[Freeswitch-users] Authorizing Anonynous Devices

Anthony Minessale anthony.minessale at gmail.com
Wed Oct 29 06:13:58 PDT 2008


all this to avoid just making another profile on a different port that has
inbound calls sandboxed into a special public context?
if you add the port to your srv records nobody would even know.


On Tue, Oct 28, 2008 at 3:02 PM, Klaus Teller <klaus.teller at gmx.net> wrote:

> Hi Folks,
>
> I need some additional help with this issue. I already had some from Brian
> i'm but still not able to move forward.
>
> I want a non-registered device to be able to call extension 56900 in my
> Freeswitch in such a way that i can manage the call using the socket
> interface.  I believe the issue i'm having is that of permissions.
>
> Based on what was suggested sofar, here is what i did.
>
> 1) Added following extension in dialplan/default.xml
>
>     <extension name="check_auth" continue="true">
>            <condition field="${sip_authorized}" expression="^true$"
> break="never">
>                   <anti-action application="respond" data="407"/>
>            </condition>
>   </extension>
>
> 2) Set auth-calls to false in internal.xml. That is
> <param name="auth-calls" value="$${internal_auth_calls}"/>
>
> was replaced with:
>
> <param name="auth-calls" value="false"/>
>
> 3) Changed acl.com.xml by replacing
>
>  <list name="domains" default="DENY">
>      <node type="allow" domain="$${domain}"/>
>    </list>
>
> with
>
>  <list name="domains" default="allow">
>      <node type="allow" domain="$${domain}"/>
>    </list>
>
>
> Now here is the result i get after these changes:
>
> a) Anonymous non-registered device can call registered soft phone  at
> extension 1003
> b) Anonymous non-registered device cannot call 56900 that needs to be
> managed via socket interface (error message 480). Also 9000 cannot be
> called.
> c) Registered soft phone (extension 1003) cannot call 56900
> d) Registered soft phone (ext 1003) can call registered soft phone (ext
> 1000).
>
> If i perform only step 1 and 3 (i.e. auth-calls not set to false), a)
> become impossible, b) remains wrong, c) is now possible (i.e. socket
> interface being notified about call at 56900), while d) remains. valid.
>
>
> Disabling any of 1) or 3) would result into calls by non-registered device
> being rejected.
>
> Any idea what else can be tried?
>
> Thanks,
> Klaus.
>
>
>
> --
> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/

AIM: anthm
MSN:anthony_minessale at hotmail.com <MSN%3Aanthony_minessale at hotmail.com>
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com<PAYPAL%3Aanthony.minessale at gmail.com>
IRC: irc.freenode.net #freeswitch

FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org <sip%3A888 at conference.freeswitch.org>
iax:guest at conference.freeswitch.org/888
googletalk:conf+888 at conference.freeswitch.org<googletalk%3Aconf%2B888 at conference.freeswitch.org>
pstn:213-799-1400
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20081029/671fb67e/attachment-0002.html 


More information about the FreeSWITCH-users mailing list