VoIP Mailing List Archives

[lists at telium.io]

I have installed basic FreeSWITCH with the vanilla config. So far so good. My client app can authenticate fine as user 1019. The list_users command shows the 1019 id as in the "default" context.

I then try to dial 5000 (which should be the IVR demo), but instead the call is processed as an outside_call (true) so I cannot reach the ivr. I see this interesting line on the console:

2022-11-20 17:00:58.066297 98.20% [INFO] mod_dialplan_xml.c:639 Processing testuser<1019>->5000 in context public

Why is user 1019 being processed in the public context? The user's configuration shows it in the default context. So shouldn't it be processed in context 'default' (internal calls), not 'public'?

Since my phone client connects to port 5060 (I can’t actually change it) it SHOULD be treated as internal. Unless, mod_dialplan_xml uses some other criteria to select the context for the user.

[lists at telium.io]

Based on a old posting I found, I suspect this may be acl related. I added the cidr below, could that be the cause? If so, can someone explain how that affects context selection?

<list name="domains" default="deny">
<node type="allow" domain="$${domain}"/>
<node type="allow" cidr="172.31.254.0/24"/>
</list>



From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org] On Behalf Of TTT
Sent: Sunday, November 20, 2022 6:07 PM
To: 'FreeSWITCH Users Help' <freeswitch-users@lists.freeswitch.org>
Subject: [Freeswitch-users] User processed in wrong context



I have installed basic FreeSWITCH with the vanilla config. So far so good. My client app can authenticate fine as user 1019. The list_users command shows the 1019 id as in the "default" context.

I then try to dial 5000 (which should be the IVR demo), but instead the call is processed as an outside_call (true) so I cannot reach the ivr. I see this interesting line on the console:

2022-11-20 17:00:58.066297 98.20% [INFO] mod_dialplan_xml.c:639 Processing testuser<1019>->5000 in context public

Why is user 1019 being processed in the public context? The user's configuration shows it in the default context. So shouldn't it be processed in context 'default' (internal calls), not 'public'?

Since my phone client connects to port 5060 (I can’t actually change it) it SHOULD be treated as internal. Unless, mod_dialplan_xml uses some other criteria to select the context for the user.

[brian at freeswitch.com]

You've disabled auth on internal which puts you into public... can you elaborate?

On Mon, Nov 21, 2022 at 12:02 PM TTT <lists@telium.io (lists@telium.io)> wrote:

[lists at telium.io]

I’m afraid I don’t understand your answer…how did I disable auth on internal?  I’m working from the basic installation (RPM on CentOS8) with vanilla config (RPM for CentOS8)) and all I’ve done is update some addresses.

From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org] On Behalf Of Brian West
Sent: Monday, November 21, 2022 1:39 PM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org>
Subject: Re: [Freeswitch-users] User processed in wrong context

You've disabled auth on internal which puts you into public... can you elaborate?


On Mon, Nov 21, 2022 at 12:02 PM TTT <lists@telium.io (lists@telium.io)> wrote:

[lists at telium.io]

I found the following in my vars.xml:

  <!-- Internal SIP Profile -->
  <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>

So I think auth is still enabled.  And I confirmed my voip client does register successfully before placing the call to 5000.

From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org] On Behalf Of TTT
Sent: Monday, November 21, 2022 2:50 PM
To: 'FreeSWITCH Users Help' <freeswitch-users@lists.freeswitch.org>
Subject: Re: [Freeswitch-users] User processed in wrong context



I’m afraid I don’t understand your answer…how did I disable auth on internal? I’m working from the basic installation (RPM on CentOS8) with vanilla config (RPM for CentOS8)) and all I’ve done is update some addresses.

From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Brian West
Sent: Monday, November 21, 2022 1:39 PM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] User processed in wrong context

You've disabled auth on internal which puts you into public... can you elaborate?


On Mon, Nov 21, 2022 at 12:02 PM TTT <lists@telium.io (lists@telium.io)> wrote:

[brian at freeswitch.com]

Did you change anything in the vanilla configs?

On Mon, Nov 21, 2022 at 1:51 PM TTT <lists@telium.io (lists@telium.io)> wrote:

[lists at telium.io]

I should add that in my sip_profiles/internal.xml I see:

    <param name="apply-inbound-acl" value="domains"/>

According to the docs apply-inbound-acl means:
Allow users to make calls from a particular CIDR without authenticating

So I’m confused by the concept.  If my IP range is in the allow range for my “domains” acl, and my sip internal profile says I don’t need authentication for callers on my domain (ip range), why would it send the call to the external context?


