<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
The profile config:<br>
<br>
<profile name="internal"><br>
<br>
<aliases><br>
<br>
</aliases><br>
<br>
<gateways><br>
<X-PRE-PROCESS cmd="include" data="internal/*.xml"/><br>
</gateways><br>
<br>
<domains><br>
<domain name="all" alias="true" parse="false"/> <br>
</domains><br>
<br>
<settings><br>
<br>
<param name="debug" value="1"/><br>
<br>
<param name="sip-trace" value="yes"/><br>
<param name="sip-capture" value="no"/><br>
<br>
<param name="watchdog-enabled" value="no"/><br>
<param name="watchdog-step-timeout" value="30000"/><br>
<param name="watchdog-event-timeout" value="30000"/><br>
<br>
<param name="log-auth-failures" value="true"/><br>
<param name="forward-unsolicited-mwi-notify"
value="false"/><br>
<br>
<param name="context" value="public"/><br>
<param name="rfc2833-pt" value="101"/><br>
<br>
<param name="sip-port" value="$${internal_sip_port}"/><br>
<param name="dialplan" value="XML"/><br>
<param name="dtmf-duration" value="2000"/><br>
<param name="inbound-codec-prefs"
value="$${global_codec_prefs}"/><br>
<param name="outbound-codec-prefs"
value="$${global_codec_prefs}"/><br>
<param name="rtp-timer-name" value="soft"/><br>
<param name="rtp-ip" value="$${local_ip_v4}"/><br>
<param name="sip-ip" value="$${local_ip_v4}"/><br>
<param name="hold-music" value="$${hold_music}"/><br>
<param name="apply-nat-acl" value="nat.auto"/><br>
<br>
<param name="enable-timer" value="true"/><br>
<br>
<param name="apply-inbound-acl" value="domains"/><br>
<br>
<param name="local-network-acl" value="localnet.auto"/><br>
<br>
<param name="send-message-query-on-register"
value="false"/><br>
<br>
<param name="record-path" value="$${recordings_dir}"/><br>
<param name="record-template"
value="${caller_id_number}.${target_domain}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/><br>
<br>
<param name="manage-presence" value="true"/><br>
<br>
<param name="presence-hosts"
value="$${domain},$${local_ip_v4}"/><br>
<param name="presence-privacy"
value="$${presence_privacy}"/><br>
<br>
<param name="inbound-codec-negotiation" value="generous"/><br>
<br>
<param name="tls" value="$${internal_ssl_enable}"/><br>
<param name="tls-only" value="false"/><br>
<param name="tls-bind-params" value="transport=tls"/><br>
<param name="tls-sip-port" value="$${internal_tls_port}"/><br>
<param name="tls-cert-dir" value="$${internal_ssl_dir}"/><br>
<param name="tls-passphrase" value=""/><br>
<br>
<param name="tls-verify-date" value="true"/><br>
<br>
<param name="tls-verify-policy" value="none"/><br>
<param name="tls-verify-depth" value="2"/><br>
<br>
<param name="tls-verify-in-subjects" value=""/><br>
<br>
<param name="tls-version" value="$${sip_tls_version}"/><br>
<br>
<param name="inbound-late-negotiation" value="true"/><br>
<br>
<param name="nonce-ttl" value="60"/><br>
<br>
<param name="auth-calls" value="$${internal_auth_calls}"/><br>
<param name="inbound-reg-force-matching-username"
value="true"/><br>
<param name="auth-all-packets" value="false"/><br>
<param name="ext-rtp-ip" value="auto-nat"/><br>
<param name="ext-sip-ip" value="auto-nat"/><br>
<param name="rtp-timeout-sec" value="300"/><br>
<param name="rtp-hold-timeout-sec" value="1800"/><br>
<br>
<param name="challenge-realm" value="auto_from"/><br>
<br>
</settings><br>
</profile><br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 15.06.2015 11:26, Steven Ayre wrote:<br>
</div>
<blockquote
cite="mid:CAFiqYunfd72fpBy5=EfgcEZ3HRoMafQ2R+7U=PkZJ32juosBQA@mail.gmail.com"
type="cite">
<div dir="ltr">1.2.11 is incredibly old, it's unsupported now and
its age means there are a lot of bugs in it that are fixed in
the latest versions. That includes performance, functionality
and security bugs. I understand it's a production server but it
would be well worth planning regular updates.
