla condif.  The
> user_context value is set as expected in the definition.
>
>
>
> <include>
>
>   <user id="1019">
>
>     <params>
>
>       <param name="password" value="$${default_password}"/>
>
>       <param name="vm-password" value="1019"/>
>
>     </params>
>
>     <variables>
>
>       <variable name="toll_allow" value="domestic,international,local"/>
>
>       <variable name="accountcode" value="1019"/>
>
>       <variable name="user_context" value="default"/>
>
>       <variable name="effective_caller_id_name" value="Extension 1019"/>
>
>       <variable name="effective_caller_id_number" value="1019"/>
>
>       <variable name="outbound_caller_id_name"
> value="$${outbound_caller_name}"/>
>
>       <variable name="outbound_caller_id_number"
> value="$${outbound_caller_id}"/>
>
>       <variable name="callgroup" value="techsupport"/>
>
>     </variables>
>
>   </user>
>
> </include>
>
>
>
>
>
> *From:* FreeSWITCH-users [mailto:
> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Brian West
> *Sent:* Wednesday, November 23, 2022 11:09 AM
> *To:* FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> *Subject:* Re: [Freeswitch-users] Conflicting settings in SIP profile in
> vanilla demo
>
>
>
> what does your user's entry look like??
>
>
>
> On Wed, Nov 23, 2022 at 10:00 AM TTT <lists at telium.io> wrote:
>
> After a few days on this topic my head is spinning (and I’ve read the
> Packt book and the wiki). And I’m using the vanilla demo only.  Maybe if I
> break this down you could confirm my understanding:
>
>
>
> 1.       The ‘domains’ acl is a list of IP addresses/ranges creating by
> reading from the users directory (from users who have a CIDR set).  It’s a
> list of those found CIDR’s.
>
> 2.       I can add an IP range to the domains acl by adding an allow node
> with cidr in the acl definition
>
> 3.       If a user registers from an IP matching the domains ACL, they
> are automatically authenticated, and their vars & params from the user
> definition are applied
>
>
>
> Then why if that user tries to dial 5000 are they put into the public
> context (even though their variables, including user_context, were applied
> when they autoregistered)?  Their user_context is set to default in the
> user definition.
>
>
>
> Something in my chain of logic above must be wrong
>
>
>
> *From:* FreeSWITCH-users [mailto:
> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Brian West
> *Sent:* Wednesday, November 23, 2022 9:12 AM
> *To:* FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> *Subject:* Re: [Freeswitch-users] Conflicting settings in SIP profile in
> vanilla demo
>
>
>
> you're not setting the user_context in the variables that matches the
> cidr= attribute from the user in the directory.
>
>
>
> You can also call set_user to make it apply in the dialplan if needed also.
>
>
>
> /b
>
>
>
>
>
> On Tue, Nov 22, 2022 at 6:13 PM TTT <lists at telium.io> wrote:
>
> When a user is autoauthenticated, do the variables from the user profile
> get applied?  Or does that happen only during true authentication?
>
>
>
> I’m trying to explain a strange behavior of a user being processed in the
> wrong dialplan context if I add the user’s subnet to the ‘domains’ acl as a
> cidr.  (A separate post topic)
>
>
>
>
>
> *From:* FreeSWITCH-users [mailto:
> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Ken Rice
> *Sent:* Tuesday, November 22, 2022 6:48 PM
> *To:* FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> *Subject:* Re: [Freeswitch-users] Conflicting settings in SIP profile in
> vanilla demo
>
>
>
> no, it means users that match the acl are auto authenticated.
>
> Sent from my iPhone
>
>
>
> On Nov 22, 2022, at 14:53, TTT <lists at telium.io> wrote:
>
> 
>
> I am working with a simple FreeSWITCH installation, with the vanilla demo
> configuration. I see that the Internal SIP profile contains:
>
>
>
>   <param name="apply-inbound-acl" value="domains"/>
>
>   <param name="auth-calls" value="$${internal_auth_calls}"/>
>
>
>
> The first line means that if a caller's IP is on the 'domains' list that
> they do NOT need to authenticate. The second line means that in order to
> use this SIP profile the user MUST be authenticated (internal_auth_calls is
> true).
>
>
>
> Aren't these two lines contradictory? Why allow a user to not authenticate
> for this SIP profile, and then say they must authenticate to use this SIP
> profile?
>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
>
>
>
>
> --
>
>
>
> Brian West | Co-founder and Developer
>
> Need Commercial support? email sales at freeswitch.com
>
> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>
> Email: brian at freeswitch.com
>
> Mobile: 918-424-9378
>
> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>
> [image: Image removed by sender.
> https://www.facebook.com/signalwireinc?src=email]
> <https://www.facebook.com/freeswitch>[image: Image removed by sender.
> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
>
>
>
>
> --
>
>
>
> Brian West | Co-founder and Developer
>
> Need Commercial support? email sales at freeswitch.com
>
> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>
> Email: brian at freeswitch.com
>
> Mobile: 918-424-9378
>
> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>
> [image: Image removed by sender.
> https://www.facebook.com/signalwireinc?src=email]
> <https://www.facebook.com/freeswitch>[image: Image removed by sender.
> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
>
>
>
>
> --
>
>
>
> Brian West | Co-founder and Developer
>
> Need Commercial support? email sales at freeswitch.com
>
> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>
> Email: brian at freeswitch.com
>
> Mobile: 918-424-9378
>
> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>
> [image: Image removed by sender.
> https://www.facebook.com/signalwireinc?src=email]
> <https://www.facebook.com/freeswitch>[image: Image removed by sender.
> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
>


-- 

Brian West | Co-founder and Developer

Need Commercial support? email sales at freeswitch.com

FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
<https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>

Email: brian at freeswitch.com

Mobile: 918-424-9378

Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>

[image: https://www.facebook.com/signalwireinc?src=email]
<https://www.facebook.com/freeswitch> [image:
https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20221126/ba79cf28/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 344 bytes
Desc: not available
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20221126/ba79cf28/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 344 bytes
Desc: not available
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20221126/ba79cf28/attachment-0003.jpg>


More information about the FreeSWITCH-users mailing list