From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org] On Behalf Of TTT
Sent: Monday, November 21, 2022 4:11 PM
To: 'FreeSWITCH Users Help' <freeswitch-users@lists.freeswitch.org>
Subject: Re: [Freeswitch-users] User processed in wrong context



No, I’ve only modified the acl file as per below. If I comment out the second to last line (allowing cidr 172.31.254.0/24 in my domains) then it processes the call in the internal context. It still doesn’t reach the IVR but that’ll be the next thing I chase.

<list name="lan" default="allow">
<node type="deny" cidr="192.168.42.0/24"/>
<node type="allow" cidr="172.31.254.0/24"/>
</list>

<list name="domains" default="deny">
<node type="allow" domain="$${domain}"/>
<node type="allow" cidr="172.31.254.0/24"/>
</list>

From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Brian West
Sent: Monday, November 21, 2022 3:04 PM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] User processed in wrong context

Did you change anything in the vanilla configs?


On Mon, Nov 21, 2022 at 1:51 PM TTT <lists@telium.io (lists@telium.io)> wrote:

[lists at telium.io]

No, I’ve only modified the acl file as per below.  If I comment out the second to last line (allowing cidr 172.31.254.0/24 in my domains) then it processes the call in the internal context.  It still doesn’t reach the IVR but that’ll be the next thing I chase.

    <list name="lan" default="allow">
      <node type="deny" cidr="192.168.42.0/24"/>
      <node type="allow" cidr="172.31.254.0/24"/>
    </list>

    <list name="domains" default="deny">
      <node type="allow" domain="$${domain}"/>
      <node type="allow" cidr="172.31.254.0/24"/>
    </list>

From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org] On Behalf Of Brian West
Sent: Monday, November 21, 2022 3:04 PM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org>
Subject: Re: [Freeswitch-users] User processed in wrong context

Did you change anything in the vanilla configs?


On Mon, Nov 21, 2022 at 1:51 PM TTT <lists@telium.io (lists@telium.io)> wrote:

[lists at telium.io]

I’m trying to get my brain around this.  So the brian example user has a CIDR value, does that mean user brian does not need to register?  (Automatically authenticated and part of “domains” ACL)

Since user 1019 does not have a CIDR value, the CIDR node rule will NOT match.  So,  the user must register (which it does successfully).  Since it is registered, doesn’t that mean it is authenticated and becomes part of the domains ACL?  And should therefor drop into the “default” context?

There is something about the acl list/node or acl usage that is still confusing me.  I appreciate the help.

From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org] On Behalf Of Brian West
Sent: Monday, November 21, 2022 5:04 PM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org>
Subject: Re: [Freeswitch-users] User processed in wrong context

because the context without auth is public... you'll need to setup directory entries that include the cidr= attr, see the brian.xml in the samples


/b





On Mon, Nov 21, 2022 at 3:25 PM TTT <lists@telium.io (lists@telium.io)> wrote:

[brian at freeswitch.com]

because the context without auth is public... you'll need to setup directory entries that include the cidr= attr, see the brian.xml in the samples

/b




On Mon, Nov 21, 2022 at 3:25 PM TTT <lists@telium.io (lists@telium.io)> wrote:

[lists at telium.io]

Idea…

Do ACL lists require that ALL rules match before a user is added to an ACL?  (That would explain why users were not added)

Also Is “domains” an ACL containing users or IP ranges?



From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org] On Behalf Of TTT
Sent: Monday, November 21, 2022 5:26 PM
To: 'FreeSWITCH Users Help' <freeswitch-users@lists.freeswitch.org>
Subject: Re: [Freeswitch-users] User processed in wrong context



I’m trying to get my brain around this. So the brian example user has a CIDR value, does that mean user brian does not need to register? (Automatically authenticated and part of “domains” ACL)

Since user 1019 does not have a CIDR value, the CIDR node rule will NOT match. So, the user must register (which it does successfully). Since it is registered, doesn’t that mean it is authenticated and becomes part of the domains ACL? And should therefor drop into the “default” context?

There is something about the acl list/node or acl usage that is still confusing me. I appreciate the help.

From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Brian West
Sent: Monday, November 21, 2022 5:04 PM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] User processed in wrong context

because the context without auth is public... you'll need to setup directory entries that include the cidr= attr, see the brian.xml in the samples


/b





On Mon, Nov 21, 2022 at 3:25 PM TTT <lists@telium.io (lists@telium.io)> wrote:

[brian at freeswitch.com]

You didn't set a user_context.  It defaults to the context on the profile otherwise.


On Mon, Nov 21, 2022 at 4:56 PM TTT <lists@telium.io (lists@telium.io)> wrote: