anthony.minessale at g...
Guest
|
 Posted: Tue Sep 30, 2008 8:15 am Post subject: [Freeswitch-users] Unexpected acl behavior. Feature or bug? |
 |
|
There is a separate apply-inbound-acl and apply-register-acl
And yest the point of apply-inbound-acl is that all matches from that ip will be allowed in blindly.
it's the opposite of doing Digest auth.
There is still a way to associate an a ip range with a user so when you are let in over
acl it will still set all the user settings. it's the special domain acl that was recently added that
scans each user in your directory for a cidr= attr and adds it to the domains acl
then you can apply-inbound-acl=domains
It is possible to get asterisk to register to FS with normal digest auth it's just a little tricky because asterisk
does not like domain based authentication which is actually the normal way to do it. They hacked in support for it
way late in the development timeline and it's kinda hard to figure out, I still forget how to do it sometimes.
it's something to do with a special syntax in the register line.
On Tue, Sep 30, 2008 at 2:41 AM, Noah Silverman <noah@allresearch.com (noah@allresearch.com)> wrote:
| Quote: | Hi,
As some of you are probably aware, I've had a really hard time getting
asterisk to work with FS.
The effective_caller_id_number and the accountcode were not getting
logged or passed through on outgoing calls.
I finally solved the problem, but attribute it to some unexpected
behavior of the acl setting. I'm curious as to whether this is the
intended behavior, or a bug.
In my sip profile, I had apply-inbound-acl set to a list that
contained the IP of my asterisk box. Apparently, when this happens,
FS was allowing ANY call from my asterisk box without registration.
Subsequently, since FS was just blindly accepting the call with no
registration, it didn't match anything in the directory and no
accountcode or caller-id was set.
By simply removing the inbound-acl setting, I was able to have
everything working perfectly.
My understanding was that the goal of the inbound-acl was to limit
which IP FS would accept SIP requests from. I was not aware that it
would then accept any call blindly without any associated user.
Interesting....
If any of the FS developers are interested in the exact configuration
file that I'm using, please contact me directly and I'll forward the
file to you.
-Noah
_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org (Freeswitch-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
|
--
Anthony Minessale II
FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
AIM: anthm
MSN:anthony_minessale@hotmail.com ([email]MSN%3Aanthony_minessale@hotmail.com[/email])
GTALK/JABBER/PAYPAL:anthony.minessale@gmail.com ([email]PAYPAL%3Aanthony.minessale@gmail.com[/email])
IRC: irc.freenode.net #freeswitch
FreeSWITCH Developer Conference
sip:888@conference.freeswitch.org ([email]sip%3A888@conference.freeswitch.org[/email])
iax:guest@conference.freeswitch.org/888
googletalk:conf+888@conference.freeswitch.org ([email]googletalk%3Aconf%2B888@conference.freeswitch.org[/email])
pstn:213-799-1400 |
|
Search
