<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" id="owaParaStyle"></style>
</head>
<body fpstyle="1" ocsi="0">
<div style="direction: ltr;font-family: Times New Roman;color: #000000;font-size: 10pt;">
You know, I actually just figured it out myself just a couple hours ago.... but I'm gonna give your method a shot too since I haven't played with ACLs yet and that would give me a chance to.
<div><br>
</div>
<div>I discovered that the problem was actually how I'd setup Vitelity to route to the server. I didn't realize this before, but in Vitelity, you can either route to the server IP address to allow IP based authentication OR you can route to the account login
name that the trunk is being registered with. The former was giving errors since I didn't have that account setup, whereas the latter worked with no problem. I'm guessing this is because with the IP based auth method, Vitelity connects to port 5060 (can't
change this), which is taken as Freeswitch's default internal profile port (requires authentication) instead of port 5080 (the public profile with doesn't require authentication?), and since there was no internal user for what Vitelity was sending essentially
unsolicited on 5060, it got denied. As to why it works by routing to the registered account login name I'm not sure, but perhaps that's part of what registration does; it sends to the public profile by default...? </div>
<div><br>
</div>
<div>Anyway, thanks for all the help! Great to see such an active and helpful list with something I'll need a lot of help with!</div>
<div><br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div id="divRpF669561" style="direction: ltr; "><font face="Tahoma" size="2" color="#000000"><b>From:</b> freeswitch-users-bounces@lists.freeswitch.org [freeswitch-users-bounces@lists.freeswitch.org] on behalf of Michael Collins [msc@freeswitch.org]<br>
<b>Sent:</b> Monday, April 15, 2013 7:15 PM<br>
<b>To:</b> FreeSWITCH Users Help<br>
<b>Subject:</b> Re: [Freeswitch-users] Newbie question about inbound calls/NAT (yes I checked wiki first:-) )<br>
</font><br>
</div>
<div></div>
<div>For inbound calls you can skip the authentication by adding the source IP address to the "domains" section of conf/autoload_configs/acl.conf.xml. This will prevent FreeSWITCH from challenging the inbound call if it comes from that IP address. This is more
desirable than disabling call authentication altogether in your SIP profile. (i.e. you are allowing only a specific IP address to come in unauth'd as opposed to letting the whole world in!)<br>
<br>
Find out the source IP address for your Vitelity SIP traffic and add it to the acl.conf.xml file in the "domains" section. It will be something like this:<br>
<br>
<node type="allow" cidr="<a href="http://1.2.3.4/32" target="_blank">1.2.3.4/32</a>"/><br>
<br>
After you save that go to fs_cli and type "reloadacl". NOTE: simply doing a "reloadxml" is not sufficient to make the new ACL entry take effect. ("reloadxml" simply reloads the XML config; "reloadacl" does a reloadxml and then reloads the ACL entries.)<br>
<br>
Hope this helps.<br>
-MC<br>
<br>
<div class="gmail_quote">On Mon, Apr 15, 2013 at 12:30 AM, Jeff Bernhardt <span dir="ltr">
<<a href="mailto:jeff@askcornerstone.net" target="_blank">jeff@askcornerstone.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
<div>
<div style="direction:ltr; font-size:10pt; font-family:Times New Roman">Thanks. I had a look at the links and changed "domain and even "domain_name" in vars.xml to be the external ip, but the error now just says it can's find user
<a href="mailto:abcd_1.2.3.4@1.2.3.4" target="_blank">abcd_1.2.3.4@1.2.3.4</a> instead of @<a href="http://192.168.10.32" target="_blank">192.168.10.32</a>.
