[Freeswitch-users] Two Major Problems

Anthony Minessale anthony.minessale at gmail.com
Tue Apr 20 14:21:00 PDT 2010


sometimes on sipx you need

<param name="accept-blind-auth" value="true"/>

in your profile because it tries to send auth info even when it's not
necessary and FS will enforce
auth packets even with everything else wide open.


On Tue, Apr 20, 2010 at 3:52 PM, Ken Fulmer <
kenfulmer at icstechnologysolutions.com> wrote:

>  I’ve tried this setting as well:
>
>
>
>     <param name="apply-inbound-acl" value="lan"/>
>
>
>
> Neither way seems to work. What’s strange is, I have an Adtran voice
> gateway at 172.16.15.11 that is sending calls to the FS box without any
> problems. The sipX server on the same subnet, 10.10.3.0 /25 can’t send calls
> without generating the Proxy Authentication Required message. Is this just
> because it’s on the same LAN as the FS box?
>
>
>
> Thanks,
>
>
> Ken
>
>
>
>
>
>
>
> *From:* freeswitch-users-bounces at lists.freeswitch.org [mailto:
> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *David
> Ponzone
> *Sent:* Tuesday, April 20, 2010 3:25 PM
>
> *To:* freeswitch-users at lists.freeswitch.org
> *Subject:* Re: [Freeswitch-users] Two Major Problems
>
>
>
> ken,
>
>
>
> are you sure it's not apply-inbound-acl you want to set ?
>
>
>
> David Ponzone  Direction Technique
>
> email: david.ponzone at ipeva.fr
>
> tel:      01 74 03 18 97
>
> gsm:   06 66 98 76 34
>
>
>
> Service Client IPeva
>
> tel:      0811 46 26 26
>
> *www.ipeva.fr*  -   *www.ipeva-studio.com*
>
>
>
> *Ce message et toutes les pièces jointes sont confidentiels et établis à
> l'intention exclusive de ses destinataires. Toute utilisation ou diffusion
> non autorisée est interdite. Tout message électronique est susceptible
> d'altération. IPeva décline toute responsabilité au titre de ce message
> s'il a été altéré, déformé ou falsifié. Si vous n'êtes pas destinataire de
> ce message, merci de le détruire immédiatement et d'avertir l'expéditeur.*
>
> * *
>
>
>
>
>
>
>
> Le 20/04/2010 à 22:03, Ken Fulmer a écrit :
>
>
>
>   I’m now using an ACL list called “lan”.
>
>
>
>     <list name="lan" default="allow">
>
>      <node type="allow" cidr="10.10.3.0/25"/>
>
>     </list>
>
>
>
> In the external sip profile, I have the following statement:
>
>
>
>     <param name="local-network-acl" value="lan"/>
>
>
>
> I still get the Proxy Authentication Required error. Am I doing something
> wrong?
>
>
>
> Thanks,
>
>
>
> Ken
>
>
>
>
>
> *From:* freeswitch-users-bounces at lists.freeswitch.org [
> mailto:freeswitch-users-bounces at lists.freeswitch.org<freeswitch-users-bounces at lists.freeswitch.org>
> ] *On Behalf Of *Tjardick van der Kraan
> *Sent:* Sunday, April 11, 2010 4:36 PM
> *To:* freeswitch-users at lists.freeswitch.org
> *Subject:* Re: [Freeswitch-users] Two Major Problems
>
>
>
> Use the CIDR XML key not domain:
>
>
>
> http://wiki.freeswitch.org/wiki/Acl
>
>
>
> Regards,
>
>
>
> Tj
>
>
>
> On 09 Apr 2010, at 19:07, Ken Fulmer wrote:
>
>
>
>
>    Per your suggestion, I changed the following in the
> conf/autoload_configs/acl.conf.xml file:
>
>
>
>     <list name="domains" default="deny">
>
>       <node type="allow" domain="10.10.3.10"/>
>
>       <node type="allow" domain="10.10.3.11"/>
>
>     </list>
>
>
>
> 10.10.3.10 and 10.10.3.11 are the ip addresses of our internal servers.
> However, the calls still fail with the 407 Proxy Authentication Required
> message.
>
>
>
> I get the following log output when I issue the command, reloadacl:
>
>
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:954 Created ip list
> rfc1918.auto default (deny)
>
> freeswitch at internal> 2010-04-09 12:06:31.259954 [NOTICE]
> switch_utils.c:195 Adding 10.0.0.0/8 (allow) [] to list rfc1918.auto
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding
> 172.16.0.0/12 (allow) [] to list rfc1918.auto
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding
> 192.168.0.0/16 (allow) [] to list rfc1918.auto
