Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[Freeswitch-users] Conflicting settings in SIP profile in vanilla demo


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users
View previous topic :: View next topic  
Author Message
lists at telium.io
Guest





PostPosted: Tue Nov 22, 2022 3:59 pm    Post subject: [Freeswitch-users] Conflicting settings in SIP profile in va Reply with quote

I am working with a simple FreeSWITCH installation, with the vanilla demo configuration. I see that the Internal SIP profile contains:

<param name="apply-inbound-acl" value="domains"/>
<param name="auth-calls" value="$${internal_auth_calls}"/>

The first line means that if a caller's IP is on the 'domains' list that they do NOT need to authenticate. The second line means that in order to use this SIP profile the user MUST be authenticated (internal_auth_calls is true).

Aren't these two lines contradictory? Why allow a user to not authenticate for this SIP profile, and then say they must authenticate to use this SIP profile?
Back to top
krice at freeswitch.org
Guest





PostPosted: Tue Nov 22, 2022 7:00 pm    Post subject: [Freeswitch-users] Conflicting settings in SIP profile in va Reply with quote

no, it means users that match the acl are auto authenticated.

Sent from my iPhone

Quote:
On Nov 22, 2022, at 14:53, TTT <lists@telium.io> wrote:

@font-face { font-family: "Cambria Math"; } @font-face { font-family: Calibri; } p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; } a:link, span.MsoHyperlink { color: rgb(5, 99, 193); text-decoration: underline; } a:visited, span.MsoHyperlinkFollowed { color: rgb(149, 79, 114); text-decoration: underline; } span.EmailStyle17 { font-family: Calibri, sans-serif; color: windowtext; } .MsoChpDefault { } @page WordSection1 { size: 8.5in 11in; margin: 1in; } div.WordSection1 { page: WordSection1; } <![endif]--> <![endif]-->
I am working with a simple FreeSWITCH installation, with the vanilla demo configuration. I see that the Internal SIP profile contains:

<param name="apply-inbound-acl" value="domains"/>
<param name="auth-calls" value="$${internal_auth_calls}"/>

The first line means that if a caller's IP is on the 'domains' list that they do NOT need to authenticate. The second line means that in order to use this SIP profile the user MUST be authenticated (internal_auth_calls is true).

Aren't these two lines contradictory? Why allow a user to not authenticate for this SIP profile, and then say they must authenticate to use this SIP profile?
_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com
Back to top
brian at freeswitch.com
Guest





PostPosted: Wed Nov 23, 2022 9:34 am    Post subject: [Freeswitch-users] Conflicting settings in SIP profile in va Reply with quote

you're not setting the user_context in the variables that matches the cidr= attribute from the user in the directory.  

You can also call set_user to make it apply in the dialplan if needed also.


/b





On Tue, Nov 22, 2022 at 6:13 PM TTT <lists@telium.io (lists@telium.io)> wrote:

Quote:

When a user is autoauthenticated, do the variables from the user profile get applied?  Or does that happen only during true authentication?
 
I’m trying to explain a strange behavior of a user being processed in the wrong dialplan context if I add the user’s subnet to the ‘domains’ acl as a cidr.  (A separate post topic)
 
 
From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Ken Rice
Sent: Tuesday, November 22, 2022 6:48 PM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo


 
no, it means users that match the acl are auto authenticated. 
Sent from my iPhone



Quote:

On Nov 22, 2022, at 14:53, TTT <lists@telium.io (lists@telium.io)> wrote:

I am working with a simple FreeSWITCH installation, with the vanilla demo configuration. I see that the Internal SIP profile contains:
 
  <param name="apply-inbound-acl" value="domains"/>
  <param name="auth-calls" value="$${internal_auth_calls}"/>
 
The first line means that if a caller's IP is on the 'domains' list that they do NOT need to authenticate. The second line means that in order to use this SIP profile the user MUST be authenticated (internal_auth_calls is true).
 
Aren't these two lines contradictory? Why allow a user to not authenticate for this SIP profile, and then say they must authenticate to use this SIP profile?
_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com


_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



--



Brian West | Co-founder and Developer
Need Commercial support? email sales@freeswitch.com (sales@freeswitch.com)
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
Email: brian@freeswitch.com (brian@freeswitch.com)
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com
[/url] [url=https://twitter.com/freeswitch]
Back to top
brian at freeswitch.com
Guest





PostPosted: Wed Nov 23, 2022 11:40 am    Post subject: [Freeswitch-users] Conflicting settings in SIP profile in va Reply with quote

what does your user's entry look like??


On Wed, Nov 23, 2022 at 10:00 AM TTT <lists@telium.io (lists@telium.io)> wrote:

Quote:

After a few days on this topic my head is spinning (and I’ve read the Packt book and the wiki). And I’m using the vanilla demo only.  Maybe if I break this down you could confirm my understanding:
 
1.       The ‘domains’ acl is a list of IP addresses/ranges creating by reading from the users directory (from users who have a CIDR set).  It’s a list of those found CIDR’s.
2.       I can add an IP range to the domains acl by adding an allow node with cidr in the acl definition
3.       If a user registers from an IP matching the domains ACL, they are automatically authenticated, and their vars & params from the user definition are applied
 
Then why if that user tries to dial 5000 are they put into the public context (even though their variables, including user_context, were applied when they autoregistered)?  Their user_context is set to default in the user definition.
 
Something in my chain of logic above must be wrong
 
From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Brian West
Sent: Wednesday, November 23, 2022 9:12 AM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo
 
you're not setting the user_context in the variables that matches the cidr= attribute from the user in the directory.  
 

You can also call set_user to make it apply in the dialplan if needed also.
 

/b

 



 
On Tue, Nov 22, 2022 at 6:13 PM TTT <lists@telium.io (lists@telium.io)> wrote:
Quote:

When a user is autoauthenticated, do the variables from the user profile get applied?  Or does that happen only during true authentication?
 
I’m trying to explain a strange behavior of a user being processed in the wrong dialplan context if I add the user’s subnet to the ‘domains’ acl as a cidr.  (A separate post topic)
 
 
From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Ken Rice
Sent: Tuesday, November 22, 2022 6:48 PM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo


 
no, it means users that match the acl are auto authenticated. 
Sent from my iPhone

 
Quote:

On Nov 22, 2022, at 14:53, TTT <lists@telium.io (lists@telium.io)> wrote:

I am working with a simple FreeSWITCH installation, with the vanilla demo configuration. I see that the Internal SIP profile contains:
 
  <param name="apply-inbound-acl" value="domains"/>
  <param name="auth-calls" value="$${internal_auth_calls}"/>
 
The first line means that if a caller's IP is on the 'domains' list that they do NOT need to authenticate. The second line means that in order to use this SIP profile the user MUST be authenticated (internal_auth_calls is true).
 
Aren't these two lines contradictory? Why allow a user to not authenticate for this SIP profile, and then say they must authenticate to use this SIP profile?
_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



 

--
 

Brian West | Co-founder and Developer
Need Commercial support? email sales@freeswitch.com (sales@freeswitch.com)
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
Email: brian@freeswitch.com (brian@freeswitch.com)
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com
[/url][url=https://twitter.com/freeswitch]














_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



--



Brian West | Co-founder and Developer
Need Commercial support? email sales@freeswitch.com (sales@freeswitch.com)
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
Email: brian@freeswitch.com (brian@freeswitch.com)
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com
[/url] [url=https://twitter.com/freeswitch]
Back to top
brian at freeswitch.com
Guest





PostPosted: Sat Nov 26, 2022 11:59 am    Post subject: [Freeswitch-users] Conflicting settings in SIP profile in va Reply with quote

I see no cidr definition on that user.

On Thu, Nov 24, 2022 at 1:43 PM TTT <lists@telium.io (lists@telium.io)> wrote:

Quote:

The user (1019) is exactly as provided in the vanilla condif.  The user_context value is set as expected in the definition.
 
<include>
  <user id="1019">
    <params>
      <param name="password" value="$${default_password}"/>
      <param name="vm-password" value="1019"/>
    </params>
    <variables>
      <variable name="toll_allow" value="domestic,international,local"/>
      <variable name="accountcode" value="1019"/>
      <variable name="user_context" value="default"/>
      <variable name="effective_caller_id_name" value="Extension 1019"/>
      <variable name="effective_caller_id_number" value="1019"/>
      <variable name="outbound_caller_id_name" value="$${outbound_caller_name}"/>
      <variable name="outbound_caller_id_number" value="$${outbound_caller_id}"/>
      <variable name="callgroup" value="techsupport"/>
    </variables>
  </user>
</include>
 
 
From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Brian West
Sent: Wednesday, November 23, 2022 11:09 AM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo
 
what does your user's entry look like??

 
On Wed, Nov 23, 2022 at 10:00 AM TTT <lists@telium.io (lists@telium.io)> wrote:
Quote:

After a few days on this topic my head is spinning (and I’ve read the Packt book and the wiki). And I’m using the vanilla demo only.  Maybe if I break this down you could confirm my understanding:
 
1.       The ‘domains’ acl is a list of IP addresses/ranges creating by reading from the users directory (from users who have a CIDR set).  It’s a list of those found CIDR’s.
2.       I can add an IP range to the domains acl by adding an allow node with cidr in the acl definition
3.       If a user registers from an IP matching the domains ACL, they are automatically authenticated, and their vars & params from the user definition are applied
 
Then why if that user tries to dial 5000 are they put into the public context (even though their variables, including user_context, were applied when they autoregistered)?  Their user_context is set to default in the user definition.
 
