On Mon, 2009-09-28 at 18:31 -0400, Kristian D. Guntzelman wrote:
> I've got a question about using sipX as a trunking proxy....
>
> We've set up an arrangement with a local SIP trunking provider to
> allow our clients to proxy through us so they can connect to their
> service. The reason we've set this up is because they actually don't
> want to get into the business of setting up trunks, only endpoints.
> So, by setting up trunks with us, we'll be responsible for setting up
> trunks to the end-users on our system, then relaying the calls over to
> them (authenticating as us). Actually, they're just doing it with
> static IPs (no authentication). What I'm looking to do is set up two
> servers (HA - eventually growing to 4 across 2 locations). We'd
> program a trunk from our servers to the carrier, then individual
> trunks to our customers. We'd merely act as a relay/proxy. I'm
> assuming sipX would only accept phone call requests from trunks if the
> request came from the pre-programmed IP on the trunk, and not just
> randomly accept call requests. This would have NO USERS built, only
> trunks.
>
> I know there'd be no end-user usage of the portal and all that, but
> for what I'm looking to do, does anyone see any major security risks
> with this?
There's an open issue to track this kind of usage:
http://track.sipfoundry.org/browse/XX-6398
Right now, the only way to do this is to turn off all permissions
protecting access to your outbound trunks; there certainly are major
security implications to doing that.
There is currently no way to do any authentication based on IP
addresses; this possibility has been discussed in the context of
XX-6398, along with some other possible solutions, but there's nothing
in any build yet.
_______________________________________________
sipx-users mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/
