> 13 juni 2021 kl. 16:32 skrev Michael Maier <m1278...@mailbox.org>: > > > Hello! > > pjsip provides the ability to create (TCP / TLS) transports without opening > any listener. This is handy if you don't need any listening transport at all > for a sip device. > > One of the typical use cases is for dial up environments where you just have > to register to the VoIP provider on base of TCP or TLS. To register to an ISP > using TCP or TLS, no listener is necessary at all. Having no listener greatly > increases security, because you don't have any port which could be reached > from arbitrary scanners in the Internet at all and which therefore doesn't > need to be secured by other means (portfilter, fail2ban). It's just the > correct way to do it like this from a security based view. > > This allows, too, for easily separating internal networks and external > networks by using two different networks on the Asterisk device, the internal > providing the listener for the internal devices and the external net > providing access to the VoIP ISP w/o any listener. > > pjsip provides two CFLAGS which enables this feature to create client > transports only by using PJSIP_TCP_TRANSPORT_DONT_CREATE_LISTENER and > PJSIP_TLS_TRANSPORT_DONT_CREATE_LISTENER [1]. > > I know that it is working perfectly, because I already have a working patch > for Asterisk which I will post here if you like. >
The second problem is that one needs to update the RFCs to make this standard-compliant. Unless you are using the SIP Outbound RFC, which I haven’t seen implemented in Asterisk, the server (asterisk) is not allowed to reuse the incoming connection for outbound dialogs, like an incoming call. Many SIP servers simply ignore this and happily reuse the connection, since it’s the only way to reach the device behind NAT and/or a firewall. /O
signature.asc
Description: Message signed with OpenPGP
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
