[Freeswitch-users] Inbound DID trunk without authentication

Gregor Nanger gregor at infomedia.si
Thu Nov 29 15:39:30 MSK 2012


Hi Cal!

I think I got it now and it may help you.

If call is coming to port 5060, then it is automaticly routed as
sip_profiles/internal profile. In internal.xml it is rule to obbey
"domains" list from  acl.conf.xml. So, whatever you do in acl, nothing will
change behaviour.

So what I did? I expanded domains list to add IP node of my provider. Now
incoming call is granted from acl and doesn't require authentication, but
automaticlly goes to public dial plan. I still have to figure it out why
does it go to public diaplan. In the end, this is what I wanted, but just
want to know wha it goes to public, where is this rule set.

Gregor

2012/11/29 Cal Leeming [Simplicity Media Ltd] <
cal.leeming at simplicitymedialtd.co.uk>

> Hi Gregor,
>
> I have to admit, every time I've tried using ACLs for inbound
> authentication (i.e. an inbound DID), it always gave me the same damn error
> (rejected by ACL 'domains' etc).
>
> I've searched endlessly for a reason why, but couldn't seem to find a
> combination of variables that worked.
>
> I figured that it must be working else everyone would be complaining, and
> that my own lack of knowledge/experience with FreeSWITCH meant I was
> getting something fundamentally wrong in the config.
>
> So, I removed ACLs, threw up an iptables rule and put a TODO in the
> project plan to fix ACLs before release lol.
>
> I'll have another look at this, and see if I can figure out wtf I'm doing
> wrong.
>
> This may/may not be the same problem your having, but I'll report back
> either way and hopefully it'll help!
>
> Cal
>
>
> On Thu, Nov 29, 2012 at 11:15 AM, Gregor Nanger <gregor at infomedia.si>wrote:
>
>> I thought that just set acl and set in /sip_profiles/external.xml <param
>> name="apply-inbound-acl" value="testdid"/> would solve this, but it
>> doesn't working.
>>
>> Trunk DID provider I am using is sending calls to FS. Now I just want to
>> get this calls into public dialplan based only on IP, not authorization. :-(
>>
>>
>>
>> 2012/11/29 Sanjay Soni <ssoni at lifesize.com>
>>
>>> I was getting similar problem and modifying acl.conf didn't work for me.
>>> What work for me was modifying sip_profiles/internal.xml and
>>> sip_profiles/external.xml with Either
>>> param name="local-network-acl" value="localnet.auto" - For Private IPs
>>> (This is default)
>>> Or
>>> param name="candidate-acl" value="wan.auto"
>>> param name="local-network-acl" value="localnet.auto" - For Public IPs.
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: freeswitch-users-bounces at lists.freeswitch.org [mailto:
>>> freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Paul Cupis
>>> Sent: 29 November 2012 16:02
>>> To: FreeSWITCH Users Help
>>> Subject: Re: [Freeswitch-users] Inbound DID trunk without authentication
>>>
>>> On Thu, Nov 29, 2012 at 09:36:25AM +0100, Gregor Nanger wrote:
>>> >    in acl.conf.xml i add:
>>> >
>>> >    <list name="testdid" default="deny">
>>> >    <node type="allow" cidr="xxx.xxx.xxx.xxx/32"/>
>>> >    </list>
>>>
>>> >    What I see in console I keep getting rejected by ACL "domains"
>>> >
>>> >    If I understand correctly if IP of inbound call is in ACL then call
>>> is
>>> >    transfered to public dialplan?
>>> >
>>> >    I need this gateway only for inbound calls.
>>>
>>> Try adding:
>>>
>>>    <node type="allow" cidr="xxx.xxx.xxx.xxx/32"/>
>>>
>>> into the existing stanza in acl.conf.xml which starts with:
>>>
>>>    <list name="domains" ...
>>>
>>> as this is the ACL which your SIP profile seems to be using to
>>> authenticate
>>> incoming calls.
>>>
>>> Regards,
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20121129/83db2081/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list