<div dir="ltr">In log you can see invite arrived from IP address 91.121.129.20<div>Change IP <a href="http://10.7.1.60/32">10.7.1.60/32</a> to <a href="http://91.121.129.20/32">91.121.129.20/32</a></div><div><br></div><div><span style="font-size:12.8000001907349px">I'm not sure to understand why i should use a so strange trick. Using "internal" profile for external trunk can't be a security leak ?</span></div><div>It is not problem. In this case profile used for authenticate call by user "provider_gw1". Real call processing executed in dialplan "provider_inbound_calls". In this dialplan you can allow one DID number and block all other.</div><div><br></div><div><span style="font-size:12.8000001907349px">If my provider change something about the 10.7.6.60 gateway, the trunk will no longer work until i update my configuration ?</span><br></div><div>If provider can configure username and password for DID call authentication you can remove "cird" attribute.</div><div>If username and password can't be configured, then say me how much DID number provider assigned for you.</div><div><br></div><div>Sergey</div><div> </div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, May 2, 2015 at 7:52 PM, Tanguy <span dir="ltr"><<a href="mailto:phenix@vfemail.net" target="_blank">phenix@vfemail.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Hello<br>
<br>
I'm not sure to understand why i should use a so strange trick.
Using "internal" profile for external trunk can't be a security leak
? If my provider change something about the 10.7.6.60 gateway, the
trunk will no longer work until i update my configuration ?<br>
<br>
Nevertheless i tried to apply your advice, so i moved by gateway in
internal profile and i created a new user<br>
<tt><br>
/usr/local/freeswitch/conf/dialplan/provider_inbound_calls/user.xml
<br>
<br>
<include><br>
<user id="provider_gw1" cidr="<a href="http://10.7.1.60/32" target="_blank">10.7.1.60/32</a>" > <br>
<params><br>
<param name="password" value="xxxxxx"/><br>
</params><br>
</user><br>
<variables><br>
<variable name="user_context"
value="provider_inbound_calls"/><br>
</variables><br>
<br>
</include></tt><br>
<br>
Unfortunately it did not work, but i have the good DID number in
[<a href="mailto:0557590xxx@10.7.1.60" target="_blank">0557590xxx@10.7.1.60</a>]<br>
<tt><br>
2015-05-02 18:30:15.940354 [DEBUG] sofia.c:9015 IP 91.121.129.20
Rejected by acl "domains". Falling back to Digest auth.<br>
2015-05-02 18:30:15.940354 [WARNING] sofia_reg.c:2827 Can't find
user [<a href="mailto:anonymous@10.7.1.60" target="_blank">anonymous@10.7.1.60</a>] from 91.121.129.20<br>
You must define a domain called '10.7.1.60' in your directory and
add a user with the id="anonymous" attribute<br>
and you must configure your device to use the proper domain in
it's authentication credentials.<br>
2015-05-02 18:30:15.940354 [WARNING] sofia_reg.c:1687 SIP auth
failure (INVITE) on sofia profile 'internal' for <b>[<a href="mailto:0557590xxx@10.7.1.60" target="_blank">0557590xxx@10.7.1.60</a>]
</b>from ip 91.121.129.20<br>
2015-05-02 18:30:15.940354 [DEBUG] switch_core_session.c:1061 Send
signal <a href="mailto:sofia/internal/0967212xxx@sip.ovh.fr" target="_blank">sofia/internal/0967212xxx@sip.ovh.fr</a> [BREAK]<br>
2015-05-02 18:30:15.940354 [NOTICE] sofia.c:2063 Hangup
<a href="mailto:sofia/internal/0967212xxx@sip.ovh.fr" target="_blank">sofia/internal/0967212xxx@sip.ovh.fr</a> [CS_NEW] [CALL_REJECTED]<br>
<br>
<br>
</tt><br>
Just for fun i created a user anonymous in domain 10.7.1.60 and
reloaded with reloadxml but i still have the same message.<br>
<br>
<tt>/usr/local/freeswitch/conf/dialplan/<a href="http://10.7.1.60/user.xml" target="_blank">10.7.1.60/user.xml</a> <br>
<br>
<include><br>
<user id="anonymous" cidr="<a href="http://10.7.1.60/32" target="_blank">10.7.1.60/32</a>" > <br>
<params><br>
<param name="password" value="xxxxx"/><br>
</params><br>
</user><br>
<variables><br>
<variable name="user_context" value="10.7.1.60"/><br>
</variables><br>
</include></tt><br>
<br>
<br>
<br>
<br>
Thanks<span class=""><br>
<br>
<br>
On 02/05/2015 08:17, Sergey Safarov wrote:
<blockquote type="cite">
<div dir="ltr">Try
<div>1) link gateway to "internal" profile;</div>
<div>2) create dialplan with name "provider_inbound_calls" and
add required extensions;</div>
<div>3) create user "provider_gw1" in directory with
attribute cidr="<a href="http://10.7.1.60/32" target="_blank">10.7.1.60/32</a>" (value from you
example), with random value in param "password",
and "provider_inbound_calls" value
in variable "user_context" </div>
<div>After it you can make inbound call from.</div>
<div>If provider has several gateways, add user record in
directory for each gateway.</div>
<div><br>
</div>
<div>Sergey</div>
<div><br>
</div>
</div>
<br>
</blockquote>
<br>
</span></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>