On FS_CLI i get the following:

http://pastebin.freeswitch.org/9402

I am not sure but i think the problem began before i add a new web user as admin.

My sofia status is the follows:

freeswitch@internal> sofia status
Name Type Data State

admin profile sip:442.891.111.002|aifos_dom#442.891.111.002|aifos_dom:5060 RUNNING (0)
ubb gateway sip:53.1.861.291|sf#53.1.861.291|sf NOREG
portales gateway sip:521.71.802.091|pis#521.71.802.091|pis NOREG

1 profile 0 aliases

sofia status profile admin :

http://pastebin.freeswitch.org/9403

Fernando

I solved the IP based authentication on wikipbx like this:

<action application="set" data="proxy_media=true"/>
<action application="check_acl" data="${network_addr} test2 normal_clearing"/>
<action application="bridge" data="sofia/gateway/ubb/$1$2$3"/>

But now return the problem of codecs:

2009-06-16 17:39:01 [NOTICE] switch_channel.c:602 switch_channel_set_name() New Channel sofia/admin/521.71.802.091|51925424#521.71.802.091|51925424 [1b4f93c2-5abe-11de-acfb-fda0ec915974]
2009-06-16 17:39:01 [DEBUG] sofia.c:3037 sofia_handle_sip_i_state() Channel sofia/admin/521.71.802.091|51925424#521.71.802.091|51925424 entering state [received][100]
2009-06-16 17:39:01 [DEBUG] sofia.c:3044 sofia_handle_sip_i_state() Remote SDP:
v=0
o=root 25643 25643 IN IP4 190.208.17.125
s=session
c=IN IP4 190.208.17.125
t=0 0
m=audio 13936 RTP/AVP 18 101
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -

2009-06-16 17:39:01 [DEBUG] sofia_glue.c:2955 sofia_glue_negotiate_sdp() Audio Codec Compare [G729:18:8000:0]/[PCMU:0:8000:20]
2009-06-16 17:39:01 [DEBUG] sofia_glue.c:2955 sofia_glue_negotiate_sdp() Audio Codec Compare [G729:18:8000:0]/[G729:18:8000:20]
2009-06-16 17:39:01 [DEBUG] sofia_glue.c:1913 sofia_glue_tech_set_codec() Set Codec sofia/admin/521.71.802.091|51925424#521.71.802.091|51925424 G729/8000 20 ms 160 samples
……..
2009-06-16 17:39:02 [NOTICE] sofia.c:3597 sofia_handle_sip_i_state() Hangup sofia/admin/56968482060 [CS_CONSUME_MEDIA] [CALL_REJECTED]

The calls are declined in any codecs g711 or g729, it's before was worked very well but i do not what happen now.

I do not sure if the problem is codecs or not?

In /usr/src/wikipbx/freeswitchxml/sofia.conf.xml i have:

<param name='codec-prefs' value='PCMU@20i,G729'/>

Before i add the codec G729 and the problem was solved but now the calls are declined

Any idea?

I can include acl.conf.xml in directory /usr/src/wikipbx/freeswitchxml/ for deny or allow IP's?

No, it will be ignored .. only things wikipbx knows/cares about from freeswitchxml will be used. Currently acl.conf.xml is not one of those things.

I was testing the follow example too; if i register the IP of my Wikipbx system in any external gateway and this external Gateway is not added as gateway in Wikipbx, these external Gateway anyway can send treffic to my Wikipbx and this accepts always. So how i can restrict access ?

I think one way to accomplish this is to tell the profile to authenticate all calls by default, and I believe the parameter name is auth-calls. There is no support in the DB/GUI yet, so you will have to edit the profile template in /usr/src/wikipbx/freeswitchxml/.

Thanks and excuse for off topic, i am know how working both and understandig FS and Wikipbx.

Thank you for your help.

Make sure you're understanding Freeswitch ACL docs, you may need to add dialplan checks to make it work or you may be missing a user profile parameter that activates ACLs.

