Thanks for the reply, Michael.
I tried the digest authentication using the cidr and copying the conf/sip_profiles/internal.xml from the distribution, where <param name="apply-inbound-acl" value="domains"/> As a result, one endpoint could not register and another was unauthorized. http://pastebin.freeswitch.org/11634 Then I went changed the context in internal.xml from public to default and <param name="apply-inbound-acl" value=" <http://192.168.0.0/24> 192.168.10.0/24"/> <param name="apply-register-acl" value=" <http://192.168.0.0/24> 192.168.10.0/24"/> And the phones registered OK. So my confusion persists. Lars From: freeswitch-users-boun...@lists.freeswitch.org [mailto:freeswitch-users-boun...@lists.freeswitch.org] On Behalf Of Michael Collins Sent: Thursday, December 24, 2009 11:00 AM To: freeswitch-users@lists.freeswitch.org Subject: Re: [Freeswitch-users] Local call uses public context? Lars, Since this question has come up a few times I'm going to write up a nice wiki article on it explaining the differences between letting someone in via an ACL and actually doing digest authentication. In a nutshell, though, it's this: if the user does digest authentication (with the whole REGISTER, 401, REGISTER, 200 OK exchange) then whatever value is in user_context is the context for the calls made by that user. In conf/directory/default/1000.xml (and 1001.xml, etc.) they all have user_context = "default" so when those users register the calls they make are handled in the default context. OTOH, if you let a user in via an ACL they aren't really registered, you've simply opened the door for anyone coming from a particular IP address or IP address range. In that case the calls are handled in the context specified by the context parameter of the sip profile where the calls come in. By default the internal sip profile uses the public context. This is for security reasons. "Paranoid by default" is how you might describe it. You are welcome to change that value to "default" so that calls let in by the ACL are handled just like auth'd calls. Play around with it and let us know how it goes. I think you'll get it once you start modifying settings and making test calls. -MC On Thu, Dec 24, 2009 at 8:16 AM, Lars Zeb <larc...@yahoo.com> wrote: Brian, Please forgive my slowness, but I'm still having problems with this. When you say that I "really didn't auth the user", did you mean the endpoint/extension? If you did, I upped to svn1 16055 and placed a cidr attribute on the extension and reran the test, resulting in the same output, going to context public. Further, I'm confused about your response about ACL compared with Billy W in an email of 12/22/2009. ".you could simply put these entries in your internal sofia profile. <param name="apply-inbound-acl" value="192.168.0.0/24"/> <param name="apply-register-acl" value="192.168.0.0/24"/> In that case, you do not need to include anything in the directory. The cidr entries in the directory are for providing additional control for each user id and what IPs they are allowed to make calls from." http://pastebin.freeswitch.org/11633 Linux fs 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:39:21 EDT 2009 i686 i686 i386 GNU/Linux Thanks Lars From: freeswitch-users-boun...@lists.freeswitch.org [mailto:freeswitch-users-boun...@lists.freeswitch.org] On Behalf Of Brian West Sent: Wednesday, December 23, 2009 6:03 PM To: freeswitch-users@lists.freeswitch.org Subject: Re: [Freeswitch-users] Local call uses public context? 2009-12-23 15:00:01.955357 [DEBUG] sofia.c:5322 IP 192.168.10.105 Approved by acl "192.168.10.0/24[]". Access Granted. Because the context is set on the profile as public... and you really didn't auth the user so user_context was never set. /b On Dec 23, 2009, at 7:49 PM, Lars Zeb wrote: I am trying to setup a second FS box from scratch using v16048. What can cause a local call (81002, or 9996) to use context public? It's a standard vanilla install. http://pastebin.freeswitch.org/11629 Thanks, Lars _______________________________________________ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org _______________________________________________ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
_______________________________________________ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
