So one approach could be to only transfer calls with the user_exists condition fulfilled?<div><br></div><div>And when I've placed my dial plan for the sip gateway in my internal context then outsiders shouldn't be able make such calls.</div><div><br></div><div>Is that correct understood?</div><div><div><br>On Monday, September 21, 2015, Stanislav Sinyagin <<a href="mailto:ssinyagin@gmail.com">ssinyagin@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">well, if you blindly transfer an unauthenticated call from public<br>
context into the default context, you may get a hefty bill at the end<br>
of the month :)<br>
<br>
<br>
<br>
On Mon, Sep 21, 2015 at 11:28 AM, Michael Nielsen <<a href="javascript:;" onclick="_e(event, 'cvml', 'mic.niel84@gmail.com')">mic.niel84@gmail.com</a>> wrote:<br>
> Hi Stanislav,<br>
><br>
> Thank you. I'll follow that tutorial.<br>
><br>
> One thing, my way of knowing whether to route to other FS user or to the<br>
> pstn gw is to use the user_exists condition.<br>
> My users ids are e.164 numbers so they match numbers for use with the pstn<br>
> gw.<br>
><br>
> If I place that in the internal dial plan in default context, will that<br>
> expose a security issues or should that be fine?<br>
><br>
><br>
> On Monday, September 21, 2015, Stanislav Sinyagin <<a href="javascript:;" onclick="_e(event, 'cvml', 'ssinyagin@gmail.com')">ssinyagin@gmail.com</a>><br>
> wrote:<br>
>><br>
>> You can split the inbound and outbound calls for your registered users<br>
>> into different contexts, and that will ensure that calls from outside are<br>
>> not sent to PSTN in an uncontrolled way. See an example here:<br>
>><br>
>><br>
>> <a href="https://github.com/voxserv/freeswitch_conf_minimal/blob/master/docs/tutorial_01_simple_pbx.md" target="_blank">https://github.com/voxserv/freeswitch_conf_minimal/blob/master/docs/tutorial_01_simple_pbx.md</a><br>
>><br>
>> In your public context, you match the calks from the gsm gateway and<br>
>> transfer them to an extension in one if your internal contexts.<br>
>><br>
>> On Sep 20, 2015 6:59 PM, "Michael Nielsen" <<a href="javascript:;" onclick="_e(event, 'cvml', 'mic.niel84@gmail.com')">mic.niel84@gmail.com</a>> wrote:<br>
>>><br>
>>> I've tried different scenarios.<br>
>>> One was to put all my dial plans in public context. This worked, but of<br>
>>> course opened up a lot of security issues.<br>
>>><br>
>>> My thoughts are now to have all my dial plans in the default context, so<br>
>>> only registered users can dial them, but also have one single dial plan in<br>
>>> the public context for transferring incoming calls to the default dial plan.<br>
>>><br>
>>> BUT will this not still open up for security issues?<br>
>>><br>
>>> I currently see calls in my cdr csv made from user 100 even though no<br>
>>> such user exists!?<br>
>>><br>
>>> How can one be sure that calls are only made from registered and<br>
>>> authenticated users in FS?<br>
>>><br>
>>> On Wednesday, September 16, 2015, Bote Man <<a href="javascript:;" onclick="_e(event, 'cvml', 'bote_radio@botecomm.com')">bote_radio@botecomm.com</a>><br>
>>> wrote:<br>
>>>><br>
>>>> This is the job of the dialplan. The example entries that are included<br>
>>>> with the vanilla FS config provide guidance, but in my particular case I had<br>
>>>> to test on a different SIP field than the vanilla config was looking for.<br>
>>>><br>
>>>><br>
>>>><br>
>>>> My inbound calls from CallCentric put the destination number (DID) in<br>
>>>> sip_to_user so my dialplan test condition reads:<br>
>>>><br>
>>>> <condition field="${sip_to_user}" expression="^(12345678900)$"><br>
>>>><br>
>>>><br>
>>>><br>
>>>> I had to read the FS debug logs to see what it was seeing, and then<br>
