[asterisk-dev] Feature request: Allow the use of pjsip client only transports in Asterisk pjsip

[Michael Maier]

Hello!

pjsip provides the ability to create (TCP / TLS) transports without opening any listener. This is handy if you don't need any listening transport at all for a sip device.

One of the typical use cases is for dial up environments where you just have to register to the VoIP provider on base of TCP or TLS. To register to an ISP using TCP or TLS, no listener is 
necessary at all. Having no listener greatly increases security, because you don't have any port which could be reached from arbitrary scanners in the Internet at all and which therefore 
doesn't need to be secured by other means (portfilter, fail2ban). It's just the correct way to do it like this from a security based view.

This allows, too, for easily separating internal networks and external networks by using two different networks on the Asterisk device, the internal providing the listener for the internal 
devices and the external net providing access to the VoIP ISP w/o any listener.

pjsip provides two CFLAGS which enables this feature to create client transports only by using PJSIP_TCP_TRANSPORT_DONT_CREATE_LISTENER and PJSIP_TLS_TRANSPORT_DONT_CREATE_LISTENER [1].

I know that it is working perfectly, because I already have a working patch for Asterisk which I will post here if you like.


Thanks
Michael


[1] https://pjsip.org/pjsip/docs/html/group__PJSIP__TRANSPORT__TLS.htm