VoIP Mailing List Archives

[Prometheus001 at gmx.net]

Hello,

I am using a SIP account from Netvoip CH. I try to receive inbound call
from this SIP trunk. I discovered that, when they sent an invite, the
IP-Adress of the to: is their own IP address.
There fore ACL doesn't work and FS asks for authorization, which then fails

I receive the following message on the CLI:
2009-04-02 21:48:20 [WARNING] sofia_reg.c:1661 sofia_reg_parse_auth()
Can't find user [anonymous@62.65.128.62]
You must define a domain called '62.65.128.62' in your directory and add
a user with the id="anonymous" attribute
and you must configure your device to use the proper domain in it's
authentication credentials.

I could do that, but this is not clean and I do not have a password for
that.

How can I workaround this, so that Freeswitch accepts this call? Aliases
do not seem to work.

Here is a sample message after FS asks for authorization:
xx.xx.xxx.xxx is the IP of our Freeswitch
62.65.128.62 is the IP of Netvoip CH

I would expect
To: <sip:0715aaaaaa@xx.xx.xxx.xxx>.
instead of
To: <sip:0715aaaaaa@62.65.128.62>.

U 62.65.128.62:5060 -> xx.xx.xxx.xxx:5080
INVITE sip:0715aaaaaa@xx.xx.xxx.xxx:5080 SIP/2.0.
Via: SIP/2.0/UDP 62.65.128.62:5060.
Via: SIP/2.0/UDP 62.65.128.61:5060;branch=z9hG4bK8c977d2613c4d7d1fd9d03d4.
Max-Forwards: 69.
From: <sip:0049xxxxxxxxxxx@62.65.128.62>;tag=8c977d2613672832fd9d03e9.
To: <sip:0715aaaaaa@62.65.128.62>.
Call-ID: 8c977d261329cd80fd9d03d6@62.65.128.61.
CSeq: 2 INVITE.
User-agent: Netstream VoIP Gateway.
Contact: <sip:0049xxxxxxxxxxx@62.65.128.62:5060>.
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INFO,REFER,SUBSCRIBE.
Content-Type: application/sdp.
Content-Length: 584.
Proxy-Authorization: Digest username="anonymous", realm="62.65.128.62",
nonce="a4151ee0-1fbb-11de-b056-494b9de21e06", nc="00000001",
uri="sip:0715aaaaaa@62.65.128.62:5060", cnonce="5f109eee",
response="62faa6d38b3b12c3626753395a8b507c", algorithm="MD5", qop="auth".
.
v=0.
o=- 225947743692042 1 IN IP4 62.65.128.62.
s=-.
c=IN IP4 62.65.128.62.
t=0 0.
m=audio 28224 RTP/AVP 8 18 4 3 100 100 99 100 100 98 97 96 105 0 101.
a=rtpmap:8 PCMA/8000.
a=rtpmap:18 G729/8000.
a=fmtp:18 annexb=no.
a=rtpmap:4 G723/8000.
a=fmtp:4 annexa=no.
a=rtpmap:3 GSM/8000.
a=rtpmap:100 speex/8000.
a=rtpmap:100 speex/8000.
a=rtpmap:99 G726-16/8000.
a=rtpmap:100 speex/8000.
a=rtpmap:100 speex/8000.
a=rtpmap:98 G726-24/8000.
a=rtpmap:97 G726-32/8000.
a=rtpmap:96 G726-40/8000.
a=rtpmap:105 iLBC/8000.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.

Best regards
Peter



_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

[brian at freeswitch.org]

We use the true network ip the invite came from NOT the one in the sip headers. Not very trust worth to do that you think?

So if your ACL is correctly setup to 62.65.128.62 it would let them in please verify your ACL is correct...


/b

On Apr 2, 2009, at 3:07 PM, Peter P GMX wrote:

[anthony.minessale at g...]

acl uses the remote addr from the socket connection, not anything from the sip message.


On Thu, Apr 2, 2009 at 3:07 PM, Peter P GMX <Prometheus001@gmx.net (Prometheus001@gmx.net)> wrote:

[Prometheus001 at gmx.net]

My ACL contains:
<list name="domains" default="deny">
<node type="allow" domain="$${domain}"/>
<node type="allow" cidr="62.65.128.62/32"/>
</list>

So this should be fine, right? However it doesn't work.

Best regards
Peter


Brian West schrieb:

[anthony.minessale at g...]

look at the debug log and see what happens?

On Thu, Apr 2, 2009 at 3:34 PM, Peter P GMX <Prometheus001@gmx.net (Prometheus001@gmx.net)> wrote:

[Prometheus001 at gmx.net]

I restart FS and initiate an incoming call (trunk is registered at the
SIP provider).

This is what I see on the console:
.
.
.
2009-04-02 23:39:16 [DEBUG] mod_event_socket.c:2224
mod_event_socket_runtime() Socket up listening on 0.0.0.0:8021
2009-04-02 23:39:16 [NOTICE] switch_core.c:981
switch_load_network_lists() Adding xxx.xxx.xxx.xxx/32 (allow) to list strict
2009-04-02 23:39:16 [NOTICE] switch_core.c:981
switch_load_network_lists() Adding xx.xx.xxx.xx/32 (allow) to list domains
2009-04-02 23:39:16 [NOTICE] switch_core.c:981
switch_load_network_lists() Adding 62.65.128.62/32 (allow) to list domains
2009-04-02 23:39:48 [WARNING] sofia_reg.c:1661 sofia_reg_parse_auth()
Can't find user [anonymous@62.65.128.62]
You must define a domain called '62.65.128.62' in your directory and add
a user with the id="anonymous" attribute
and you must configure your device to use the proper domain in it's
authentication credentials.

Nothing else.

Here is the registration info:
Name Netvoip
Scheme Digest
Realm sip.netvoip.ch
Username 071xxxxxxx
Password yes
From
Contact
Exten 071xxxxxxx
To sip:071xxxxxxx@sip.netvoip.ch
Proxy sip:sip.netvoip.ch
Context public
Expires 60
Freq 60
Ping 0
PingFreq 0
State REGED
Status UP
CallsIN 0
CallsOUT 0


Best regards
Peter


Anthony Minessale schrieb: