-
sudo_root
Q. how can i get IP-IP auth but get INBOUND to work for xxxx⊙sc
-
sudo_root
e164 work but not ext to ext
-
sudo_root
i tried Global resources (IP auth) .
-
sudo_root
I tried PBX connection (invite format username@domain) with IP static auth OR PBX connection with IP / Domain Auth
-
sudo_root
i get a 604 nope nope nope
-
mc_
sudo_root: try a device that does auth-by-ip
-
sudo_root
like a device like sip device
-
sudo_root
in kazoo logs it shows no 'Realm' in CCVs, checking FS props
-
mc_
probably unrelated
-
mc_
the ip is associated with the account in registrar i believe
-
sudo_root
it has a /25 to allow but i tried PBX auth by domain name inbound
-
mc_
but yes, via the /devices API, an auth by ip device should work
-
sudo_root
oh so the monster-ui wont for auth-by-ip from devices
-
sudo_root
so local-resources is only from kazoo==> carrier then
-
mc_
no idea on UI stuff, just do API myself
-
sudo_root
hehe ya i see the devices endpoint shows more then what UI shows at least to add IP device. I wonder if i have all extensions and its just IP-IP auth do i justput the domain From carrier as the IP aut hcause they have like /25 to allow
-
mc_
sudo_root: i don't think carrier would work since there's no account identifier
-
mc_
afaik kazoo doesn't trust the realm on the INVITE since there's no auth on that
-
mc_
carrier IP in ACLs + DID mapped to account
-
mc_
device IP in ACLs is mapped to the account
-
mc_
and username/password of device can be mapped to the account
-
mc_
but extensions obviously don't uniquely map to an account
-
mc_
and SIP realm, while it maps, isn't a good enough auth mechanism
-
sudo_root
oh interesting
-
sudo_root
would invite format on device-authIP be contact or route
-
mc_
whatever your device would accept
-
mc_
i assume route (which uses the request URI's user portion
-
sudo_root
oh i guess it auto added username/password so ill have to adjust it still getting a 604 nope nope nope
-
sudo_root
hmmm
-
sudo_root
@IPADDED-to-Devices---|ecallmgr_fs_channel:767(<0.32369.334>) no 'Realm' in CCVs, checking FS props
-
sudo_root
ya ifi. do sup - n ecallmgr carrier_acls now it shows authorizing type (device) But if it matches then i get 604 nope nope nope (NO route to destination)
-
sudo_root
oh it worked. so device via ip/auth (i wonder if i can add a CIDR/ on that)
-
sudo_root
ha
-
sudo_root
it took a bit to register when i removed ACLs i guess