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:962 Created ip list
> wan.auto default (allow)
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding 10.0.0.0/8(deny) [] to list wan.auto
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding
> 172.16.0.0/12 (deny) [] to list wan.auto
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding
> 192.168.0.0/16 (deny) [] to list wan.auto
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:970 Created ip list
> nat.auto default (deny)
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:972 Adding
> 10.10.3.12/255.255.255.128 (deny) to list nat.auto
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding 10.0.0.0/8(allow) [] to list nat.auto
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding
> 172.16.0.0/12 (allow) [] to list nat.auto
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding
> 192.168.0.0/16 (allow) [] to list nat.auto
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:981 Created ip list
> loopback.auto default (deny)
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding 127.0.0.0/8(allow) [] to list loopback.auto
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:987 Created ip list
> localnet.auto default (deny)
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:990 Adding
> 10.10.3.12/255.255.255.128 (allow) to list localnet.auto
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:1015 Created ip list
> domains default (deny)
>
> 2010-04-09 12:06:31.259954 [WARNING] switch_core.c:1046 Cannot locate
> domain 10.10.3.10
>
> 2010-04-09 12:06:31.259954 [WARNING] switch_core.c:1046 Cannot locate
> domain 10.10.3.11
>
>
>
> Am I doing something incorrectly?
>
>
>
> Thanks,
>
>
>
> Ken
>
>
>
> *From:* freeswitch-users-bounces at lists.freeswitch.org [
> mailto:freeswitch-users-bounces at lists.freeswitch.org<freeswitch-users-bounces at lists.freeswitch.org>
> ] *On Behalf Of *Michael Collins
> *Sent:* Thursday, April 08, 2010 6:25 PM
> *To:* freeswitch-users at lists.freeswitch.org
> *Subject:* Re: [Freeswitch-users] Two Major Problems
>
>
>
>
>
> On Thu, Apr 8, 2010 at 3:18 PM, Ken Fulmer <
> kenfulmer at icstechnologysolutions.com> wrote:
>
> Actually, I did purchase a license and installed it today. One call
> establishes at 729. When I hang up the phone and try again, it’s 711.
>
> Make sure that the encoder/decoder isn't still in use prior to trying the
> second call. After you hang up, do a "show channels" and see if the call is
> still "up" or not. Also, do "g729_status" to see if the encoder or decoder
> is in use. Keep doing "g729_status" until the 'coders are not in use. If
> there is a long delay then open up a JIRA ticket on jira.freeswitch.org.
>
>
>
> The Proxy Authentication Required is being sent by FreeSwitch to the
> internal PBX. I have registration disabled on the FreeSwitch gateway and the
> internal server.
>
> By default the SIP profile will challenge if the IP address of the caller
> is not in the ACL. Open conf/autoload_configs/acl.conf.xml and locate the
> "domains" node. Add your PBX's IP address. You'll see an example in the
> comments. Once you're done editing, save the file and then go to the fs_cli
> and do:
> reloadacl reloadxml
>
> Then make a call from PBX to FS and it should go through.
> -MC
>
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>


-- 
Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
Twitter: http://twitter.com/FreeSWITCH_wire

AIM: anthm
MSN:anthony_minessale at hotmail.com <MSN%3Aanthony_minessale at hotmail.com>
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com<PAYPAL%3Aanthony.minessale at gmail.com>
IRC: irc.freenode.net #freeswitch

FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org <sip%3A888 at conference.freeswitch.org>
googletalk:conf+888 at conference.freeswitch.org<googletalk%3Aconf%2B888 at conference.freeswitch.org>
pstn:+19193869900
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20100420/0443d47e/attachment-0001.html 


More information about the FreeSWITCH-users mailing list