Hello!

pjsip provides the ability to create (TCP / TLS) transports without opening any 
listener. This is handy if you don't need any listening transport at all for a 
sip device.

One of the typical use cases is for dial up environments where you just have to register to the VoIP provider on base of TCP or TLS. To register to an ISP using TCP or TLS, no listener is necessary at all. Having no listener greatly increases security, because you don't have any port which could be reached from arbitrary scanners in the Internet at all and which therefore doesn't need to be secured by other means (portfilter, fail2ban). It's just the correct way to do it like this from a security based view.

This allows, too, for easily separating internal networks and external networks by using two different networks on the Asterisk device, the internal providing the listener for the internal devices and the external net providing access to the VoIP ISP w/o any listener.

pjsip provides two CFLAGS which enables this feature to create client 
transports only by using PJSIP_TCP_TRANSPORT_DONT_CREATE_LISTENER and 
PJSIP_TLS_TRANSPORT_DONT_CREATE_LISTENER [1].

I know that it is working perfectly, because I already have a working patch for 
Asterisk which I will post here if you like.


Thanks
Michael


[1] https://pjsip.org/pjsip/docs/html/group__PJSIP__TRANSPORT__TLS.htm

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-dev

Reply via email to