naveed6865 Posted December 19, 2019 Report Posted December 19, 2019 Hello I am testing kazoo DID and i have added the DID vendor IP using sup into carrier allow list and its there in trusted acl list. The issue is that when call comes to freeswitch it found the carrier ip in X-AUTH-IP, but it rejects its own server ip using authortivative ACL list, What i am missing here? according to freeswitch, the X-AUTH-ACL is used for proxy authentiation and it should use X-AUTH-IP to check trusted ACL list but its checking authorative ACL. Please advise Regards Naveed
btracht00 Posted December 19, 2019 Report Posted December 19, 2019 (edited) run sup -n ecallmgr ecallmgr_maintenance acl_summary. make sure your kamailio server is listed as authoritative Edited December 19, 2019 by btracht00 (see edit history)
naveed6865 Posted December 19, 2019 Author Report Posted December 19, 2019 Thanks for your reply . Ok i did that, its showing the kamailio ip is in the ACL but still freeswitch is rejecting it, here is freeswitch logs 2019-12-19 19:55:20.066474 [DEBUG] sofia.c:10004 checking 45.66.172.233 against acl authoritative 2019-12-19 19:55:20.066474 [INFO] sofia.c:10006 45.66.172.233 is a proxy according to the authoritative acl 2019-12-19 19:55:20.066474 [DEBUG] sofia.c:10016 network ip is a proxy 2019-12-19 19:55:20.066474 [DEBUG] sofia.c:10020 found auth ip [X-AUTH-IP] header of [45.66.172.12] 2019-12-19 19:55:20.066474 [DEBUG] sofia.c:10044 IP 45.66.172.233 Rejected by acl "trusted". Falling back to Digest auth. and here is the output of command [root@kazoo ~]# sup -n ecallmgr ecallmgr_maintenance sbc_acls +--------------------------------+--------------------+---------------+-------+------------------+----------------------------------+ | Name | CIDR | List | Type | Authorizing Type | ID | +================================+====================+===============+=======+==================+==================================+ | kam1 | 45.66.172.233/32 | authoritative | allow | system_config | | | kamailio@kazoo.asterlinkcomms. | 45.66.172.233/32 | authoritative | allow | system_config | | +--------------------------------+--------------------+---------------+-------+------------------+----------------------------------+ Regards Naveed
btracht00 Posted December 19, 2019 Report Posted December 19, 2019 can you show your acl_summary or carrier_acls
naveed6865 Posted December 19, 2019 Author Report Posted December 19, 2019 ok here is that [root@kazoo ~]# sup ecallmgr_maintenance carrier_acls +--------------------------------+--------------------+---------------+-------+------------------+----------------------------------+ | Name | CIDR | List | Type | Authorizing Type | ID | +================================+====================+===============+=======+==================+==================================+ | terminationVPBX | 45.66.172.12/32 | trusted | allow | system_config | | +--------------------------------+--------------------+---------------+-------+------------------+----------------------------------+ and for acl_summary [root@kazoo ~]# sup ecallmgr_maintenance acl_summary +--------------------------------+--------------------+---------------+-------+------------------+----------------------------------+ | Name | CIDR | List | Type | Authorizing Type | ID | +================================+====================+===============+=======+==================+==================================+ | kamailio@kazoo.asterlinkcomms. | 45.66.172.233/32 | authoritative | allow | system_config | | | terminationVPBX | 45.66.172.12/32 | trusted | allow | system_config | | +--------------------------------+--------------------+---------------+-------+------------------+----------------------------------+ i dont know what acl_summary is differnt as compared to previous command which you sent me. Regards Naveed Hello I have fixed this, need to add the carrier ip using this command, sup -n ecallmgr ecallmgr_maintenance allow_carrier Thanks for your help, do let me know what is difference between sup -n ecallmgr ecallmgr_maintenance allow_carrier and sup ecallmgr_maintenance allow_carrier Regards Naveed
btracht00 Posted December 19, 2019 Report Posted December 19, 2019 If starting ecallmgr on it's own via systemd or init you need the -n ecallmgr addition
Recommended Posts