<div dir="ltr"><div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 3, 2017 at 3:40 AM, Mimiko <span dir="ltr">&lt;<a href="mailto:vbvbrj@gmail.com" target="_blank">vbvbrj@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello.<br>
<br>
There where separate sip profiles for registered accounts and anonymous<br>
inbound calls: internal and external. All calls and registrations on<br>
internal a authenticated and routed to &quot;default&quot; context. For external<br>
profile inbound calls are not authenticated and are routed to &quot;public&quot;<br>
context.<br>
<br>
In order for some one to call inbound (s)he have to use :5080 port,<br>
which is somehow inconvenient. So I decided to combine in one profile<br>
named &quot;example&quot; on port 5060.<br>
<br>
&lt;profile name=&quot;internal_77.89.245.34&quot;&gt;<br>
&lt;settings&gt;<br>
&lt;param name=&quot;context&quot; value=&quot;public&quot;/&gt;<br>
&lt;param name=&quot;auth-calls&quot; value=&quot;false&quot;/&gt;<br>
&lt;param name=&quot;auth-all-packets&quot; value=&quot;false&quot;/&gt;<br>
&lt;param name=&quot;inbound-reg-force-<wbr>matching-username&quot; value=&quot;true&quot;/&gt;<br>
&lt;param name=&quot;force-register-domain&quot; value=&quot;default&quot;/&gt;<br>
&lt;param name=&quot;force-subscription-<wbr>domain&quot; value=&quot;default&quot;/&gt;<br>
&lt;param name=&quot;force-register-db-<wbr>domain&quot; value=&quot;default&quot;/&gt;<br>
&lt;/settings&gt;<br>
&lt;/profile&gt;<br>
&lt;domain name=&quot;$${domain}&quot;&gt;<br>
&lt;variables&gt;<br>
&lt;variable name=&quot;inbound-reg-force-<wbr>matching-username&quot; value=&quot;true&quot;/&gt;<br>
&lt;variable name=&quot;user_context&quot; value=&quot;default&quot;/&gt;<br>
&lt;groups&gt;<br>
&lt;group name=&quot;default&quot;&gt;<br>
&lt;users&gt;<br>
&lt;X-PRE-PROCESS cmd=&quot;include&quot; data=&quot;default/*.xml&quot;/&gt;<br>
&lt;/users&gt;<br>
&lt;/group&gt;<br>
&lt;/groups&gt;<br>
&lt;/variables&gt;<br>
&lt;/domain&gt;<br>
<br>
Registration was working, calling to those registration was working, but<br>
some phones hit public context, some default context. I started to dig<br>
whats happening and found that D-Link phones always do authenticated<br>
calls when they a registered, while Stephen&#39;s phones does<br>
unauthenticated and go to public.<br>
<br>
Then I found a mention that registrations allow only to find the phone<br>
to call, while calls does not necessary authenticate. So I used<br>
Anthony&#39;s solution in public context on the end:<br>
<br>
&lt;extension name=&quot;check_auth&quot; continue=&quot;true&quot;&gt;<br>
&lt;condition field=&quot;${sip_authorized}&quot; expression=&quot;^true$&quot; break=&quot;never&quot;&gt;<br>
&lt;anti-action application=&quot;respond&quot; data=&quot;407&quot;/&gt;<br>
&lt;/condition&gt;<br>
&lt;/extension&gt;<br>
<br>
Now when a registered phone hits public context and no other conditions<br>
are met, they are rejected and call authenticated hitting default context.<br>
<br>
Then in CDR I see two lines: one with rejected and one with success.<br>
This is not well, so found a hint and put:<br>
&lt;anti-action application=&quot;set&quot; data=&quot;process_cdr=false&quot;/&gt;<br>
<br>
And now is working somewhat correct except that calls to public numbers<br>
which does not require authentication does not get vars for the<br>
registered extension.<br>
<br>
My questions are:<br>
<br>
1) Does this type of combination affect security?<br>
2) How to impose all registered phones to make authenticated calls<br>
always? So they will not go first thru public context and then to default?<br>
<br></blockquote><div><br></div><div>Its a lot to go through for the vanity of not having to type 5080 once in a config box, but that&#39;s just my opinion ;)</div><div><br></div><div>You can use the set_user app to make unauthenticated calls get the same data as authenticated calls would have on a specified exten.<br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
--<br>
Mimiko desu.<br>
<br>
______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Anthony Minessale II       ♬ @anthmfs  ♬ @FreeSWITCH  ♬<div><br><div>☞ <a href="http://freeswitch.org/" target="_blank">http://freeswitch.org/</a>  ☞ <a href="http://cluecon.com/" target="_blank">http://cluecon.com/</a>  ☞ <a href="http://twitter.com/FreeSWITCH" target="_blank">http://twitter.com/FreeSWITCH</a></div><div><div>☞ <a href="http://irc.freenode.net" target="_blank">irc.freenode.net</a> #freeswitch ☞ <u><a href="http://freeswitch.org/g+" target="_blank">http://freeswitch.org/g+</a></u><br><br></div><div>ClueCon Weekly Development Call <br></div><div>☎ <a href="mailto:sip%3A888@conference.freeswitch.org" target="_blank">sip:888@conference.freeswitch.org</a>  ☎ +19193869900 </div><div><br></div></div></div><div><a href="https://www.youtube.com/watch?v=9XXgW34t40s" style="color:rgb(17,85,204);font-size:12.8px" target="_blank">https://www.youtube.com/watch?v=9XXgW34t40s</a></div><div><a href="https://www.youtube.com/watch?v=NLaDpGQuZDA" target="_blank">https://www.youtube.com/watch?v=NLaDpGQuZDA</a><br></div></div></div></div></div></div></div>
</div></div>