On 22:38, Sun 05 Feb 06, Cosmin Prund wrote: > > Hello everyone. I'm again bothering you with a bit of a problem, hopefully > not really a problem. I just need someone to tell me this is ok :-) > > I'm planning on having two * machines on the open internet (ie: not behind a > NAT) and having them talk to each other using IAX2. I can handle all the > fire walling requirements in this case easy because at least one of the *'s > has a fixed address and I'll be able to filter traffic on IP. > > It's all fine and safe so far. But then it hit me: I'll also want to "log > on" to my business's PBX from home, in order to gain access to some of its > low-rate gateways! That will not work if my office * filters on IP! Nor > would I be able to use a soft SIP phone on my laptop when I'm not at the > office! > > So my question: > > Is Asterisk's built-in security enough? If ALL my sip peers have propper > usernames and secrets set up and my box has only the required ports open, is > it safe to run Asterisk on the open internet? Does anyone run Asterisk like > that? > > I can allmost answer my own question: "You may safely run Asterisk like that > - there are lots of VoIP services providing PSTN termination that way" but, > being new to all this stuff, I'll stay on the safe side and ask. > > Thanks.
Hey, We are running asterisk on the internet, allowing sip phones at customers locations/laptops etc login and use the calls. Just make sure to disallow sip users/peers without valid user/secret in the extensions.conf (something like this in sip.conf) [general] context = sip-default (and in extensions.conf) [sip-default] exten => s,1,Hangup() If you dont trust and fear someone is sniffing your udp packets that hold user/secret, you can always setup openvpn (or whatever vpn solution) and use that to connect first and tunnel your sip traffic through it -- Michiel van Baak http://michiel.vanbaak.info [EMAIL PROTECTED] GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7E0B9A2D "Why is it drug addicts and computer afficionados are both called users?" _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
