VoIP Mailing List Archives

[helmut.kuper at ewetel.de]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

today I found tha FS isn't authenticating incomming calls from local
extensions. I use an ACL and I have auth-calls set to true in default
sip profile.

<param name="apply-inbound-acl" value="domains"/>


FS log shows, that ACL is granting access but FS doesn't authenticate
the call. When I disable the ACL in default profile, authentication is
performed.

FS WIKI doku (http://wiki.freeswitch.org/wiki/Acl#Sofia) chapter
"sip_profiles" says this:

"The acl behaviour is modfied by auth-calls, accept-blind-reg and
accept-blind-auth"

I rather think ACL disables those parameters.

What I want is an ACL check followed by authentication.

I use "FreeSWITCH Version 1.0.trunk (13112M)"

Any ideas?

regards
helmut
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFKCtih4tZeNddg3dwRAjtYAJsGqPjBp+FVEKZl4GTQNq3TLoh+JwCgiUiZ
wJcqu2XOQ7TV+0tBU8REEFc=
=M/pp
-----END PGP SIGNATURE-----

_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

[brian at freeswitch.org]

Wouldn't disable be a modification? Anyway the domains ACL from acl.conf.xml reads all the cidr= tags in the domains specified to build the ACL

/b




On May 13, 2009, at 9:26 AM, Helmut Kuper wrote:

[helmut.kuper at ewetel.de]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Brian,

yes indeed, disabling is a kind of modification.


Hm, I' not sure if we misunderstand. ACL is working. auth-calls also.
But together ACL disables somehow authentication. I'm not using cidr in
my directory.

Is there a way to get both working like this:

1. Calls comes in
2. ACL is applied
3. Authentication is performed
4. FS is executing the call

regards
Helmut

On 13.05.2009 16:32, Brian West wrote:

[brian at freeswitch.org]

On May 13, 2009, at 9:50 AM, Helmut Kuper wrote:

[helmut.kuper at ewetel.de]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Brian,


yes, you are right, I defined the phone network as an ACL and I want it.
Obvoiusly I didn't explained my problem clearly.

I want both: ACL *AND* SIP-Authentication vor each call and each local
extension/user, but I'm only able to have ACL *OR* SIP-Auth.


Is there a way to configure it?

regards
Helmut


On 13.05.2009 17:03, Brian West wrote:

[brian at freeswitch.org]

No you can't have ACL AND SIP auth at the same time.. ACL lets them in... you can however use respond 407 in the dialplan to cause it to auth again.

/b

On May 13, 2009, at 10:30 AM, Helmut Kuper wrote:

[brian at freeswitch.org]

Don't use the ACL on the profile and use the ACL command in the dialplan then you can do it.

/b

On May 13, 2009, at 10:30 AM, Helmut Kuper wrote: