[Freeswitch-users] Authenticate external calls problem

Nandy Dagondon gcd at i.ph
Mon Apr 16 10:26:07 MSD 2012 

correction ... it should be in conf/sip_profiles/external/netelip.xml. :-)

On Mon, Apr 16, 2012 at 2:25 PM, Nandy Dagondon <gcd at i.ph> wrote:

> i think you should define Netelip as sofia_profiles/external/netelip.xml
> because you should register to Netelip. you define netelip in
> conf/directory/default/example.conf.xml when you require netelip to
> register to your FS.
>
> On Sat, Apr 14, 2012 at 9:11 AM, Jose Miguel Sucasas Mejuto <
> jmsucasas at me.com> wrote:
>
>> Hello,
>>
>>    I have installed freeSwitch 1.1beta from the git repository
>> (FreeSWITCH-mod_sofia/1.1.beta1-git-d2edcad 2012-03-31 23-42-27 +0000).  My
>> SIP provider (Netelip) is defined in
>> conf/directory/default/example.conf.xml:
>>
>> <include>
>>   <user id="$${default_provider}">
>>     <gateways>
>>       <gateway name="$${default_provider}">
>> <param name="username" value="$${default_provider_username}"/>
>>  <param name="password" value="$${default_provider_password}"/>
>> <param name="from-user" value="$${default_provider_username}"/>
>>  <param name="from-domain" value="$${default_provider_from_domain}"/>
>> <param name="expire-seconds" value="600"/>
>>  <param name="register" value="$${default_provider_register}"/>
>> <param name="retry-seconds" value="30"/>
>>  <param name="extension" value="$${default_provider_contact}"/>
>> <param name="auth-calls" value="false"/>
>>  <!--<param name="contact-params" value="domain_name=$${domain}"/>-->
>> <param name="context" value="public"/>
>>       </gateway>
>>     </gateways>
>>     <params>
>>       <param name="password" value="$${default_provider_password}"/>
>>     </params>
>>   </user>
>> </include>
>>
>> and doesn't authenticate inbound calls (insecure=invite in asterisk
>> language). When I receive an inbound call,  I receive the following error:
>>
>> freeswitch at internal>
>> recv 1000 bytes from udp/[194.140.135.80]:5060 at 23:23:10.163377:
>>
>>  ------------------------------------------------------------------------
>>    INVITE sip:34810101189 at sukmad.dyndns-home.com SIP/2.0
>>    Via: SIP/2.0/UDP 194.140.135.80:5060;branch=z9hG4bK6bb16a10;rport
>>    From: "916495242" <sip:916495242 at 194.140.135.80>;tag=as7a2a97e5
>>    To: <sip:34810101189 at sukmad.dyndns-home.com>
>>    Contact: <sip:916495242 at 194.140.135.80>
>>    Call-ID: 6c47a4064ef8d0641da415d2121e3226 at 194.140.135.80
>>    CSeq: 102 INVITE
>>    User-Agent: Netelip
>>    Max-Forwards: 70
>>    Date: Fri, 13 Apr 2012 23:23:51 GMT
>>    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
>> INFO
>>    Supported: replaces
>>    Content-Type: application/sdp
>>    Content-Length: 425
>>
>>    v=0
>>    o=root 1249 1249 IN IP4 194.140.135.80
>>    s=session
>>    c=IN IP4 194.140.135.80
>>    t=0 0
>>    m=audio 16474 RTP/AVP 8 0 97 3 18 4 101
>>    a=rtpmap:8 PCMA/8000
>>    a=rtpmap:0 PCMU/8000
>>    a=rtpmap:97 iLBC/8000
>>    a=fmtp:97 mode=30
>>    a=rtpmap:3 GSM/8000
>>    a=rtpmap:18 G729/8000
>>    a=fmtp:18 annexb=no
>>    a=rtpmap:4 G723/8000
>>    a=fmtp:4 annexa=no
>>    a=rtpmap:101 telephone-event/8000
>>    a=fmtp:101 0-16
>>    a=silenceSupp:off - - - -
>>    a=ptime:20
>>    a=sendrecv
>>
>>  ------------------------------------------------------------------------
>> send 382 bytes to udp/[194.140.135.80]:5060 at 23:23:10.164409:
>>
>>  ------------------------------------------------------------------------
>>    SIP/2.0 100 Trying
>>    Via: SIP/2.0/UDP 194.140.135.80:5060;branch=z9hG4bK6bb16a10;rport=5060
>>    From: "916495242" <sip:916495242 at 194.140.135.80>;tag=as7a2a97e5
>>    To: <sip:34810101189 at sukmad.dyndns-home.com>
>>    Call-ID: 6c47a4064ef8d0641da415d2121e3226 at 194.140.135.80
>>    CSeq: 102 INVITE
>>    User-Agent: FreeSWITCH-mod_sofia/1.1.beta1-git-d2edcad 2012-03-31
>> 23-42-27 +0000
>>    Content-Length: 0
>>
>>
>>  ------------------------------------------------------------------------
>> 2012-04-14 01:23:10.162331 [DEBUG] sofia.c:7598 IP 194.140.135.80
>> Rejected by acl "domains". Falling back to Digest auth.
>> send 871 bytes to udp/[194.140.135.80]:5060 at 23:23:10.166026:
>>
>>  ------------------------------------------------------------------------
>> *   SIP/2.0 407 Proxy Authentication Required*
>>    Via: SIP/2.0/UDP 194.140.135.80:5060;branch=z9hG4bK6bb16a10;rport=5060
>>    From: "916495242" <sip:916495242 at 194.140.135.80>;tag=as7a2a97e5
>>    To: <sip:34810101189 at sukmad.dyndns-home.com>;tag=SaBHcvmm7evNF
>>    Call-ID: 6c47a4064ef8d0641da415d2121e3226 at 194.140.135.80
>>    CSeq: 102 INVITE
>>    User-Agent: FreeSWITCH-mod_sofia/1.1.beta1-git-d2edcad 2012-03-31
>> 23-42-27 +0000
>>    Accept: application/sdp
>>    Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO,
>> REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
>>    Supported: timer, precondition, path, replaces
>>    Allow-Events: talk, hold, presence, dialog, line-seize, call-info,
>> sla, include-session-description, presence.winfo, message-summary, refer
>>    Proxy-Authenticate: Digest realm="194.140.135.80",
>> nonce="bc1571d4-0957-4609-a887-7c3359b9ae9c", algorithm=MD5, qop="auth"
>>    Content-Length: 0
>>
>> I have read in forums that the solution to this problem is to add the IP
>> to the acl.conf.xml, like this:
>>
>>     <list name="domains" default="deny">
>>       <!-- domain= is special it scans the domain from the directory to
>> build the ACL -->
>>       <node type="allow" domain="$${domain}"/>
>>       <!-- use cidr= if you wish to allow ip ranges to this domains acl.
>> -->
>>       *<node type="allow" cidr="194.140.135.80/24"/> *
>>     </list>
>>
>> But my SIP provider have a dynamic IP, and it's behind a NAT.  If my SIP
>> provider will use any IP, ¿Where can I do this without enabling all IPs to
>> enter calls in my system?
>>
>>
>> Thanks in advance,
>>
>> Regards.
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120416/9484f84c/attachment-0001.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list