Le 17/10/2013 12:30, richard.seg...@marisec.ca a écrit :
Hello,
Hello
I have a question about best practice (or recommended practice) for allowing
SIP registrations from the Internet.
Registrations from Internet is vague:
- are EP with fixed IP: define the extension in SIP.conf with host = <EP
IP>. You can even add an iptables rule to allow the <EP IP> to connect
to port 5060 in udp (if your setup is this one)
- are EP travellers => fail2ban or through VPN. OpenVPN is a good solution.
This is what I was thinking of implementing:
1. Use OpenSips for the SBC, enable SRTP and TLS
All clients doesn't support SRTP
2. Allow limited access to the actual Asterisk PBX (behind firewall) via
OpenSips
Is there anything that I am missing that probably should be implemented?
In all cases I would recommend:
- a strong extension definition eg [MyFav0Rite-prefiX_123] instead of [123]
- always use fail2ban
[...]
--
Daniel
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