<div><br>
</div>
<div>That said, perhaps you can show us the entire profile
config? Perhaps there's an XML error elsewhere preventing the
parameter being read. And are you sure the profile you set it
on is the same as the one receiving the packets?</div>
<div><br>
</div>
<div><br>
<div><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 15 June 2015 at 07:27, Густаво
Силва <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:gfs@etherway.ru" target="_blank">gfs@etherway.ru</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> I have checked
in the sofia_reg.c code of the freeswitch 1.2.11
version, and this is available for this version.<br>
<br>
if (auth_res != AUTH_OK && auth_res !=
AUTH_RENEWED && !stale) {<br>
if (auth_res ==
AUTH_FORBIDDEN) {<br>
nua_respond(nh,
SIP_403_FORBIDDEN,
NUTAG_WITH_THIS_MSG(de->data->e_msg),
TAG_END());<br>
forbidden = 1;<br>
} else {<br>
nua_respond(nh,
SIP_401_UNAUTHORIZED,
NUTAG_WITH_THIS_MSG(de->data->e_msg),
TAG_END());<br>
}<br>
<br>
if (profile->debug) {<br>
switch_log_printf(SWITCH_CHANNEL_LOG,
SWITCH_LOG_DEBUG, "Send %s for [%s@%s]\n",<br>
forbidden ? "forbidden" : "challenge", to_user,
to_host);<br>
}<br>
/* Log line added to support
Fail2Ban */<br>
if
(sofia_test_pflag(profile, PFLAG_LOG_AUTH_FAIL)) {<br>
switch_log_printf(SWITCH_CHANNEL_LOG,
SWITCH_LOG_WARNING, "<font color="#ff0000">SIP auth
%s (%s) on sofia profile '%s' "<br>
"for [%s@%s] from ip %s\n", forbidden ? "failure"</font>
: "challenge",<br>
(regtype == REG_INVITE) ? "INVITE" : "REGISTER",
profile->name, to_user, to_host, network_ip);<br>
}<br>
<br>
I am just getting this in the log file. I am
avoiding to update cause this server is in
production environment. <br>
<br>
Somehow it is not processing the last "if"
statement.
<div>
<div><br>
<br>
<div>On 11.06.2015 17:19, Michael Jerris wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>You should start with trying our most
recent release 1.4.19<span></span><br>
<br>
On Thursday, June 11, 2015, Густаво Силва <<a
moz-do-not-send="true"
href="mailto:gfs@etherway.ru"
target="_blank">gfs@etherway.ru</a>>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hello
Guys,<br>
<br>
I am trying to log the attempts and
failures of the authentication process but
I am not able to get the log as described
in the freeswitch site.<br>
<br>
I have already set my profile to log it by
doing:<br>
<pre style="margin:10px 0px 0px;padding:0px;color:rgb(51,51,51);font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:20px;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;background-color:rgb(255,255,255)"><param name="log-auth-failures" value="true"/>
</pre>
and I reloaded the sofia mod.<br>
<br>
I should get in the freeswitch log, "SIP
auth challenge" or "SIP auth failure", but
I am getting only "Send challenge for" and
"Send forbidden for" if the authentication
fails.<br>
<br>
I am using the freeswitch version 1.2.11.<br>
<br>
What else should I do?<br>
<br>
Regards,<br>
Gustavo<br>
<br>
<br>
</div>
</blockquote>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a moz-do-not-send="true" href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a moz-do-not-send="true" href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>
Official FreeSWITCH Sites
<a moz-do-not-send="true" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a moz-do-not-send="true" href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a>
<a moz-do-not-send="true" href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a moz-do-not-send="true" href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a moz-do-not-send="true" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></pre>
</blockquote>
<br>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org"
target="_blank">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com"
rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org" rel="noreferrer"
target="_blank">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://confluence.freeswitch.org"
rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.cluecon.com" rel="noreferrer"
target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org"
target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org" rel="noreferrer"
target="_blank">http://www.freeswitch.org</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a></pre>
</blockquote>
<br>
</body>
</html>