What is FreeSWITCH ESL?

FreeSWITCH Event Socket Layer (ESL) is an interface that allows external applications to communicate with a running FreeSWITCH instance over TCP, enabling commands, event subscriptions, and real-time control.

What port does FreeSWITCH ESL use?

By default, FreeSWITCH ESL listens on TCP port 8021 for incoming connections.

Is it safe to expose FreeSWITCH ESL to the internet?

Directly exposing FreeSWITCH ESL to the internet is risky. You should change the default password, restrict allowed IPs using ACLs, and ideally use a VPN or SSH tunnel for external access.

How do I test a FreeSWITCH ESL connection?

From another machine, use 'telnet 8021'. If successful, you'll be prompted for the ESL password (default is ClueCon).

How to Configure FreeSWITCH ESL for External Access

Q: Can I change the default ESL password?

Yes, you can change the password in /etc/freeswitch/autoload_configs/event_socket.conf.xml by modifying the 'password' parameter.

This guide details the steps to establish an Event Socket Layer (ESL) connection to FreeSWITCH running on a virtual machine (VM) and enabling communication from outside the VM.

1. Verify FreeSWITCH ESL on Port 8021

To check if FreeSWITCH ESL is active on port 8021, run:

netstat -tulpn

We should see an entry like this if ESL is listening:

tcp        0      0 0.0.0.0:8021            0.0.0.0:*               LISTEN      1350/freeswitch

This confirms that FreeSWITCH is listening on port 8021.

2. Configure Firewall to Allow External ESL Access

Step 1: Enable Firewall (if not already enabled)

sudo ufw enable

Step 2: Allow Traffic on Port 8021

sudo ufw allow 8021/tcp

Step 3: Confirm Firewall Rules

Verify that port 8021 is open:

sudo ufw status

If configured correctly, we should see a rule allowing traffic on port 8021.

3. Configure FreeSWITCH for External Access

To allow external access, configure FreeSWITCH by following these steps:

Step 1: Set Up Access Control

In FreeSWITCH’s admin interface, go to Access Controls.
Create a new Access Control named event_socket.

acl home add acl

Step 2: Edit Event Socket Configuration Edit the FreeSWITCH Event Socket configuration file:

sudo nano /etc/freeswitch/autoload_configs/event_socket.conf.xml

Ensure the configuration resembles the following:

<configuration name="event_socket.conf" description="Socket Client">
  <settings>
    <param name="nat-map" value="false"/>
    <param name="listen-ip" value="0.0.0.0"/>
    <param name="listen-port" value="8021"/>
    <param name="password" value="ClueCon"/>
    <param name="apply-inbound-acl" value="event_socket"/>
  </settings>
</configuration>

listen-ip: Set to 0.0.0.0 to listen on all IPs.
apply-inbound-acl: Ensure this is set to event_socket to match the Access Control name created earlier.

Step 3: Restart FreeSWITCH

sudo systemctl restart freeswitch

4. Testing the Connection

From a machine outside the VM, use telnet to test the connection:

telnet <vm_ip> 8021

For example, if the VM IP is 192.168.0.114:

telnet 192.168.0.114 8021

If successful, we will be prompted for the ESL password (ClueCon by default).

Caution

Exposing the FreeSWITCH ESL port (8021) to external networks can pose serious security risks.