
<div dir="auto">Wouldn&#39;t it be simpler to make :5060 the unauthenticated port and :5080 the authenticated?</div><div class="gmail_extra"><br><div class="gmail_quote">On Jan 5, 2017 7:58 AM, &quot;Mimiko&quot; &lt;<a href="mailto:vbvbrj@gmail.com" target="_blank">vbvbrj@gmail.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 04.01.2017 19:07, Anthony Minessale wrote:<br>

&gt;     My questions are:<br>

&gt;<br>

&gt;     1) Does this type of combination affect security?<br>

&gt;     2) How to impose all registered phones to make authenticated calls<br>

&gt;     always? So they will not go first thru public context and then to<br>

&gt;     default?<br>

&gt;<br>

&gt;<br>

&gt; Its a lot to go through for the vanity of not having to type 5080 once<br>

&gt; in a config box, but that&#39;s just my opinion ;)<br>

&gt;<br>

&gt; You can use the set_user app to make unauthenticated calls get the same<br>

&gt; data as authenticated calls would have on a specified exten.<br>

<br>

Anthony thank you for suggestion.<br>

<br>

Taking this public dialplan:<br>

<br>

&lt;context name=&quot;public&quot;&gt;<br>

&lt;extension name=&quot;unloop&quot;&gt;<br>

&lt;condition field=&quot;${unroll_loops}&quot; expression=&quot;^true$&quot;/&gt;<br>

&lt;condition field=&quot;${sip_looped_call}&quot; expression=&quot;^true$&quot;&gt;<br>

&lt;action application=&quot;deflect&quot; data=&quot;${destination_number}&quot;/&gt;<br>

&lt;/condition&gt;<br>

&lt;/extension&gt;<br>

&lt;extension name=&quot;sip_nat_detected&quot; continue=&quot;true&quot;&gt;<br>

&lt;condition field=&quot;${sip_nat_detected}&quot; expression=&quot;^true$&quot;&gt;<br>

&lt;action application=&quot;set&quot; inline=&quot;true&quot;<br>

data=&quot;sip-force-contact=NDLB-<wbr>connectile-dysfunction&quot;/&gt;<br>

&lt;/condition&gt;<br>

&lt;extension name=&quot;public_did&quot;&gt;<br>

&lt;condition field=&quot;destination_number&quot; expression=&quot;^([5-8]\d\d)$&quot;&gt;<br>

&lt;action application=&quot;transfer&quot; data=&quot;$1 XML default&quot;/&gt;<br>

&lt;/condition&gt;<br>

&lt;/extension&gt;<br>

&lt;/extension&gt;<br>

&lt;extension name=&quot;check_auth&quot; continue=&quot;true&quot;&gt;<br>

&lt;condition field=&quot;${sip_authorized}&quot; expression=&quot;^true$&quot; break=&quot;never&quot;&gt;<br>

&lt;anti-action application=&quot;set&quot; data=&quot;process_cdr=false&quot;/&gt;<br>

&lt;anti-action application=&quot;respond&quot; data=&quot;407&quot;/&gt;<br>

&lt;/condition&gt;<br>

&lt;/extension&gt;<br>

&lt;/context&gt;<br>

<br>

Where to put the set_user app? If I&#39;ll put it before &quot;check_auth&quot;<br>

extension like:<br>

<br>

&lt;action application=&quot;set_user&quot; data=&quot;${caller_id_number}@${<wbr>domain}&quot;/&gt;<br>

<br>

Then any one calling from internet could set theirs caller_id_number to<br>

internal&#39;s one and act on behalf of some registered user to fraud.<br>

<br>

Or may be first extension in public dialplan to put something which will<br>

check, based on caller_id_number, if there is a registered user and<br>

impose to make authenticate call, like:<br>

<br>

&lt;extension name=&quot;check_user_registered&quot;&gt;<br>

&lt;condition field=&quot;${sofia_contact(${<wbr>caller_id_number})}&quot;<br>

expression=&quot;^error/&quot; break=&quot;on-false&quot;&gt;<br>

&lt;anti-action application=&quot;set&quot; data=&quot;process_cdr=false&quot;/&gt;<br>

&lt;anti-action application=&quot;respond&quot; data=&quot;407&quot;/&gt;<br>

&lt;/condition&gt;<br>

&lt;/extension&gt;<br>

<br>

PS: Yes, its not to big to add :5080, but take callers that want to call<br>

from mobile via internet using a sip uri. Even myself forgets to add<br>

port number at the end. :)<br>

<br>

--<br>

Mimiko desu.<br>

<br>

______________________________<wbr>______________________________<wbr>_____________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>

<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>

</blockquote></div></div>