Something in my chain of logic above must be wrong
 
From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Brian West
Sent: Wednesday, November 23, 2022 9:12 AM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo
 
you're not setting the user_context in the variables that matches the cidr= attribute from the user in the directory.  
 

You can also call set_user to make it apply in the dialplan if needed also.
 

/b

 



 
On Tue, Nov 22, 2022 at 6:13 PM TTT <lists@telium.io (lists@telium.io)> wrote:
Quote:

When a user is autoauthenticated, do the variables from the user profile get applied?  Or does that happen only during true authentication?
 
I’m trying to explain a strange behavior of a user being processed in the wrong dialplan context if I add the user’s subnet to the ‘domains’ acl as a cidr.  (A separate post topic)
 
 
From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Ken Rice
Sent: Tuesday, November 22, 2022 6:48 PM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo


 
no, it means users that match the acl are auto authenticated. 
Sent from my iPhone

 
Quote:

On Nov 22, 2022, at 14:53, TTT <lists@telium.io (lists@telium.io)> wrote:

I am working with a simple FreeSWITCH installation, with the vanilla demo configuration. I see that the Internal SIP profile contains:
 
  <param name="apply-inbound-acl" value="domains"/>
  <param name="auth-calls" value="$${internal_auth_calls}"/>
 
The first line means that if a caller's IP is on the 'domains' list that they do NOT need to authenticate. The second line means that in order to use this SIP profile the user MUST be authenticated (internal_auth_calls is true).
 
Aren't these two lines contradictory? Why allow a user to not authenticate for this SIP profile, and then say they must authenticate to use this SIP profile?
_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



 

--
 

Brian West | Co-founder and Developer
Need Commercial support? email sales@freeswitch.com (sales@freeswitch.com)
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
Email: brian@freeswitch.com (brian@freeswitch.com)
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com
[/url][url=https://twitter.com/freeswitch]















_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



 

--
 

Brian West | Co-founder and Developer
Need Commercial support? email sales@freeswitch.com (sales@freeswitch.com)
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
Email: brian@freeswitch.com (brian@freeswitch.com)
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com
[/url][url=https://twitter.com/freeswitch]














_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



--



Brian West | Co-founder and Developer
Need Commercial support? email sales@freeswitch.com (sales@freeswitch.com)
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
Email: brian@freeswitch.com (brian@freeswitch.com)
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com
[/url] [url=https://twitter.com/freeswitch]
Back to top
brian at freeswitch.com
Guest





PostPosted: Sat Nov 26, 2022 1:02 pm    Post subject: [Freeswitch-users] Conflicting settings in SIP profile in va Reply with quote

The domain ACL is special, it's built from the cidr= from the directory.  When you mix ip auth there is very little flexibility.  If you have users that intersect then it's going to be the first to match.  I hope you can understand why this is a bad approach?

You can't add or remove things to the domains acl using the acl.conf.xml it disconnects the tie to the user in the directory if you do that, so you'll have to use set_user to switch to the appropriate user.


/b





On Sat, Nov 26, 2022 at 11:27 AM TTT <lists@telium.io (lists@telium.io)> wrote:

Quote:

That’s correct – that’s the concept I’m trying to understand.  If I don’t set a CIDR for a particular user, but add a CIDR range to the ‘domains’ ACL, what would be the effect.
 
I assumed that all users on that IP range would not have to authenticate.  (Documentation says users will not be challenged for authentication, but forums response says these users are “auth-authenticated”).  And as a result, the dialplan should processes them in the ‘default’ context since that is what the user_context variable for this user is set to.
 
However, the user is processed in the ‘public’ dialplan context.  If the user is auto-authenticated then why is the user_context variable not set/respected?  If the user is not authenticated, then what is the impact of adding a CIDR range to the domain acl ( if not all users have a CIDR attribute set.  ).  It would appear that adding a CIDR range to the domains ACL would cause any user without a CIDR to not be challenged for authentication, and will therefor never be treated as internal (or whatever their user_context is set to).
 
 
 
From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Brian West
Sent: Saturday, November 26, 2022 11:45 AM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo
 
I see no cidr definition on that user.

