I have added this ACL topic to the meeting today so we can make sure
its documented better on the wiki.
1pm CST sip:[EMAIL PROTECTED]
/b
On Apr 30, 2008, at 8:14 AM, Anthony Minessale wrote:
it seems a bit confusing but if you want to do ip auth the way you
describe, you actually have to disable the digest auth so that the
other end is not challenged for auth credentials on top of the ip
auth.
search your profile for this:
<param name="auth-calls" value="true"/>
and comment it by encapsulating it in <!-- and -->
then add this line:
<param name="apply-inbound-acl" value="sip_ip_auth"/>
Then make sip_ip_auth by editing acl.conf.xml and add a new list to
the <network-lists> tag.
assuming the ip you trust is 200.2.2.2:
<list name="sip_ip_auth" default="deny">
<node type="allow" cidr="200.2.2.2/32"/>
</list>
Now all sip calls will be rejected unless they are originated by
200.2.2.2
On Tue, Apr 29, 2008 at 8:17 PM, Brian West <[EMAIL PROTECTED]>
wrote:
Jed,
here are the list of things you can do:
1. sip_profiles/default.xml -> change context to default and set auth-
calls=false
2. Then you can use ${network_addr} in your conditions or the ${acl()}
function an example is in the default.xml dialplan.
/b
On Apr 29, 2008, at 4:44 PM, Jed Stafford wrote:
> This feel's like a very stupid question, but i've scoured for hours
> through the documents, and samples I can find without finding an
> answer. I'm assuming I'm missing something very obvious.
>
> I'm just trying to have freeswitch accept a call from a static IP
> address, then forward that call to a provider, essentially a very
> static SIP proxy.
>
> I've tried added my IP in question to the acl.xml file, but no
> success. All calls are rejected with a 407 Auth required.
>
> Thanks for any pointers. I think I will write a paragraph or two on
> this when I get it working, as it's something I think a lot of
> people are looking to try. Asterisk will not scale enough, and I
> don't want to do this via OpenSER/RTPProxy, etc.
>
>
> -Jed
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users@lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
--
Anthony Minessale II
FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
AIM: anthm
MSN:[EMAIL PROTECTED]
GTALK/JABBER/PAYPAL:[EMAIL PROTECTED]
IRC: irc.freenode.net #freeswitch
FreeSWITCH Developer Conference
sip:[EMAIL PROTECTED]
iax:[EMAIL PROTECTED]/888
googletalk:[EMAIL PROTECTED]
pstn:213-799-1400 _______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Brian West
sip:[EMAIL PROTECTED]
_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