>>>> adjust my dialplan accordingly.<br>
>>>><br>
>>>><br>
>>>><br>
>>>> If you have many FS users you might consider looking up the directory<br>
>>>> entries with XML as is typically done.<br>
>>>><br>
>>>><br>
>>>><br>
>>>> Here is a good place to start for more information:<br>
>>>><br>
>>>> <a href="https://freeswitch.org/confluence/display/FREESWITCH/Dialplan" target="_blank">https://freeswitch.org/confluence/display/FREESWITCH/Dialplan</a><br>
>>>><br>
>>>><br>
>>>><br>
>>>> Hope this helps.<br>
>>>><br>
>>>><br>
>>>><br>
>>>> Bote<br>
>>>><br>
>>>><br>
>>>><br>
>>>><br>
>>>><br>
>>>> From: <a href="javascript:;" onclick="_e(event, 'cvml', 'freeswitch-users-bounces@lists.freeswitch.org')">freeswitch-users-bounces@lists.freeswitch.org</a><br>
>>>> [mailto:<a href="javascript:;" onclick="_e(event, 'cvml', 'freeswitch-users-bounces@lists.freeswitch.org')">freeswitch-users-bounces@lists.freeswitch.org</a>] On Behalf Of Michael<br>
>>>> Nielsen<br>
>>>> Sent: Wednesday, 16 September, 2015 08:33<br>
>>>> To: FreeSWITCH Users Help<br>
>>>> Subject: [Freeswitch-users] Call FS users from external gateway.<br>
>>>><br>
>>>><br>
>>>><br>
>>>> I've got my users in FS in /directory/users.xml in a certain domain and<br>
>>>> user-context = public.<br>
>>>><br>
>>>> I've got my FS hooked up to a SIP gateway for connection to the<br>
>>>> GSM-world.<br>
>>>><br>
>>>><br>
>>>><br>
>>>> I'm able to route calls to my SIP gateway for outbound calls, but<br>
>>>> incoming calls to my FS from the GSM-world does not get routed to my users<br>
>>>> in FS.<br>
>>>><br>
>>>><br>
>>>><br>
>>>> My users have the ID's "+4412345678", and incoming calls from my SIP<br>
>>>> gateway does contain +<a href="javascript:;" onclick="_e(event, 'cvml', '4412345678@my-sip-gateway-domain.com')">4412345678@my-sip-gateway-domain.com</a><br>
>>>><br>
>>>><br>
>>>><br>
>>>> I guess I need to tell FS somehow that incoming calls from my SIP<br>
>>>> gateway should match my user IDs in users from my /directory/users.xml.<br>
>>>><br>
>>>><br>
>>>><br>
>>>> But how to I do this?<br>
>>><br>
>>><br>
>>> _________________________________________________________________________<br>
>>> Professional FreeSWITCH Consulting Services:<br>
>>> <a href="javascript:;" onclick="_e(event, 'cvml', 'consulting@freeswitch.org')">consulting@freeswitch.org</a><br>
>>> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
>>><br>
>>> Official FreeSWITCH Sites<br>
>>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>>> <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
>>> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
>>><br>
>>> FreeSWITCH-users mailing list<br>
>>> <a href="javascript:;" onclick="_e(event, 'cvml', 'FreeSWITCH-users@lists.freeswitch.org')">FreeSWITCH-users@lists.freeswitch.org</a><br>
>>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
><br>
><br>
> _________________________________________________________________________<br>
> Professional FreeSWITCH Consulting Services:<br>
> <a href="javascript:;" onclick="_e(event, 'cvml', 'consulting@freeswitch.org')">consulting@freeswitch.org</a><br>
> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
> <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-users mailing list<br>
> <a href="javascript:;" onclick="_e(event, 'cvml', 'FreeSWITCH-users@lists.freeswitch.org')">FreeSWITCH-users@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="javascript:;" onclick="_e(event, 'cvml', 'consulting@freeswitch.org')">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="javascript:;" onclick="_e(event, 'cvml', 'FreeSWITCH-users@lists.freeswitch.org')">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div></div>