It seems you have no tags attached to pages. To attach a tag simply click on the tags button at the bottom of any page.
Dear All.
In some cases someone of my customers (Gateway) can't put username and password for authentication for receive traffic from they on my FS; it has to be a IP based authentication.
In Menu ADD SIP Gateway if possible add a gateway with username xxxx and password xxxx and Register False for receive traffic a ip based authentication?.
Best regards,
Fernando
I'm pretty sure you will need to use Access Control Lists (ACL's) to accomplish that. There is currently no support for that in the WikiPBX GUI, but it might be possible to add it. Please try to make it work by modifying the xml configuration file directly. I think it is called acl.conf.xml and is in /usr/local/freeswitch/conf/autoload_configs.
Hello, thanks for your answer.
I did the follow test:
I created a gateway with username and password xxxx and Register false; and i can received calls from this gateway anyway and works fine.
I will test with update ac.conf.xml now.
Another questions i want install the system in three diffrent machines; example:
FreeSWITCH on Machine-1
Wikipbx on Machine-2
PostgreSQL on Machine-3
It's possible?
What libraries i need on Machine-1 and what libraries i need on Machine-2?
Fernando.
It's possible to setup wikipbx like you desire. You need all wikipbx code and its dependencies on machine 2. If you're using mod_python IVRs that come with wikipbx, you should copy the wikipbx/ivr directory to machine 1 where your python will be able to find it. Also, soundclips (e.g. voicemail recordings) are saved by freeswitch but they should be available to wikipbx users over web too, so you'll have to use some kind of file synchronization solution or network file system in order for this to work.
I'm not sure if wikipbx has been extensively tested in such setup, though.
Hello,
So i think the best config is in Machine-1 with FS and Wikipbx and Machine-2 with Database.
Thank you for your answer.
Fernando.
Hello,
Excuse my delay in my test.
Today i testing received traffic from a IP based authentication ( acl.conf.xml); and Wikipbx works very well.
The calls was registered in table wikipbx_completecall succesfully.
wikipbx=> select id,account_id,uuid,caller_id_number,destination_number,chan_name,answered_time,hangup_time from wikipbxweb_completedcall where id=443;
id | account_id | uuid | caller_id_number | destination_number | chan_name | answered_time | hangup_time
-+--+--------+----+----+---+----—+----—
443 | 1 | c6b5e0da-56d7-11de-9370-97b8447cd6fa | 105 | 56968482060 | 56968482060 | 2009-06-11 18:33:02-04 | 2009-06-11 18:33:12-04
(1 fila)
wikipbx=> select id,account_id,uuid,caller_id_number,destination_number,chan_name,answered_time,hangup_time from wikipbxweb_completedcall where id=442;
id | account_id | uuid | caller_id_number | destination_number | chan_name | answered_time | hangup_time
-+--+--------+----+----+----+----+----—
442 | 1 | c69696da-56d7-11de-9370-97b8447cd6fa | 105 | 56968482060 | XXX.XX.802.091|501#XXX.XX.802.091|501 | 2009-06-11 18:33:02-04 | 2009-06-11 18:33:12-04
(1 fila)
The IP 190.208.XX.XXX is in acl.conf.xml and send traffic to my FS ( Wikipbx) but this IP is not registered as Gateway in Wikipbx. So why in record id 442 assume account_id = 1?
Regards.
Fernando
The IP 190.208.XX.XXX is in acl.conf.xml and send traffic to my FS ( Wikipbx) but this IP is not registered as Gateway in Wikipbx. So why in record id 442 assume account_id = 1?
In order to detect which account receives the call wikipbx checks:
1. SIP port
2. freeswitch channel name or profile name
So, the call probably came to the port that account uses.
Yes, exactly. In this case I'm pretty sure the account lookup was based on SIP port.
If the CDR XML has a sip port of 5060 for example, it will lookup the Account object in the database that has a sip port of 5060 and then use that Account ID for the record stored in wikipbxweb_completedcall.
Hello.
When i allow or deny IP in acl.conf.xml the changes are not availables.
For example i deny the follow IP in the acl.conf.xml like this:
<configuration name="acl.conf" description="Network Lists">
<network-lists>
<list name="dl-candidates" default="allow">
<node type="deny" cidr="190.208.XX.XXX"/>
<node type="deny" cidr="10.0.0.0/8"/>
<node type="deny" cidr="172.16.0.0/12"/>
<node type="deny" cidr="192.168.0.0/16"/>
</list>
and i reloadxml or restart freeswitch and wikipbx, anyway accepts calls from gateway 190.208.XX.XXX why?
I can include acl.conf.xml in directory /usr/src/wikipbx/freeswitchxml/ for deny or allow IP's?
