[asterisk-users] Access PBX from internet - best practice
Administrator TOOTAI
admin at tootai.net
Thu Oct 17 05:56:40 CDT 2013
Le 17/10/2013 12:30, richard.seguin at marisec.ca a écrit :
> Hello,
Hello
>
> I have a question about best practice (or recommended practice) for allowing SIP registrations from the Internet.
Registrations from Internet is vague:
- are EP with fixed IP: define the extension in SIP.conf with host = <EP
IP>. You can even add an iptables rule to allow the <EP IP> to connect
to port 5060 in udp (if your setup is this one)
- are EP travellers => fail2ban or through VPN. OpenVPN is a good solution.
> This is what I was thinking of implementing:
> 1. Use OpenSips for the SBC, enable SRTP and TLS
All clients doesn't support SRTP
> 2. Allow limited access to the actual Asterisk PBX (behind firewall) via OpenSips
>
> Is there anything that I am missing that probably should be implemented?
In all cases I would recommend:
- a strong extension definition eg [MyFav0Rite-prefiX_123] instead of [123]
- always use fail2ban
[...]
--
Daniel
More information about the asterisk-users
mailing list