<p dir="ltr">Then you just limit the access on your external profile - by IP addresses or sip header fields.</p>
<div class="gmail_quote">On 12 Oct 2015 13:48, &quot;Michael Nielsen&quot; &lt;<a href="mailto:mic.niel84@gmail.com">mic.niel84@gmail.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>My reason for this kind of issue is that I have a case where users are charged for incoming calls...<br><br></div>So I want to make sure, that ONLY registrered users and my SIP gateway can make calls with our FreeSWITCH.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 12, 2015 at 1:18 PM, Michael Nielsen <span dir="ltr">&lt;<a href="mailto:mic.niel84@gmail.com" target="_blank">mic.niel84@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>I see that scenario make sense.<br></div>But what if I only want to have registered users call each other?<br></div><br></div>I&#39;ve tried with external_auth_calls=true in vars.xml, but that still allow completely external parties to call me...<br><br><br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 8, 2015 at 9:44 AM, Stanislav Sinyagin <span dir="ltr">&lt;<a href="mailto:ssinyagin@gmail.com" target="_blank">ssinyagin@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">actually typically you don&#39;t want to limit your inbound calls.<br>
<br>
For example, I get a Twilio PSTN number 1555123456, and configure<br>
twilio to send the calls to <a href="http://sip.example.com:5080" rel="noreferrer" target="_blank">sip.example.com:5080</a>.  So, FreeSWITCH will<br>
receive the calls in public context.<br>
<br>
Now, what I can do is give my SIP URI<br>
(<a href="http://1555123456@sip.example.com:5080" rel="noreferrer" target="_blank">1555123456@sip.example.com:5080</a>) to third parties -- for example,<br>
register it at some ENUM directories. Or maybe my overseas partner<br>
configures their PBX to send calls to me directly via Internet,<br>
instead of sending it to their local PSTN.<br>
<br>
So, what you need to make sure is that you only accept calls to your<br>
own numbers in public context. If you receive an unauthenticated call<br>
for some arbitrary destination number, it should be rejected (you<br>
don&#39;t really want to send it to PSTN, do you?).<br>
<br>
If there&#39;s only a small quantity of PSTN numbers landing on your<br>
FreeSWITCH, you can simply configure a sequence of condition<br>
statements in the public context. If your setup is bigger, there are<br>
many ways to look up the number in some database and make a decision<br>
where to route it. One of the simplest ways is to have your directory<br>
users, one per DID, and use &quot;user_exists&quot; call to check if this is our<br>
number.<br>
<br>
I don&#39;t see much of a reason in sending inbound calls to the internal<br>
profile (port 5060) and making an exclusion ACL to disable the<br>
authentication. It only makes things complex and it doesn&#39;t add<br>
security.<br>
<span><br>
<br>
<br>
<br>
<br>
<br>
<br>
On Wed, Oct 7, 2015 at 5:15 PM, Gonzalo Gasca Meza<br>
&lt;<a href="mailto:gascagonzalo@gmail.com" target="_blank">gascagonzalo@gmail.com</a>&gt; wrote:<br>
</span><div><div>&gt; I have a SIP Provider which has 4 IP addresses in US. They send SIP calls<br>
&gt; from any of those 4 IPs to my Freeswitch. **They do not require<br>
&gt; authentication, nor SIP Trunk registration, just purely send a SIP INVITE**<br>
&gt;<br>
&gt; Incoming calls work fine except that I want to assign a context when I<br>
&gt; receive an incoming call from this ITSP at gateway level.<br>
&gt; Gateway xml file is configured under external folder.<br>
&gt; (../conf/sip_profiles/external/)<br>
&gt;<br>
&gt; I can see in packet capture and in freeswitch.log call comes from correct ip<br>
