How to Fix FreeSWITCH Event Socket : If you have ever tried to connect a remote script (Python, Go, Node.js) to your FreeSWITCH server only to be met with the dreaded [ERR] mod_event_socket.c:2990 Socket Error! Could not listen on 0.0.0.0:8021, you are not alone.
By default, FreeSWITCH is built to be secure, which often means it refuses to “bind” to public interfaces or allow external IPs to connect using the default password. In this guide, we will walk through the exact steps to clear port conflicts, configure Access Control Lists (ACLs), and safely open your Event Socket Layer (ESL) to the world.
The Problem: Why “0.0.0.0” Fails
When you see a “Socket Error,” it usually means one of three things:
- Port Conflict: Another process (or a “ghost” FreeSWITCH instance) is already using port 8021.
- IPv6 Conflict: The OS is trying to use IPv6 while you specified IPv4.
- Security Block: FreeSWITCH refuses to bind to a public IP while using the default password (
ClueCon).
Step 1: Clear the “Ghost” Processes
Before editing any XML files, you must ensure the port is empty. Run this command in your Linux terminal:
Bash
sudo fuser -k 8021/tcp
This kills any process currently “camping” on the ESL port. Without this step, your configuration changes will never take effect.
Step 2: Configure the ACL (The “Bouncer”)
Opening your ESL to 0.0.0.0/0 (everyone) is a massive security risk. Instead, we create an Access Control List to allow only specific, trusted IPs.
- Open
/etc/freeswitch/autoload_configs/acl.conf.xml. - Add a custom list inside the
<network-lists>section:
XML
<list name="esl-clients" default="deny">
<node type="allow" cidr="127.0.0.1/32"/>
<node type="allow" cidr="192.168.200.52/32"/>
</list>
Pro Tip: The
/32suffix ensures that only that exact IP address is allowed.
Step 3: Update the Event Socket Configuration
Now, we tell mod_event_socket to listen on all interfaces but use our new ACL as a filter.
Open /etc/freeswitch/autoload_configs/event_socket.conf.xml and update it as follows:
XML
<configuration name="event_socket.conf" description="Event Socket">
<settings>
<param name="listen-ip" value="0.0.0.0"/>
<param name="listen-port" value="8021"/>
<param name="password" value="YourSecurePass123"/>
<param name="apply-inbound-acl" value="esl-clients"/>
</settings>
</configuration>
Step 4: Open the System Firewall
FreeSWITCH is now ready, but your Linux OS might still be blocking the “Front Door.” You must allow TCP traffic on port 8021.
For Ubuntu/Debian (UFW):
Bash
sudo ufw allow from 192.168.200.52 to any port 8021 proto tcp
For CentOS/RHEL (Firewalld):
Bash
sudo firewall-cmd --add-port=8021/tcp --permanent
sudo firewall-cmd --reload
Step 5: Apply and Verify
Log into your FreeSWITCH console (fs_cli) and run these commands to refresh the system:
reloadxmlunload mod_event_socketload mod_event_socket
How to Test
From your Remote Machine (192.168.200.52), try to telnet into the FreeSWITCH server:
Bash
telnet [FS_SERVER_IP] 8021
If successful, you will see: Content-Type: auth/command
Troubleshooting FAQ
Q: I still get “Socket Error” even after killing the process. A: Try changing 0.0.0.0 to :: in event_socket.conf.xml. This allows the socket to handle both IPv4 and IPv6 traffic simultaneously, which solves binding issues on newer Linux kernels.
Q: Can I allow a whole office network? A: Yes! Instead of /32, use /24. For example: 192.168.200.0/24 will allow any device in that subnet to connect.
Q: Is it safe to use the default password “ClueCon”? A: No. Many automated bots scan for port 8021. If they find it open with the default password, they can take full control of your phone system. Always change your password when opening the socket to an external IP.
