I would like to allow hardware devices to connect as well, so that pretty much puts a VPN out of the question.
I tried to figure out what ports need to be opened myself (see orig email below) but I'd really like to hear some input from veteran asterisk users before I start opening up ports. Thanks, -Ryan David Gomillion wrote: > On 7/19/07, *Ryan Stille* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Right now I've been working on setting up an Trixbox server on our > internal network. Its behind the firewall, but I'd like to open > up the > firewall to it because we sometimes have developers working off > site and > I'd like them to be able to connect. > > > How many developers? And what kind of developers? If they're > developing things for your phone system, then you may want them on > their own development boxes instead. If you're a software shop and > they're just users, then that's different. > > Is this safe to do? I've got the "Allow Anonymous Inbound SIP Calls" > box unchecked in freePBX. Is there anything else I need to do? > Isn't > there an issue with the extension/secret being passed in clear text? > > > I'm not the most knowledgable on what freePBX does, as far as the > check box. My guess is that it's just tweaking the SIP users/peers in > the sip.conf file. This gives only a minimal level of security, in my > opinion. > > It looks like I need to open port 5060, and whatever ports are > inbetween > the rtpstart/rtpend values in /etc/asterisk/rtp.conf. Is that right? > Right now thats 9999 ports, I've read that you can chop that down > to 20 > ports for just a few calls. We want to have 5-6 simultaneous > calls, so > if I set rtpstart to 10001 and rtpend to 10100, then open up those > ports, is that adequate? > > > If it were me, and I had 20 remote users or less, I would create a VPN > and have them join my network that way. Then, no SIP ports would be > open to the world. And the NAT problems would pretty much disappear. > You may have a slight reduction in sound quality, depending on how you > set up the VPN. I really haven't had major problems with it, but > again, it depends on your type of VPN. We're using a site-to-site > hardware-accelerated IPSec VPN for each of our remote sites (including > my house), and I have not had any problems. Except when the underlying > medium (the Intarweb) has latency/jitter problems. But then, straight > SIP would have issues too... > _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
