[asterisk-dev] Feature request: Allow the use of pjsip client only transports in Asterisk pjsip
Olle E. Johansson
oej at edvina.net
Mon Jun 14 01:17:08 CDT 2021
> 13 juni 2021 kl. 16:32 skrev Michael Maier <m1278468 at mailbox.org>:
>
>
> Hello!
>
> pjsip provides the ability to create (TCP / TLS) transports without opening any listener. This is handy if you don't need any listening transport at all for a sip device.
>
> One of the typical use cases is for dial up environments where you just have to register to the VoIP provider on base of TCP or TLS. To register to an ISP using TCP or TLS, no listener is necessary at all. Having no listener greatly increases security, because you don't have any port which could be reached from arbitrary scanners in the Internet at all and which therefore doesn't need to be secured by other means (portfilter, fail2ban). It's just the correct way to do it like this from a security based view.
>
> This allows, too, for easily separating internal networks and external networks by using two different networks on the Asterisk device, the internal providing the listener for the internal devices and the external net providing access to the VoIP ISP w/o any listener.
>
> pjsip provides two CFLAGS which enables this feature to create client transports only by using PJSIP_TCP_TRANSPORT_DONT_CREATE_LISTENER and PJSIP_TLS_TRANSPORT_DONT_CREATE_LISTENER [1].
>
> I know that it is working perfectly, because I already have a working patch for Asterisk which I will post here if you like.
>
The second problem is that one needs to update the RFCs to make this standard-compliant. Unless you are using the SIP Outbound RFC, which I haven’t seen implemented in Asterisk, the server (asterisk) is not allowed to reuse the incoming connection for outbound dialogs, like an incoming call.
Many SIP servers simply ignore this and happily reuse the connection, since it’s the only way to reach the device behind NAT and/or a firewall.
/O
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 686 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20210614/ab3ce00b/attachment.sig>
More information about the asterisk-dev
mailing list