17:29:18 <sudo_root> Q.  how can i get IP-IP auth but get INBOUND to work for xxxx⊙sc
17:29:18 <sudo_root> e164 work but not ext to ext
17:30:17 <sudo_root> i tried Global resources (IP auth) .
17:30:18 <sudo_root> I tried PBX connection (invite format username@domain) with IP static auth OR PBX connection with IP / Domain Auth
17:30:27 <sudo_root> i get a 604 nope nope nope
17:34:50 <mc_> sudo_root: try a device that does auth-by-ip
17:52:37 <sudo_root> like a device like sip device
17:54:01 <sudo_root> in kazoo logs it shows   no 'Realm' in CCVs, checking FS props
17:55:47 <mc_> probably unrelated
17:56:00 <mc_> the ip is associated with the account in registrar i believe
17:56:24 <sudo_root> it has a /25 to allow but i tried PBX auth by domain name inbound
17:56:35 <mc_> but yes, via the /devices API, an auth by ip device should work
17:56:56 <sudo_root> oh so the monster-ui wont for auth-by-ip from devices
17:57:36 <sudo_root> so local-resources is only from kazoo==> carrier then
18:14:17 <mc_> no idea on UI stuff, just do API myself
18:27:37 <sudo_root> hehe ya i see the devices endpoint shows more then what UI shows at least to add IP device. I wonder if i have all extensions and its just IP-IP auth do i justput the domain From carrier as the IP aut hcause they have like /25 to allow
18:40:43 <mc_> sudo_root: i don't think carrier would work since there's no account identifier
18:41:01 <mc_> afaik kazoo doesn't trust the realm on the INVITE since there's no auth on that
18:41:22 <mc_> carrier IP in ACLs + DID mapped to account
18:41:33 <mc_> device IP in ACLs is mapped to the account
18:41:45 <mc_> and username/password of device can be mapped to the account
18:42:09 <mc_> but extensions obviously don't uniquely map to an account
18:42:24 <mc_> and SIP realm, while it maps, isn't a good enough auth mechanism
18:45:23 <sudo_root> oh interesting
18:47:23 <sudo_root> would invite format on device-authIP be  contact or route
18:59:09 <mc_> whatever your device would accept
18:59:27 <mc_> i assume route (which uses the request URI's user portion
19:02:11 <sudo_root> oh i guess it auto added username/password so ill have to adjust it  still getting a 604 nope nope nope
19:02:12 <sudo_root> hmmm
19:13:25 <sudo_root> @IPADDED-to-Devices---|ecallmgr_fs_channel:767(<0.32369.334>) no 'Realm' in CCVs, checking FS props
19:20:35 <sudo_root> ya ifi. do sup - n ecallmgr carrier_acls now it shows authorizing type (device) But if it matches then i get 604 nope nope nope  (NO route to destination)
19:48:00 <sudo_root> oh it worked. so device via ip/auth  (i wonder if i can add a CIDR/ on that)
19:48:01 <sudo_root> ha
19:55:43 <sudo_root> it took a bit to register when i removed ACLs i guess