[Freeswitch-users] Embarrassing Question: Local extension registering in the Public context on default configuration?

Michael Collins msc at freeswitch.org
Tue Mar 29 01:52:55 MSD 2011


DING DING DING DING! We have a weener! :P
Look at line 3 of your pastebin:

2011-03-26 02:00:54.058641 [DEBUG] sofia.c:6466 IP 192.168.3.121
Approved by acl "domains[]". Access Granted.

Your "domains" ACL is letting the call in, but is not "authenticating"
it so it's hitting the default context. If you absolutely want IP auth
then you need to go into each directory entry for each user you want
to have IP auth and add a tag like this:

<user id="1000" cidr="192.168.3.10">

The better way to go, IMHO, is simply to use digest authentication.
That way you don't have to worry about what IP address for what user,
etc. Just make sure that you change the SIP password to something
better than "1234" :)

I answered this yesterday asking about the ACL. Granted it wasn't
within 10 minutes but it was a Sunday for me... ;)

-MC

BTW,

On Mon, Mar 28, 2011 at 2:01 PM, A E [Gmail] <all.eforums at gmail.com> wrote:
> On Mon, Mar 28, 2011 at 4:41 PM, Michael Collins <msc at freeswitch.org> wrote:
>>
>> > Anymore ideas? With the gurus on the list, I'd have thought this would
>> > be
>> > answered in 10 mins of it being posted :)
>>
>> :)
>>
>> Did you nail down the question about whether you have an ACL set?
>> Also, did you pastebin a debug log of the call hitting the dialplan?
>>
>> -MC
>>
>
> So, I did muck around a tad with the acl.conf.xml file although I was under
> the impression that it was auto-magically generated at install time? It
> looks like this.
>     <list name="lan" default="allow">
>       <node type="deny" cidr="0.0.0.0/0"/>
>       <node type="allow" cidr="192.168.3.0/24"/>
>     </list>
>     <list name="domains" default="deny">
>      <node type="allow" domain="$${domain}"/>
>       <node type="allow" cidr="192.168.3.0/24"/>
>     </list>
> and yes, I put the pastebin here: http://pastebin.freeswitch.org/15881
> I also keep seeing this on the console in fs_cli:
> 2011-03-26 03:48:54.397538 [WARNING] sofia_reg.c:1246 SIP auth challenge
> (REGISTER) on sofia profile 'internal' for [1000 at 192.168.3.101] from ip
> 192.168.3.121
> Not sure why this is a "warning", and that might be an indication that FS
> thinks this UA is "foreign"?
> HTH?
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>



More information about the FreeSWITCH-users mailing list