Jump to content

Recommended Posts

Posted

Hello

I am testing kazoo DID and i have added the DID vendor IP using sup into carrier allow list and its there in trusted acl list. The issue is that when call comes to freeswitch it found the carrier ip in X-AUTH-IP, but it rejects its own server ip using authortivative ACL list, What i am missing here? according to freeswitch, the X-AUTH-ACL is used for proxy authentiation and it should use X-AUTH-IP to check trusted ACL list but its checking authorative ACL. 

Please advise

Regards

 

Naveed

Posted

Thanks for your reply .

 

Ok i did that, its showing the kamailio ip is in the ACL but still freeswitch is rejecting it, here is freeswitch logs

 

2019-12-19 19:55:20.066474 [DEBUG] sofia.c:10004 checking 45.66.172.233 against acl authoritative
2019-12-19 19:55:20.066474 [INFO] sofia.c:10006 45.66.172.233 is a proxy according to the authoritative acl
2019-12-19 19:55:20.066474 [DEBUG] sofia.c:10016 network ip is a proxy
2019-12-19 19:55:20.066474 [DEBUG] sofia.c:10020 found auth ip [X-AUTH-IP] header of [45.66.172.12]
2019-12-19 19:55:20.066474 [DEBUG] sofia.c:10044 IP 45.66.172.233 Rejected by acl "trusted". Falling back to Digest auth.

 

 

and here is the output of command

 

[root@kazoo ~]# sup -n ecallmgr ecallmgr_maintenance sbc_acls
+--------------------------------+--------------------+---------------+-------+------------------+----------------------------------+
| Name                           | CIDR               | List          | Type  | Authorizing Type | ID                               |
+================================+====================+===============+=======+==================+==================================+
| kam1                           | 45.66.172.233/32   | authoritative | allow | system_config    |                                  |
| kamailio@kazoo.asterlinkcomms. | 45.66.172.233/32   | authoritative | allow | system_config    |                                  |
+--------------------------------+--------------------+---------------+-------+------------------+----------------------------------+
 

 

Regards

 

Naveed

Posted

ok here is that

[root@kazoo ~]# sup ecallmgr_maintenance carrier_acls
+--------------------------------+--------------------+---------------+-------+------------------+----------------------------------+
| Name                           | CIDR               | List          | Type  | Authorizing Type | ID                               |
+================================+====================+===============+=======+==================+==================================+
| terminationVPBX                | 45.66.172.12/32    | trusted       | allow | system_config    |                                  |
+--------------------------------+--------------------+---------------+-------+------------------+----------------------------------+
 

and for acl_summary

 

[root@kazoo ~]# sup ecallmgr_maintenance acl_summary
+--------------------------------+--------------------+---------------+-------+------------------+----------------------------------+
| Name                           | CIDR               | List          | Type  | Authorizing Type | ID                               |
+================================+====================+===============+=======+==================+==================================+
| kamailio@kazoo.asterlinkcomms. | 45.66.172.233/32   | authoritative | allow | system_config    |                                  |
| terminationVPBX                | 45.66.172.12/32    | trusted       | allow | system_config    |                                  |
+--------------------------------+--------------------+---------------+-------+------------------+----------------------------------+
 

 

i dont know what acl_summary is differnt as compared to previous command which you sent me.

 

Regards

 

Naveed

Hello

 

I have fixed this, need to add the carrier ip using this command,

 

sup -n ecallmgr ecallmgr_maintenance allow_carrier

Thanks for your help,  do let me know what is difference between 

sup -n ecallmgr ecallmgr_maintenance allow_carrier

and

sup ecallmgr_maintenance allow_carrier

Regards

 

Naveed

×
×
  • Create New...