[Freeswitch-users] Newbie question about inbound calls/NAT (yes I checked wiki first:-) )

Michael Collins msc at freeswitch.org
Tue Apr 16 09:15:43 MSD 2013


For inbound calls you can skip the authentication by adding the source IP
address to the "domains" section of conf/autoload_configs/acl.conf.xml.
This will prevent FreeSWITCH from challenging the inbound call if it comes
from that IP address. This is more desirable than disabling call
authentication altogether in your SIP profile. (i.e. you are allowing only
a specific IP address to come in unauth'd as opposed to letting the whole
world in!)

Find out the source IP address for your Vitelity SIP traffic and add it to
the acl.conf.xml file in the "domains" section. It will be something like
this:

<node type="allow" cidr="1.2.3.4/32"/>

After you save that go to fs_cli and type "reloadacl". NOTE: simply doing a
"reloadxml" is not sufficient to make the new ACL entry take effect.
("reloadxml" simply reloads the XML config; "reloadacl" does a reloadxml
and then reloads the ACL entries.)

Hope this helps.
-MC

On Mon, Apr 15, 2013 at 12:30 AM, Jeff Bernhardt <jeff at askcornerstone.net>wrote:

>  Thanks. I had a look at the links and changed "domain and even
> "domain_name" in vars.xml to be the external ip, but the error now just
> says  it can's find user abcd_1.2.3.4 at 1.2.3.4 instead of @192.168.10.32.
>
>  And actually, I 'm mostly confused because I thought incoming calls were
> treated as unauthenticated and allowed to pass through. Isn't registering
> the trunk with the SIP provider enough to get incoming calls accepted?
>
>  The errors says "...you must configure your device to use the proper
> domain in it's authentication credentials," but how is the SIP trunk
> treated as a device?
>
>  Like I said, I think I'm misunderstanding something fundamental about
> this.
>
>  Thanks you.
>
>  ------------------------------
> *From:* freeswitch-users-bounces at lists.freeswitch.org [
> freeswitch-users-bounces at lists.freeswitch.org] on behalf of Cal Leeming
> [Simplicity Media Ltd] [cal.leeming at simplicitymedialtd.co.uk]
> *Sent:* Sunday, April 14, 2013 3:38 PM
> *To:* FreeSWITCH Users Help
> *Subject:* Re: [Freeswitch-users] Newbie question about inbound calls/NAT
> (yes I checked wiki first:-) )
>
>  Hello Jeff,
>
>  Here is a related thread;
>
> http://freeswitch-users.2379917.n2.nabble.com/You-must-define-a-domain-called-xx-com-in-your-directory-td7585944.html
>
> http://lists.freeswitch.org/pipermail/freeswitch-users/2008-September/006232.html
>
>  You need to configure your domain and username, but as you can see here
> your gateway/users are sending the domain '192.168.10.32', but you have not
> configured this domain in sofia.conf.
>
>  If you are using multi-tenant then you'll need to put some more thought
> into how you're going to approach this.
>
>  If you are not using multi-tenant (i.e. one domain only) then you could
> force the domain as discussed here;
>
> http://www.feedingedge.co.uk/blog/2010/08/03/techie-post-opensim-and-freeswitch-problems/
>
>  Hope this helps
>
>  Cal
>
> On Sun, Apr 14, 2013 at 10:36 AM, Jeff Bernhardt <jeff at askcornerstone.net>wrote:
>
>>  Setting up my first test box with Freeswitch. I'm really excited about
>> getting it up and running.
>>
>>  I'm trying to get inbound calls working from external using a Vitelity
>> trunk. Let's say my username from Vitelity is "abcd_efg" and password is
>> "password," external IP is 1.2.3.4 and internal is 192.168.10.32. I get
>> registered to Vitelity fine  (their web panel shows I'm registered and
>> fs_cli confirms). However, when I make a call inbound, I get:
>>
>>  [WARNING] sofia_reg.c:2621 Can't find user [abcd_1.2.3.4 at 192.168.10.32]
>> from <vitelity-inbound-trunk-ip>
>> You must define a domain called '192.168.10.32' in your directory and add
>> a user with the id="abcd_1.2.3.4" attribute
>> and you must configure your device to use the proper domain in it's
>> authentication credentials.
>>
>>  I don't know if this is related, but to get around NAT, I have this in
>> vars.xml:
>> <X-PRE-PROCESS cmd="set" data="external_rtp_ip=1.2.3.4"/>
>> <X-PRE-PROCESS cmd="set" data="external_sip_ip=1.2.3.4"/>
>>
>>  and this in both internal.xml and external.xml:
>>  <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
>> <param name="ext-sip-ip" value="$${external_sip_ip}"/>
>>
>>  I have a feeling I've misunderstood something fundamental about setting
>> up Freeswitch for inbound access. I've put in the above configs as per what
>> I've found in the wiki, but I'm not sure how to do what the warning says or
>> if it really means I have something not setup right. What am I doing wrong?
>>
>>  Thank you.
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>


-- 
Michael S Collins
Twitter: @mercutioviz
http://www.FreeSWITCH.org
http://www.ClueCon.com
http://www.OSTAG.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130415/96baf94e/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list