When i allow or deny IP in acl.conf.xml the changes are not availables.

For example i deny the follow IP in the acl.conf.xml like this:

<configuration name="acl.conf" description="Network Lists">
<network-lists>

<list name="dl-candidates" default="allow">
<node type="deny" cidr="190.208.XX.XXX"/>
<node type="deny" cidr="10.0.0.0/8"/>
<node type="deny" cidr="172.16.0.0/12"/>
<node type="deny" cidr="192.168.0.0/16"/>
</list>

and i reloadxml or restart freeswitch and wikipbx, anyway accepts calls from gateway 190.208.XX.XXX why?

I can include acl.conf.xml in directory /usr/src/wikipbx/freeswitchxml/ for deny or allow IP's?

I was testing the follow example too; if i register the IP of my Wikipbx system in any external gateway and this external Gateway is not added as gateway in Wikipbx, these external Gateway anyway can send treffic to my Wikipbx and this accepts always. So how i can restrict access ?

If the CDR XML has a sip port of 5060 for example, it will lookup the Account object in the database that has a sip port of 5060 and then use that Account ID for the record stored in wikipbxweb_completedcall.

The IP 190.208.XX.XXX is in acl.conf.xml and send traffic to my FS ( Wikipbx) but this IP is not registered as Gateway in Wikipbx. So why in record id 442 assume account_id = 1?

In order to detect which account receives the call wikipbx checks:

1. SIP port

2. freeswitch channel name or profile name

So, the call probably came to the port that account uses.

So i think the best config is in Machine-1 with FS and Wikipbx and Machine-2 with Database.

Thank you for your answer.

Fernando.

Excuse my delay in my test.

Today i testing received traffic from a IP based authentication ( acl.conf.xml); and Wikipbx works very well.
The calls was registered in table wikipbx_completecall succesfully.

wikipbx=> select id,account_id,uuid,caller_id_number,destination_number,chan_name,answered_time,hangup_time from wikipbxweb_completedcall where id=443;
id | account_id | uuid | caller_id_number | destination_number | chan_name | answered_time | hangup_time
-+--+--------+----+----+---+----—+----—
443 | 1 | c6b5e0da-56d7-11de-9370-97b8447cd6fa | 105 | 56968482060 | 56968482060 | 2009-06-11 18:33:02-04 | 2009-06-11 18:33:12-04
(1 fila)

wikipbx=> select id,account_id,uuid,caller_id_number,destination_number,chan_name,answered_time,hangup_time from wikipbxweb_completedcall where id=442;
id | account_id | uuid | caller_id_number | destination_number | chan_name | answered_time | hangup_time
-+--+--------+----+----+----+----+----—
442 | 1 | c69696da-56d7-11de-9370-97b8447cd6fa | 105 | 56968482060 | XXX.XX.802.091|501#XXX.XX.802.091|501 | 2009-06-11 18:33:02-04 | 2009-06-11 18:33:12-04
(1 fila)

The IP 190.208.XX.XXX is in acl.conf.xml and send traffic to my FS ( Wikipbx) but this IP is not registered as Gateway in Wikipbx. So why in record id 442 assume account_id = 1?

Regards.

Fernando

I'm not sure if wikipbx has been extensively tested in such setup, though.

I did the follow test:

I created a gateway with username and password xxxx and Register false; and i can received calls from this gateway anyway and works fine.

I will test with update ac.conf.xml now.

Another questions i want install the system in three diffrent machines; example:

FreeSWITCH on Machine-1
Wikipbx on Machine-2
PostgreSQL on Machine-3

It's possible?

What libraries i need on Machine-1 and what libraries i need on Machine-2?

Fernando.

In some cases someone of my customers (Gateway) can't put username and password for authentication for receive traffic from they on my FS; it has to be a IP based authentication.

In Menu ADD SIP Gateway if possible add a gateway with username xxxx and password xxxx and Register False for receive traffic a ip based authentication?.

Best regards,

Fernando