[Freeswitch-users] Getting started wiki page & external gateway: do I understand correctly?

Thu Jul 5 19:08:39 MSD 2012

Actually I'd say not to modify the wiki at all. It is valid as it
stands. Typically most users who use this default diaplan will
register their SIP provider's gateways on the external profile and all
of their phones in the internal profile.

Regarding the security part, well said over at that front. * users
have been burned because of this. You can also set the default
dialplan for that authenticated profile to be on public and set your
users's user_context param to whatever context you want the user to be
on.

And the answer to your last question. Yes you sure as heck as can
create a new sofia sip profile just for phones to register from the
outside world.

On Thu, Jul 5, 2012 at 12:42 AM, Jim <hakkie42 at gmail.com> wrote:
> Hi list,
>
> More or less beginner, home situation; trying to set up fs (again)..
>
> I've got 2 questions:
>
> 1. Posting here to make sure I understand before modifying the wiki.
> Could you please correct me if I'm wrong?
>
> Over here
> http://wiki.freeswitch.org/wiki/Getting_Started_Guide#External
>
> it says
> "The External (formerly "outbound") profile handles outbound
> registrations to a SIP provider."
> However, earlier on it also mentions you can let external devices (i.e.
> user phones in their own networks) register with that profile... so I'd
> change this to:
> "The External (formerly "outbound") profile also handles outbound
> registrations to a SIP provider."
>
> Then this:
> "The external profile allows anonymous calling, which is required as
> your provider will never authenticate with you to send you a call."
>
> Skimmed through the bridge book p78, Receiving calls, which seems to
> confirm external profile does not require authentication.
> Ok, fine.
>
> Then this:
> "In order to secure your FreeSWITCH it is wise to link your outbound
> profile to a dialplan context other than 'default', which in the default
> configuration is the where authenticated users are placed."
> Seems this advice mixes a default situation (default dialplan being
> sensitive) with conditional advice (your outbound profile which would be
> external in a default config).
>
> I would change outbound to external in order to lessen confusion:
> "In order to secure your FreeSWITCH it is wise to link your exgternal
> profile to a dialplan context other than 'default', which in the default
> configuration is where authenticated users are placed."
>
> ... although what is probably really meant is something like:
> "As mentioned, the profile used for outbound registrations allows
> anonymous, unauthenticated calling. By default, this profile is the
> external profile. In order to secure your FreeSWITCH, don't link this
> profile to a dialplan that allows dialing paid numbers or dialing users
> (who may be bothered/harrassed) without any further checking.
>
> Summary: in a default configuration: don't link your external profile to
> a 'default' dialplan."
> ... which is a mouthful.
>
> 2. Given the above, if I want to have external users in their own
> network behind NAT register to me, it would be best if I define an
> additional profile that does require SIP authentication, right?
>
> I can then use the external profile to register with SIP trunks etc.
>
> Thanks!
> --
> Regards,
>
> jb
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org