HELP - FreeSwitch again, now from a clean slate

fribert

Hi All

Ok, so I started over with FreeSwitch, and got all the old config out.
I've followed the 'multi home tutorial'.
I've gotten to "Applying your changes and checking your work"
I've started up the Freeswitch from the console, and I see this message at the bottom of the startup:
2010-01-12 12:44:10.875104 [NOTICE] switch_core.c:923 Adding 83.89.x.x/255.255.255.248 (allow) to list localnet.auto
2010-01-12 12:44:10.875122 [CONSOLE] switch_core.c:961 Created ip list lan default (allow)
2010-01-12 12:44:10.875136 [NOTICE] switch_core.c:1064 Adding 192.168.42.0/24 (deny) to list lan
2010-01-12 12:44:10.875149 [NOTICE] switch_core.c:1064 Adding 192.168.42.42/32 (allow) to list lan
2010-01-12 12:44:10.875212 [CONSOLE] switch_core.c:961 Created ip list domains default (deny)
2010-01-12 12:44:10.875304 [WARNING] switch_core.c:990 Cannot locate domain 83.89.x.x

The 83.89.x.x is my WAN ip, and I haven't got the faintest where 192.168.x.x comes from (my internal is 10.11.12.0).

When I try to register a phone I get this message:
2010-01-12 12:49:22.527258 [WARNING] sofia_reg.c:1755 Can't find user [1000@83.89.x.x]
You must define a domain called '83.89.x.x' in your directory and add a user with the id="1000" attribute
and you must configure your device to use the proper domain in it's authentication credentials.

For some reason it doesn't react to me setting the domain in the directory/default.xml???

chpalmer

I actually got that same class c in my logs tonight while working on freeswitch…  Ive got mine on 172.x.x.x here...

fribert

Ok, got some of the errors out of the list. There is an acl xml that lists that network.
I've changed it to reflect my own IP range.

It still didn't change anything in regards to the registration of sip phones.

cybrsrfr

I'm the author of the freeSWITCH package for pfSense.

I regret creating the LAN profile it makes it confusing and harder to understand. I recommend removing the lan.xml sip profile. The LAN profile is simply a copy of the internal profile renamed and set to bind to the LAN IP Address.

FreeSWITCH will automatically bind the internal and external profile to the external ip address. The internal profile is what handles the registrations of the phones or soft phones. You register to providers they don't register to you that is where the external profile comes in.

The external profile handles anonymous inbound connections that come from providers that don't register to your system.

Hopefully this helps.  Have questions be specific I will try and help.

chpalmer

Is there a way to keep freeswitch from loading the lan profile after removing the xml file?  It still shows up in profiles…

cybrsrfr

To remove the lan profile do the following.
rm -R /usr/local/freeswitch/conf/sip_profiles/lan
rm /usr/local/freeswitch/conf/sip_profiles/lan.xml

Then restart freeswitch. Now look at the status page and the lan profile should be gone.

chpalmer

Yep Worked!    Thanks!!

fribert

I got a lot further, thanks also to the freeswitch mailinglist :-)
I've gotten the phones registered, I've got multiple DID's registered, and I've created groups and everything.
Works very smootly.
Still a bit of work to be done to get all the way there, but it's getting closer.

cybrsrfr

It really isn't that hard but mis-conceptions about certain things can make it a lot harder. I think the lan profile caused confusion. I will remove the lan profile from the package.

fribert

One thing that isn't mentioned in the 'multi-homed guide' as far as I can see it is that the:
autoload_configs/acl.conf.xml
contains some acl lists, I changed those to my own LAN.
I'l not really sure what it does as of yet, but I didn't like some foreign IP's appearing :-)
And also in the vars.xml I had to set
  <x-pre-process cmd="set" data="domain=10.11.12.25">(my pfsense lan address)
otherwise the phones wouldn't be allowed to register.</x-pre-process>

fribert

Could you add the
vm-notify-email-all-messages
statement to the 'extensions' defining in the package?

I'm moving all the config I've created directly in the config files to the pfsense, as I really want to have it in the pfsense (for backup purposes).

chpalmer

I think this is more a Freeswitch related question rather than a "Package" (or how Freeswitch interacts with and runs under pfSense) question but…

acl.conf.xml seems to be related to clients connecting without authenticating... If I have all my clients authenticating, is there really a need for the acl file?

Can reference to it be disabled?

I have "Rejected by acl "domains". Falling back to Digest auth" showing up in my logs constantly and nothing I do seems to fix it...

fribert

No it's just a matter of the fields shown in the configing of extensions in the pfsense interface, and include the config in the pfsense.xml as well.

acl…xml: Ahh, I see, well, I got rid of it by changing it to my local lan, and then just allow the server itself access.

chpalmer

From my log-
[DEBUG] sofia.c:4628 IP 172.31.125.15 Rejected by acl "domains". Falling back to Digest auth.

172.31.125.15 is my ata.  Does this simply mean it needs to authenticate and not allowed otherwise?

cybrsrfr

If the SIP traffic is sent to the internal profile on port 5060 and its not registered it will check the ACL (access control list) to see if it is allowed. But that isn't usually necessary if you have someone remote that wants to connect to you with a SIP URI send them to the external profile which puts the call in the public context. The external profile doesn't require registration and the call can come in it simply needs to be told where to go (inbound route). The inbound routing in the pfSense FreeSWITCH package is handled with the 'Public' tab. In FusionPBX which could be considered version 2 of the pfSense FreeSWITCH package 'Public' has been named 'Inbound Routes'.

chpalmer

Cool- thanks guys!

Ive got FusionPBX running on a windoes box for learning purposes…  Im real interested in trying to install it on my router as an upgrade to this but that for later...

But referring to FusionPBX configs and the way you have things set up default has helped me allot with configuring the package on the router in the last day...

cybrsrfr

Thats good that is why I put in some default settings to make getting started a little easier.
Note: Using the vHosts package which I created for this purpose you can get FusionPBX running on pfSense now if desired. I made the vHosts generic so that it will benefit other peoples needs as well.

TreeTopFlyer

Mark,

Without trying to show too much of my ignorance here, do you have a "quick & dirty" install guide for FusionPBX on pfSense?  Like chpalmer I've installed FusionPBX on a 2k3 server to look at but would like to install it on a pfSense box running Freeswitch.  I do understand that I would need to do the vHost package install first.  I couldn't find any info on the FusionPBX site for this. Thanx.

chpalmer

Without trying to show too much of my ignorance here,

Not me!  Ill totally claim ignorance…    ;D

I would also love to see some form of a how to...  Need to do some googling to get started but figured Id at least get a little more familiar with what config does what on Freeswitch...

chpalmer

Looks like I need to familiarize myself a bunch more with FreeBSD commands….    :P ;D