[Freeswitch-users] IP authentication
Brian West
brian at freeswitch.org
Wed Apr 30 07:12:12 PDT 2008
I have added this ACL topic to the meeting today so we can make sure
its documented better on the wiki.
1pm CST sip:888 at conference.freeswitch.org
/b
On Apr 30, 2008, at 8:14 AM, Anthony Minessale wrote:
> it seems a bit confusing but if you want to do ip auth the way you
> describe, you actually have to disable the digest auth so that the
> other end is not challenged for auth credentials on top of the ip
> auth.
>
> search your profile for this:
>
> <param name="auth-calls" value="true"/>
>
> and comment it by encapsulating it in <!-- and -->
>
> then add this line:
>
> <param name="apply-inbound-acl" value="sip_ip_auth"/>
>
> Then make sip_ip_auth by editing acl.conf.xml and add a new list to
> the <network-lists> tag.
> assuming the ip you trust is 200.2.2.2:
>
> <list name="sip_ip_auth" default="deny">
> <node type="allow" cidr="200.2.2.2/32"/>
> </list>
>
> Now all sip calls will be rejected unless they are originated by
> 200.2.2.2
>
>
>
>
> On Tue, Apr 29, 2008 at 8:17 PM, Brian West <brian at freeswitch.org>
> wrote:
> Jed,
> here are the list of things you can do:
>
> 1. sip_profiles/default.xml -> change context to default and set auth-
> calls=false
> 2. Then you can use ${network_addr} in your conditions or the ${acl()}
> function an example is in the default.xml dialplan.
>
> /b
>
>
> On Apr 29, 2008, at 4:44 PM, Jed Stafford wrote:
>
> > This feel's like a very stupid question, but i've scoured for hours
> > through the documents, and samples I can find without finding an
> > answer. I'm assuming I'm missing something very obvious.
> >
> > I'm just trying to have freeswitch accept a call from a static IP
> > address, then forward that call to a provider, essentially a very
> > static SIP proxy.
> >
> > I've tried added my IP in question to the acl.xml file, but no
> > success. All calls are rejected with a 407 Auth required.
> >
> > Thanks for any pointers. I think I will write a paragraph or two on
> > this when I get it working, as it's something I think a lot of
> > people are looking to try. Asterisk will not scale enough, and I
> > don't want to do this via OpenSER/RTPProxy, etc.
> >
> >
> > -Jed
> >
> > _______________________________________________
> > Freeswitch-users mailing list
> > Freeswitch-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> --
> Anthony Minessale II
>
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
>
> AIM: anthm
> MSN:anthony_minessale at hotmail.com
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
> IRC: irc.freenode.net #freeswitch
>
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org
> iax:guest at conference.freeswitch.org/888
> googletalk:conf+888 at conference.freeswitch.org
> pstn:213-799-1400 _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
Brian West
sip:brian at freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20080430/3173c182/attachment-0002.html
More information about the FreeSWITCH-users
mailing list