IP Authentication is the fact of linking a sip extension against a set of known IP's. Therefore, any call signaled to or from a given IP will be linked to a linked SIP account. IP Authentication is needed if you want to configure your PBX as a Class 4 PBX. If you want to know more about the difference between Class 4 and Class 5, read the article I published some years ago in this blog.

So, our scenario is our FusionPBX (pbx-b) is the carrier of another PBX (pbx-a). The pbx-a uses pbx-b as a carrier configured without registration (IP authenticated). Users register into pbx-a. When an outbound call is done, the user signals the authenticate INVITE to pbx-a, then pbx-a forwards the SIP INVITE without authentication. Finally, pbx-b forwards the INVITE to the upstream carrier.

pbx class 4 scenario

FusionPBX by default is shipped as a Class 5 PBX. You will need to do some web tuning to make it work as a Class 4 PBX. In this article, I will write about the SIP Authentication, which it is one of the many steps you need to do.

Configuring IP Authentication in FusionPBX

Configuration is pretty straightforward. Let us say you have a brand new deployment and you have configured the customer1.inside-out.xyz tenant with an extension pbx1 (I recommend using alphanumeric extensions when dealing with Class 4 PBX configuration).

Create the ACL

Within FusionPBX WEB GUI go to menu Advanced -> Access Control and create one ACL with a deny default policy. Add in that ACL all the known IP's for customer1 tenant. Take note of the ACL name, you will need it later.

Link the IP with the SIP User

Edit the pbx1 extension and modify the Auth ACL field, put there the ACL name.

You are done. In your other PBX configure your FusionPBX as a carrier without registration.

blog comments powered by Disqus