&gt; and port, but is always routed to context default. Hence I need to configure<br>
&gt; something there. Is it possible to define context at gateway level?<br>
&gt;<br>
&gt; Console trace:<br>
&gt; <a href="http://pastebin.com/NzzLAK8U" rel="noreferrer" target="_blank">http://pastebin.com/NzzLAK8U</a><br>
&gt; Freeswitch trace<br>
&gt; <a href="http://pastebin.com/YUYVLfyY" rel="noreferrer" target="_blank">http://pastebin.com/YUYVLfyY</a><br>
&gt;<br>
&gt; I defined my 4 SIP Gateways (status up) as follows: (1 for each IP address)<br>
&gt;<br>
&gt; &lt;gateway name=&quot;itsp-inbound-us1&quot;&gt;<br>
&gt;<br>
&gt;   &lt;param name=&quot;auth-calls&quot; value=&quot;false&quot;/&gt;<br>
&gt;<br>
&gt;   &lt;param name=&quot;proxy&quot; value=&quot;54.172.60.0&quot;/&gt;<br>
&gt;<br>
&gt;   &lt;param name=&quot;register&quot; value=&quot;false&quot;/&gt;<br>
&gt;<br>
&gt;   &lt;param name=&quot;context&quot; value=&quot;itsp&quot;/&gt;<br>
&gt;<br>
&gt;   &lt;param name=&quot;username&quot; value=&quot;not-required&quot;/&gt;<br>
&gt;<br>
&gt;   &lt;param name=&quot;password&quot; value=&quot;not-required&quot;/&gt;<br>
&gt;<br>
&gt;   &lt;param name=&quot;from-user&quot; value=&quot;not-required&quot;/&gt;<br>
&gt;<br>
&gt;   &lt;param name=&quot;expire-seconds&quot; value=&quot;600&quot;/&gt;<br>
&gt;<br>
&gt;   &lt;param name=&quot;extension&quot; value=&quot;1000&quot;/&gt;<br>
&gt;<br>
&gt; &lt;/gateway&gt;<br>
&gt;<br>
&gt;<br>
&gt;&gt;sofia profile external gwlist<br>
&gt;<br>
&gt; itsp-inbound-us4 itsp-inbound-us3 itsp-inbound-us2 itsp-inbound-us1<br>
&gt;<br>
&gt;&gt; sofia status gateway itsp-inbound-us1<br>
&gt;<br>
&gt; Name    itsp-inbound-us1<br>
&gt;<br>
&gt; Profile external<br>
&gt;<br>
&gt; Scheme  Digest<br>
&gt;<br>
&gt; Realm   54.172.60.0<br>
&gt;<br>
&gt; Username not-required<br>
&gt;<br>
&gt; Password yes<br>
&gt;<br>
&gt; From    &lt;<a href="mailto:sip%3Anot-required@54.172.60.0" target="_blank">sip:not-required@54.172.60.0</a>&gt;<br>
&gt;<br>
&gt; Contact<br>
&gt; &lt;sip:gw+itsp-inbound-us1@52.2.15.172:5060;transport=udp;gw=twilio-inbound-us1&gt;<br>
&gt;<br>
&gt; Exten   1000<br>
&gt;<br>
&gt; To      <a href="mailto:sip%3Anot-required@54.172.60.0" target="_blank">sip:not-required@54.172.60.0</a><br>
&gt;<br>
&gt; Proxy   sip:54.172.60.0<br>
&gt;<br>
&gt; Context itsp<br>
&gt;<br>
&gt; Expires 600<br>
&gt;<br>
&gt; Freq    600<br>
&gt;<br>
&gt; Ping    0<br>
&gt;<br>
&gt; PingFreq 0<br>
&gt;<br>
&gt; PingTime 0.00<br>
&gt;<br>
&gt; PingState 0/0/0<br>
&gt;<br>
&gt; State   NOREG<br>
&gt;<br>
&gt; Status  UP<br>
&gt;<br>
&gt; Uptime  536s<br>
&gt;<br>
&gt; CallsIN 0<br>
&gt;<br>
&gt; CallsOUT 0<br>
&gt;<br>
&gt; FailedCallsIN 0<br>
&gt;<br>
&gt; FailedCallsOUT 0<br>
&gt;<br>
&gt; =================================================================================================<br>
&gt;<br>
&gt; Any suggestion?<br>
&gt;<br>
&gt;<br>
&gt;<br>
</div></div><div><div>&gt; _________________________________________________________________________<br>
&gt; Professional FreeSWITCH Consulting Services:<br>
&gt; <a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
&gt; <a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
&gt;<br>
&gt; Official FreeSWITCH Sites<br>
&gt; <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
&gt; <a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
&gt; <a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
&gt;<br>
&gt; FreeSWITCH-users mailing list<br>
&gt; <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
&gt; <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
&gt; UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
&gt; <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div>