<div dir="ltr"><div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 3, 2017 at 3:40 AM, Mimiko <span dir="ltr"><<a href="mailto:vbvbrj@gmail.com" target="_blank">vbvbrj@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello.<br>
<br>
There where separate sip profiles for registered accounts and anonymous<br>
inbound calls: internal and external. All calls and registrations on<br>
internal a authenticated and routed to "default" context. For external<br>
profile inbound calls are not authenticated and are routed to "public"<br>
context.<br>
<br>
In order for some one to call inbound (s)he have to use :5080 port,<br>
which is somehow inconvenient. So I decided to combine in one profile<br>
named "example" on port 5060.<br>
<br>
<profile name="internal_77.89.245.34"><br>
<settings><br>
<param name="context" value="public"/><br>
<param name="auth-calls" value="false"/><br>
<param name="auth-all-packets" value="false"/><br>
<param name="inbound-reg-force-<wbr>matching-username" value="true"/><br>
<param name="force-register-domain" value="default"/><br>
<param name="force-subscription-<wbr>domain" value="default"/><br>
<param name="force-register-db-<wbr>domain" value="default"/><br>
</settings><br>
</profile><br>
<domain name="$${domain}"><br>
<variables><br>
<variable name="inbound-reg-force-<wbr>matching-username" value="true"/><br>
<variable name="user_context" value="default"/><br>
<groups><br>
<group name="default"><br>
<users><br>
<X-PRE-PROCESS cmd="include" data="default/*.xml"/><br>
</users><br>
</group><br>
</groups><br>
</variables><br>
</domain><br>
<br>
Registration was working, calling to those registration was working, but<br>
some phones hit public context, some default context. I started to dig<br>
whats happening and found that D-Link phones always do authenticated<br>
calls when they a registered, while Stephen's phones does<br>
unauthenticated and go to public.<br>
<br>
Then I found a mention that registrations allow only to find the phone<br>
to call, while calls does not necessary authenticate. So I used<br>
Anthony's solution in public context on the end:<br>
<br>
<extension name="check_auth" continue="true"><br>
<condition field="${sip_authorized}" expression="^true$" break="never"><br>
<anti-action application="respond" data="407"/><br>
</condition><br>
</extension><br>
<br>
Now when a registered phone hits public context and no other conditions<br>
are met, they are rejected and call authenticated hitting default context.<br>
<br>
Then in CDR I see two lines: one with rejected and one with success.<br>
This is not well, so found a hint and put:<br>
<anti-action application="set" data="process_cdr=false"/><br>
<br>
And now is working somewhat correct except that calls to public numbers<br>
which does not require authentication does not get vars for the<br>
registered extension.<br>
<br>
My questions are:<br>
<br>
1) Does this type of combination affect security?<br>
2) How to impose all registered phones to make authenticated calls<br>
always? So they will not go first thru public context and then to default?<br>
<br></blockquote><div><br></div><div>Its a lot to go through for the vanity of not having to type 5080 once in a config box, but that's just my opinion ;)</div><div><br></div><div>You can use the set_user app to make unauthenticated calls get the same data as authenticated calls would have on a specified exten.<br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
--<br>
Mimiko desu.<br>
<br>
______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Anthony Minessale II ♬ @anthmfs ♬ @FreeSWITCH ♬<div><br><div>☞ <a href="http://freeswitch.org/" target="_blank">http://freeswitch.org/</a> ☞ <a href="http://cluecon.com/" target="_blank">http://cluecon.com/</a> ☞ <a href="http://twitter.com/FreeSWITCH" target="_blank">http://twitter.com/FreeSWITCH</a></div><div><div>☞ <a href="http://irc.freenode.net" target="_blank">irc.freenode.net</a> #freeswitch ☞ <u><a href="http://freeswitch.org/g+" target="_blank">http://freeswitch.org/g+</a></u><br><br></div><div>ClueCon Weekly Development Call <br></div><div>☎ <a href="mailto:sip%3A888@conference.freeswitch.org" target="_blank">sip:888@conference.freeswitch.org</a> ☎ +19193869900 </div><div><br></div></div></div><div><a href="https://www.youtube.com/watch?v=9XXgW34t40s" style="color:rgb(17,85,204);font-size:12.8px" target="_blank">https://www.youtube.com/watch?v=9XXgW34t40s</a></div><div><a href="https://www.youtube.com/watch?v=NLaDpGQuZDA" target="_blank">https://www.youtube.com/watch?v=NLaDpGQuZDA</a><br></div></div></div></div></div></div></div>
</div></div>