I was testing the follow example too; if i register the IP of my Wikipbx system in any external gateway and this external Gateway is not added as gateway in Wikipbx, these external Gateway anyway can send treffic to my Wikipbx and this accepts always. So how i can restrict access ?
This is not really something that belongs to wikipbx forum since ACL is just not supported so far. Freeswitch users mailing list is a better place for asking out configuration questions.
Make sure you're understanding Freeswitch ACL docs, you may need to add dialplan checks to make it work or you may be missing a user profile parameter that activates ACLs.
Hello All.
Thanks and excuse for off topic, i am know how working both and understandig FS and Wikipbx.
Thank you for your help.
The problem is that it is hard to get help on the freeswitch list when you are using wikipbx. Once they realize that you are using wikipbx, they will refer you here, since they don't want to get stuck debugging wikipbx related issues, or freeswitch issues caused by incorrect configuration generated by wikipbx. I think if wikipbx had a "static xml export", then people could more easily go to the freeswitch people for help with problems, because wikipbx would really be out of the picture aside from the fact that it generated the configuration..
I can include acl.conf.xml in directory /usr/src/wikipbx/freeswitchxml/ for deny or allow IP's?
No, it will be ignored .. only things wikipbx knows/cares about from freeswitchxml will be used. Currently acl.conf.xml is not one of those things.
I was testing the follow example too; if i register the IP of my Wikipbx system in any external gateway and this external Gateway is not added as gateway in Wikipbx, these external Gateway anyway can send treffic to my Wikipbx and this accepts always. So how i can restrict access ?
I think one way to accomplish this is to tell the profile to authenticate all calls by default, and I believe the parameter name is auth-calls. There is no support in the DB/GUI yet, so you will have to edit the profile template in /usr/src/wikipbx/freeswitchxml/.
Hello.
I solved the IP based authentication on wikipbx like this:
<action application="set" data="proxy_media=true"/>
<action application="check_acl" data="${network_addr} test2 normal_clearing"/>
<action application="bridge" data="sofia/gateway/ubb/$1$2$3"/>
But now return the problem of codecs:
2009-06-16 17:39:01 [NOTICE] switch_channel.c:602 switch_channel_set_name() New Channel sofia/admin/521.71.802.091|51925424#521.71.802.091|51925424 [1b4f93c2-5abe-11de-acfb-fda0ec915974]
2009-06-16 17:39:01 [DEBUG] sofia.c:3037 sofia_handle_sip_i_state() Channel sofia/admin/521.71.802.091|51925424#521.71.802.091|51925424 entering state [received][100]
2009-06-16 17:39:01 [DEBUG] sofia.c:3044 sofia_handle_sip_i_state() Remote SDP:
v=0
o=root 25643 25643 IN IP4 190.208.17.125
s=session
c=IN IP4 190.208.17.125
t=0 0
m=audio 13936 RTP/AVP 18 101
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
2009-06-16 17:39:01 [DEBUG] sofia_glue.c:2955 sofia_glue_negotiate_sdp() Audio Codec Compare [G729:18:8000:0]/[PCMU:0:8000:20]
2009-06-16 17:39:01 [DEBUG] sofia_glue.c:2955 sofia_glue_negotiate_sdp() Audio Codec Compare [G729:18:8000:0]/[G729:18:8000:20]
2009-06-16 17:39:01 [DEBUG] sofia_glue.c:1913 sofia_glue_tech_set_codec() Set Codec sofia/admin/521.71.802.091|51925424#521.71.802.091|51925424 G729/8000 20 ms 160 samples
……..
2009-06-16 17:39:02 [NOTICE] sofia.c:3597 sofia_handle_sip_i_state() Hangup sofia/admin/56968482060 [CS_CONSUME_MEDIA] [CALL_REJECTED]
The calls are declined in any codecs g711 or g729, it's before was worked very well but i do not what happen now.
I do not sure if the problem is codecs or not?
In /usr/src/wikipbx/freeswitchxml/sofia.conf.xml i have:
<param name='codec-prefs' value='PCMU@20i,G729'/>
Before i add the codec G729 and the problem was solved but now the calls are declined
Any idea?
You don't have a problem with codecs - the log states that G.729 is selected. What was the debug output before call hangup - looks like you've removed some of it?
Hello
On FS_CLI i get the following:
http://pastebin.freeswitch.org/9402
I am not sure but i think the problem began before i add a new web user as admin.
My sofia status is the follows:
freeswitch@internal> sofia status
Name Type Data State
admin profile sip:442.891.111.002|aifos_dom#442.891.111.002|aifos_dom:5060 RUNNING (0)
ubb gateway sip:53.1.861.291|sf#53.1.861.291|sf NOREG
portales gateway sip:521.71.802.091|pis#521.71.802.091|pis NOREG
1 profile 0 aliases
sofia status profile admin :
http://pastebin.freeswitch.org/9403
Fernando