 
On Thu, Nov 24, 2022 at 1:43 PM TTT <lists@telium.io (lists@telium.io)> wrote:
Quote:

The user (1019) is exactly as provided in the vanilla condif.  The user_context value is set as expected in the definition.
 
<include>
  <user id="1019">
    <params>
      <param name="password" value="$${default_password}"/>
      <param name="vm-password" value="1019"/>
    </params>
    <variables>
      <variable name="toll_allow" value="domestic,international,local"/>
      <variable name="accountcode" value="1019"/>
      <variable name="user_context" value="default"/>
      <variable name="effective_caller_id_name" value="Extension 1019"/>
      <variable name="effective_caller_id_number" value="1019"/>
      <variable name="outbound_caller_id_name" value="$${outbound_caller_name}"/>
      <variable name="outbound_caller_id_number" value="$${outbound_caller_id}"/>
      <variable name="callgroup" value="techsupport"/>
    </variables>
  </user>
</include>
 
 
From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Brian West
Sent: Wednesday, November 23, 2022 11:09 AM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo
 
what does your user's entry look like??

 
On Wed, Nov 23, 2022 at 10:00 AM TTT <lists@telium.io (lists@telium.io)> wrote:
Quote:

After a few days on this topic my head is spinning (and I’ve read the Packt book and the wiki). And I’m using the vanilla demo only.  Maybe if I break this down you could confirm my understanding:
 
1.       The ‘domains’ acl is a list of IP addresses/ranges creating by reading from the users directory (from users who have a CIDR set).  It’s a list of those found CIDR’s.
2.       I can add an IP range to the domains acl by adding an allow node with cidr in the acl definition
3.       If a user registers from an IP matching the domains ACL, they are automatically authenticated, and their vars & params from the user definition are applied
 
Then why if that user tries to dial 5000 are they put into the public context (even though their variables, including user_context, were applied when they autoregistered)?  Their user_context is set to default in the user definition.
 
Something in my chain of logic above must be wrong
 
From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Brian West
Sent: Wednesday, November 23, 2022 9:12 AM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo
 
you're not setting the user_context in the variables that matches the cidr= attribute from the user in the directory.  
 

You can also call set_user to make it apply in the dialplan if needed also.
 

/b

 



 
On Tue, Nov 22, 2022 at 6:13 PM TTT <lists@telium.io (lists@telium.io)> wrote:
Quote:

When a user is autoauthenticated, do the variables from the user profile get applied?  Or does that happen only during true authentication?
 
I’m trying to explain a strange behavior of a user being processed in the wrong dialplan context if I add the user’s subnet to the ‘domains’ acl as a cidr.  (A separate post topic)
 
 
From: FreeSWITCH-users [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] On Behalf Of Ken Rice
Sent: Tuesday, November 22, 2022 6:48 PM
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] Conflicting settings in SIP profile in vanilla demo


 
no, it means users that match the acl are auto authenticated. 
Sent from my iPhone

 
Quote:

On Nov 22, 2022, at 14:53, TTT <lists@telium.io (lists@telium.io)> wrote:

I am working with a simple FreeSWITCH installation, with the vanilla demo configuration. I see that the Internal SIP profile contains:
 
  <param name="apply-inbound-acl" value="domains"/>
  <param name="auth-calls" value="$${internal_auth_calls}"/>
 
The first line means that if a caller's IP is on the 'domains' list that they do NOT need to authenticate. The second line means that in order to use this SIP profile the user MUST be authenticated (internal_auth_calls is true).
 
Aren't these two lines contradictory? Why allow a user to not authenticate for this SIP profile, and then say they must authenticate to use this SIP profile?
_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



 

--
 

Brian West | Co-founder and Developer
Need Commercial support? email sales@freeswitch.com (sales@freeswitch.com)
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
Email: brian@freeswitch.com (brian@freeswitch.com)
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com
[/url][url=https://twitter.com/freeswitch]















_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



 

--
 

Brian West | Co-founder and Developer
Need Commercial support? email sales@freeswitch.com (sales@freeswitch.com)
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
Email: brian@freeswitch.com (brian@freeswitch.com)
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com
[/url][url=https://twitter.com/freeswitch]















_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



 

--
 

Brian West | Co-founder and Developer
Need Commercial support? email sales@freeswitch.com (sales@freeswitch.com)
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
Email: brian@freeswitch.com (brian@freeswitch.com)
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com
[/url][url=https://twitter.com/freeswitch]














_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com



--



Brian West | Co-founder and Developer
Need Commercial support? email sales@freeswitch.com (sales@freeswitch.com)
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
Email: brian@freeswitch.com (brian@freeswitch.com)
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com
[/url] [url=https://twitter.com/freeswitch]
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services