<p dir="ltr">Then you just limit the access on your external profile - by IP addresses or sip header fields.</p>
<div class="gmail_quote">On 12 Oct 2015 13:48, "Michael Nielsen" <<a href="mailto:mic.niel84@gmail.com">mic.niel84@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>My reason for this kind of issue is that I have a case where users are charged for incoming calls...<br><br></div>So I want to make sure, that ONLY registrered users and my SIP gateway can make calls with our FreeSWITCH.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 12, 2015 at 1:18 PM, Michael Nielsen <span dir="ltr"><<a href="mailto:mic.niel84@gmail.com" target="_blank">mic.niel84@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>I see that scenario make sense.<br></div>But what if I only want to have registered users call each other?<br></div><br></div>I've tried with external_auth_calls=true in vars.xml, but that still allow completely external parties to call me...<br><br><br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 8, 2015 at 9:44 AM, Stanislav Sinyagin <span dir="ltr"><<a href="mailto:ssinyagin@gmail.com" target="_blank">ssinyagin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">actually typically you don't want to limit your inbound calls.<br>
<br>
For example, I get a Twilio PSTN number 1555123456, and configure<br>
twilio to send the calls to <a href="http://sip.example.com:5080" rel="noreferrer" target="_blank">sip.example.com:5080</a>. So, FreeSWITCH will<br>
receive the calls in public context.<br>
<br>
Now, what I can do is give my SIP URI<br>
(<a href="http://1555123456@sip.example.com:5080" rel="noreferrer" target="_blank">1555123456@sip.example.com:5080</a>) to third parties -- for example,<br>
register it at some ENUM directories. Or maybe my overseas partner<br>
configures their PBX to send calls to me directly via Internet,<br>
instead of sending it to their local PSTN.<br>
<br>
So, what you need to make sure is that you only accept calls to your<br>
own numbers in public context. If you receive an unauthenticated call<br>
for some arbitrary destination number, it should be rejected (you<br>
don't really want to send it to PSTN, do you?).<br>
<br>
If there's only a small quantity of PSTN numbers landing on your<br>
FreeSWITCH, you can simply configure a sequence of condition<br>
statements in the public context. If your setup is bigger, there are<br>
many ways to look up the number in some database and make a decision<br>
where to route it. One of the simplest ways is to have your directory<br>
users, one per DID, and use "user_exists" call to check if this is our<br>
number.<br>
<br>
I don't see much of a reason in sending inbound calls to the internal<br>
profile (port 5060) and making an exclusion ACL to disable the<br>
authentication. It only makes things complex and it doesn't add<br>
security.<br>
<span><br>
<br>
<br>
<br>
<br>
<br>
<br>
On Wed, Oct 7, 2015 at 5:15 PM, Gonzalo Gasca Meza<br>
<<a href="mailto:gascagonzalo@gmail.com" target="_blank">gascagonzalo@gmail.com</a>> wrote:<br>
</span><div><div>> I have a SIP Provider which has 4 IP addresses in US. They send SIP calls<br>
> from any of those 4 IPs to my Freeswitch. **They do not require<br>
> authentication, nor SIP Trunk registration, just purely send a SIP INVITE**<br>
><br>
> Incoming calls work fine except that I want to assign a context when I<br>
> receive an incoming call from this ITSP at gateway level.<br>
> Gateway xml file is configured under external folder.<br>
> (../conf/sip_profiles/external/)<br>
><br>
> I can see in packet capture and in freeswitch.log call comes from correct ip<br>
> and port, but is always routed to context default. Hence I need to configure<br>
> something there. Is it possible to define context at gateway level?<br>
><br>
> Console trace:<br>
> <a href="http://pastebin.com/NzzLAK8U" rel="noreferrer" target="_blank">http://pastebin.com/NzzLAK8U</a><br>
> Freeswitch trace<br>
> <a href="http://pastebin.com/YUYVLfyY" rel="noreferrer" target="_blank">http://pastebin.com/YUYVLfyY</a><br>
><br>
> I defined my 4 SIP Gateways (status up) as follows: (1 for each IP address)<br>
><br>
> <gateway name="itsp-inbound-us1"><br>
><br>
> <param name="auth-calls" value="false"/><br>
><br>
> <param name="proxy" value="54.172.60.0"/><br>
><br>
> <param name="register" value="false"/><br>
><br>
> <param name="context" value="itsp"/><br>
><br>
> <param name="username" value="not-required"/><br>
><br>
> <param name="password" value="not-required"/><br>
><br>
> <param name="from-user" value="not-required"/><br>
><br>
> <param name="expire-seconds" value="600"/><br>
><br>
> <param name="extension" value="1000"/><br>
><br>
> </gateway><br>
><br>
><br>
>>sofia profile external gwlist<br>
><br>
> itsp-inbound-us4 itsp-inbound-us3 itsp-inbound-us2 itsp-inbound-us1<br>
><br>
>> sofia status gateway itsp-inbound-us1<br>
><br>
> Name itsp-inbound-us1<br>
><br>
> Profile external<br>
><br>
> Scheme Digest<br>
><br>
> Realm 54.172.60.0<br>
><br>
> Username not-required<br>
><br>
> Password yes<br>
><br>
> From <<a href="mailto:sip%3Anot-required@54.172.60.0" target="_blank">sip:not-required@54.172.60.0</a>><br>
><br>
> Contact<br>
> <sip:gw+itsp-inbound-us1@52.2.15.172:5060;transport=udp;gw=twilio-inbound-us1><br>
><br>
> Exten 1000<br>
><br>
> To <a href="mailto:sip%3Anot-required@54.172.60.0" target="_blank">sip:not-required@54.172.60.0</a><br>
><br>
> Proxy sip:54.172.60.0<br>
><br>
> Context itsp<br>
><br>
> Expires 600<br>
><br>
> Freq 600<br>
><br>
> Ping 0<br>
><br>
> PingFreq 0<br>
><br>
> PingTime 0.00<br>
><br>
> PingState 0/0/0<br>
><br>
> State NOREG<br>
><br>
> Status UP<br>
><br>
> Uptime 536s<br>
><br>
> CallsIN 0<br>
><br>
> CallsOUT 0<br>
><br>
> FailedCallsIN 0<br>
><br>
> FailedCallsOUT 0<br>
><br>
> =================================================================================================<br>
><br>
> Any suggestion?<br>
><br>
><br>
><br>
</div></div><div><div>> _________________________________________________________________________<br>
> Professional FreeSWITCH Consulting Services:<br>
> <a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
> <a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
> <a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
> <a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-users mailing list<br>
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div>