1

i've changed my sip providers ip to MY.SIP.PROV.IP and their domain to MYSIPPROVIDER.COM and also my phone number to XXXXXXXXXX....

This is the CLI log. I'm able to dial out but I cannot get inbound routes working... Any help is appreciated.

Main part I'm not understanding:

2016-03-09 22:59:50.981898 [DEBUG] sofia.c:9124 IP MY.SIP.PROV.IP Rejected by acl "domains". Falling back to Digest auth.

Second Part....

2016-03-09 22:59:50.981898 [WARNING] sofia_reg.c:2852 Can't find user [@MYSIPPROVIDER.COM] from MY.SIP.PROV.IP
You must define a domain called 'MYSIPPROVIDER.COM' in your directory and add a user with the id="" attribute
and you must configure your device to use the proper domain in it's authentication credentials.
2016-03-09 22:59:50.981898 [WARNING] sofia_reg.c:1703 SIP auth failure (INVITE) on sofia profile 'internal' for [XXXXXXXXXX@MYSIPPROVIDER.COM] from ip MY.SIP.PROV.IP
Leo Ashcraft
  • 35
  • 1
  • 9
  • That means your provider IP is not been authenticating when you receive incoming calls from that IP, are you using same provider to make and receive calls ? – Juned Mar 16 '16 at 05:31

1 Answers1

3

If you look at the vars.xml file (located in /etc/freeswitch/vars.xml if you installed from the FreeSWITCH package) you'll see two relevant settings..

<X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>
<X-PRE-PROCESS cmd="set" data="external_sip_port=5080"/>

In short, if a SIP packet is sent to your FreeSWITCH box on port 5080, it get's routed to the /etc/freeswitch/dialplan/public.xml file. Which, if you installed from package, also includes any .xml in /etc/freeswitch/dialplan/public/ using the line..

<X-PRE-PROCESS cmd="include" data="public/*.xml"/>

Otherwise, if you receive a packet on port 5060 of your FreeSWITCH box it gets treated as an 'internal' call. These get treated a little differently. If you're using default/example configuration, one of the differences is the FreeSWITCH ACL or 'Access Control List'.

Basically, any call made to 5060 will be parsed by the ACL. Which you can perceive as a sort of firewall. If it doesn't match a rule in there, FreeSWITCH refuses it with the error.

2016-03-09 22:59:50.981898 [DEBUG] sofia.c:9124 IP MY.SIP.PROV.IP Rejected by acl "domains". Falling back to Digest auth.

And this part...

2016-03-09 22:59:50.981898 [WARNING] sofia_reg.c:2852 Can't find user [@MYSIPPROVIDER.COM] from MY.SIP.PROV.IP
You must define a domain called 'MYSIPPROVIDER.COM' in your directory and     add a user with the id="" attribute
and you must configure your device to use the proper domain in it's     authentication credentials.

...is being generated by this part of the ACL config...

<list name="domains" default="deny">
  <node type="allow" domain="$${domain}"/>
</list>

...Take not of the "Allow any SIP packet where the 'domain' (eg the @mysipprovider.com part of the SIP URI) is part of a user defined in the 'FreeSWITCH Directory'.

In short, the ACL is used as an added measure of authenticating INTERNAL DEVICES, in the context where FreeSWITCH is used as an 'internal PBX'.

You have two options..

  1. Ask mysipprovider to route inbound SIP packets to port 5080, and then look at managing inbound calls via the default /etc/freeswitch/dialplan/public/00_inbound_did.xml file

  2. Add a specific line in the ACL to approve calls from mysipprovider. Maybe something like..

..then type..

fs_cli -x 'reloadacl'

..to apply it.

BIGMOOSE
  • 146
  • 7