I am having an issue using IP Authentication for an Extension.
I have created an ACL called "customer" with a default type of deny
Then I add the customers IP as 1.1.1.1/32 as a node with type allow
Then on the extension, I set the Auth ACL as "customer"
I have flushed the Memcache and reloaded ACL but the customer still gets 407 Proxy Auth Required
Looking in the fs_cli I see
2018-05-18 13:07:02.392136 [DEBUG] sofia.c:9873 sofia/internal/1234567890@xx.xx.com:5060 receiving invite from 1.1.1.1:5060 version: 1.6.20 - 37-987c9b9 64bit
2018-05-18 13:07:02.392136 [DEBUG] sofia.c:10044 IP 1.1.1.1 Rejected by acl "domains". Falling back to Digest auth.
2018-05-18 13:07:02.392136 [DEBUG] sofia.c:2334 detaching session 95697bad-06fc-44fc-a8cf-45af6f653523
2018-05-18 13:07:02.392136 [WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [1234567890@xx.xx.com] from ip 1.1.1.1
I am a bit confused with how the new ACL I have created relates to the SIP profile, the current SIP profile (internal) has apply-inbound-acl & apply-register-acl set as "domains"
Does the customers IP need to be added as allowed in the "domains" ACL too?
I have created an ACL called "customer" with a default type of deny
Then I add the customers IP as 1.1.1.1/32 as a node with type allow
Then on the extension, I set the Auth ACL as "customer"
I have flushed the Memcache and reloaded ACL but the customer still gets 407 Proxy Auth Required
Looking in the fs_cli I see
2018-05-18 13:07:02.392136 [DEBUG] sofia.c:9873 sofia/internal/1234567890@xx.xx.com:5060 receiving invite from 1.1.1.1:5060 version: 1.6.20 - 37-987c9b9 64bit
2018-05-18 13:07:02.392136 [DEBUG] sofia.c:10044 IP 1.1.1.1 Rejected by acl "domains". Falling back to Digest auth.
2018-05-18 13:07:02.392136 [DEBUG] sofia.c:2334 detaching session 95697bad-06fc-44fc-a8cf-45af6f653523
2018-05-18 13:07:02.392136 [WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [1234567890@xx.xx.com] from ip 1.1.1.1
I am a bit confused with how the new ACL I have created relates to the SIP profile, the current SIP profile (internal) has apply-inbound-acl & apply-register-acl set as "domains"
Does the customers IP need to be added as allowed in the "domains" ACL too?