<div><br>
</div>
<div>And actually, I 'm mostly confused because I thought incoming calls were treated as unauthenticated and allowed to pass through. Isn't registering the trunk with the SIP provider enough to get incoming calls accepted? </div>
<div><br>
</div>
<div>The errors says "...you must configure your device to use the proper domain in it's authentication credentials," but how is the SIP trunk treated as a device?</div>
<div><br>
</div>
<div>Like I said, I think I'm misunderstanding something fundamental about this.</div>
<div><br>
</div>
<div>Thanks you.</div>
<div><br>
<div style="font-size:16px; font-family:Times New Roman">
<hr>
<div style="direction:ltr"><font color="#000000" face="Tahoma"><b>From:</b> <a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">
freeswitch-users-bounces@lists.freeswitch.org</a> [<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>] on behalf of Cal Leeming [Simplicity Media Ltd] [<a href="mailto:cal.leeming@simplicitymedialtd.co.uk" target="_blank">cal.leeming@simplicitymedialtd.co.uk</a>]<br>
<b>Sent:</b> Sunday, April 14, 2013 3:38 PM<br>
<b>To:</b> FreeSWITCH Users Help<br>
<b>Subject:</b> Re: [Freeswitch-users] Newbie question about inbound calls/NAT (yes I checked wiki first:-) )<br>
</font><br>
</div>
<div>
<div class="h5">
<div></div>
<div>Hello Jeff,
<div><br>
</div>
<div>Here is a related thread;</div>
<div><a href="http://freeswitch-users.2379917.n2.nabble.com/You-must-define-a-domain-called-xx-com-in-your-directory-td7585944.html" target="_blank">http://freeswitch-users.2379917.n2.nabble.com/You-must-define-a-domain-called-xx-com-in-your-directory-td7585944.html</a></div>
<div><a href="http://lists.freeswitch.org/pipermail/freeswitch-users/2008-September/006232.html" target="_blank">http://lists.freeswitch.org/pipermail/freeswitch-users/2008-September/006232.html</a></div>
<div><br>
</div>
<div>You need to configure your domain and username, but as you can see here your gateway/users are sending the domain '192.168.10.32', but you have not configured this domain in sofia.conf.</div>
<div><br>
</div>
<div>If you are using multi-tenant then you'll need to put some more thought into how you're going to approach this.</div>
<div><br>
</div>
<div>If you are not using multi-tenant (i.e. one domain only) then you could force the domain as discussed here;</div>
<div><a href="http://www.feedingedge.co.uk/blog/2010/08/03/techie-post-opensim-and-freeswitch-problems/" target="_blank">http://www.feedingedge.co.uk/blog/2010/08/03/techie-post-opensim-and-freeswitch-problems/</a></div>
<div><br>
</div>
<div>Hope this helps</div>
<div><br>
</div>
<div>Cal</div>
<div><br>
<div class="gmail_quote">On Sun, Apr 14, 2013 at 10:36 AM, Jeff Bernhardt <span dir="ltr">
<<a href="mailto:jeff@askcornerstone.net" target="_blank">jeff@askcornerstone.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
<div>
<div style="direction:ltr; font-size:10pt; font-family:Times New Roman">Setting up my first test box with Freeswitch. I'm really excited about getting it up and running.
<div><br>
</div>
<div>I'm trying to get inbound calls working from external using a Vitelity trunk. Let's say my username from Vitelity is "abcd_efg" and password is "password," external IP is 1.2.3.4 and internal is 192.168.10.32. I get registered to Vitelity fine (their
web panel shows I'm registered and fs_cli confirms). However, when I make a call inbound, I get:
<div><br>
</div>
<div>[WARNING] sofia_reg.c:2621 Can't find user [<a href="mailto:abcd_1.2.3.4@192.168.10.32" target="_blank">abcd_1.2.3.4@192.168.10.32</a>] from <vitelity-inbound-trunk-ip></div>
<div>You must define a domain called '192.168.10.32' in your directory and add a user with the id="abcd_1.2.3.4" attribute</div>
<div><span style="font-size:10pt">and you must configure your device to use the proper domain in it's authentication credentials.</span> </div>
<div><br>
</div>
<div>I don't know if this is related, but to get around NAT, I have this in vars.xml:</div>
<div><X-PRE-PROCESS cmd="set" data="external_rtp_ip=1.2.3.4"/></div>
<div><X-PRE-PROCESS cmd="set" data="external_sip_ip=1.2.3.4"/></div>
<div><br>
</div>
<div>and this in both internal.xml and external.xml:</div>
<div>
<div><param name="ext-rtp-ip" value="$${external_rtp_ip}"/></div>
<div><param name="ext-sip-ip" value="$${external_sip_ip}"/></div>
</div>
<div><br>
</div>
<div><span style="font-size:10pt">I have a feeling I've misunderstood something fundamental about setting up Freeswitch for inbound access. I've put in the above configs as per what I've found in the wiki, but I'm not sure how to do what the warning says or
if it really means I have something not setup right. What am I doing wrong?</span></div>
<div><span style="font-size:10pt"><br>
</span></div>
<div><span style="font-size:10pt">Thank you.</span></div>
</div>
</div>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
Michael S Collins<br>
Twitter: @mercutioviz<br>
<a href="http://www.FreeSWITCH.org" target="_blank">http://www.FreeSWITCH.org</a><br>
<a href="http://www.ClueCon.com" target="_blank">http://www.ClueCon.com</a><br>
<a href="http://www.OSTAG.org" target="_blank">http://www.OSTAG.org</a><br>
<br>
</div>
</div>
</div>
</div>
</body>
</html>