Ok, I have tested dnsmgr. This is not a solution, the situation has not changed. With dnsmgr I can not place outbound calls. I do not know why and what dnsmgr really do. My current solution is as follows: Say allowguest=yes, configure the default context that there can not be placed outbound calls. Use iptables to DROP all at your SIP port and allow only your local phones and the sip trunk ip range. I think srvlookup must be set to yes to place outbound calls if there is an ip address change. I think with the restriction of the firewall that should be a secure solution.> Am 01.04.2015 um 19:23 schrieb Sebastian Kemper <sebastian_ml at gmx.net>: > > On Wed, Apr 01, 2015 at 11:00:56AM -0400, Andres wrote: >> On 4/1/15 10:48 AM, Daniel Heckl wrote: >>> John, >>> >>> thank you four your answer. I think you have misunderstood the >>> problem. It?s about a ip address change of the sip trunk, not of my >>> asterisk server. >> You would probably benefit by enabling the DNS Manager to allow for >> dynamic IP changes: >> >> # cat dnsmgr.conf [general] enable=yes ; enable creation >> of managed DNS lookups ; default is 'no' refreshinterval=180 ; >> refresh managed DNS lookups every <n> seconds ; default is 300 (5 >> minutes) > > Hello Andres, > > I read that same suggestion elsewhere in connection with Deutsche > Telekom, so it seems there's some benefit in it. > > Daniel, did you try it out already? > > Kind regards, > Sebastian > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
?I'd be curious if setting insecure=invite,port makes any difference either (without alllowguest on). ? On Thu, Apr 2, 2015 at 9:03 AM, Daniel Heckl <daniel.heckl at gmail.com> wrote:> Ok, I have tested dnsmgr. This is not a solution, the situation has not > changed. With dnsmgr I can not place outbound calls. I do not know why and > what dnsmgr really do. > > My current solution is as follows: > > Say allowguest=yes, configure the default context that there can not be > placed outbound calls. Use iptables to DROP all at your SIP port and allow > only your local phones and the sip trunk ip range. I think srvlookup must > be set to yes to place outbound calls if there is an ip address change. > > I think with the restriction of the firewall that should be a secure > solution. > > > Am 01.04.2015 um 19:23 schrieb Sebastian Kemper <sebastian_ml at gmx.net>: > > > > On Wed, Apr 01, 2015 at 11:00:56AM -0400, Andres wrote: > >> On 4/1/15 10:48 AM, Daniel Heckl wrote: > >>> John, > >>> > >>> thank you four your answer. I think you have misunderstood the > >>> problem. It?s about a ip address change of the sip trunk, not of my > >>> asterisk server. > >> You would probably benefit by enabling the DNS Manager to allow for > >> dynamic IP changes: > >> > >> # cat dnsmgr.conf [general] enable=yes ; enable creation > >> of managed DNS lookups ; default is 'no' refreshinterval=180 ; > >> refresh managed DNS lookups every <n> seconds ; default is 300 (5 > >> minutes) > > > > Hello Andres, > > > > I read that same suggestion elsewhere in connection with Deutsche > > Telekom, so it seems there's some benefit in it. > > > > Daniel, did you try it out already? > > > > Kind regards, > > Sebastian > > > > -- > > _____________________________________________________________________ > > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > New to Asterisk? Join us for a live introductory webinar every Thurs: > > http://www.asterisk.org/hello > > > > asterisk-users mailing list > > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-- [image: Digium logo] Scott Griepentrog Digium, Inc ? Software Developer 445 Jan Davis Drive NW ? Huntsville, AL 35806 ? US direct/fax: +1 256 428 6239 ? mobile: +1 256 580 6090 Check us out at: http://digium.com ? http://asterisk.org -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150402/d32c57eb/attachment.html>
Scott, I have changed the configuration as said it and will test it. I?m curious. Can you briefly explain what insecure=invite,port does? ;insecure=port ; Allow matching of peer by IP address without ; matching port number ;insecure=invite ; Do not require authentication of incoming INVITEs ;insecure=port,invite ; (both) Do I understand correctly that in this mode the IP address is not checked and no authentication is required?> Am 02.04.2015 um 20:11 schrieb Scott Griepentrog <sgriepentrog at digium.com>: > > ?I'd be curious if setting > > insecure=invite,port > > makes any difference either (without alllowguest on). > ? > > On Thu, Apr 2, 2015 at 9:03 AM, Daniel Heckl <daniel.heckl at gmail.com <mailto:daniel.heckl at gmail.com>> wrote: > Ok, I have tested dnsmgr. This is not a solution, the situation has not changed. With dnsmgr I can not place outbound calls. I do not know why and what dnsmgr really do. > > My current solution is as follows: > > Say allowguest=yes, configure the default context that there can not be placed outbound calls. Use iptables to DROP all at your SIP port and allow only your local phones and the sip trunk ip range. I think srvlookup must be set to yes to place outbound calls if there is an ip address change. > > I think with the restriction of the firewall that should be a secure solution. > > > Am 01.04.2015 um 19:23 schrieb Sebastian Kemper <sebastian_ml at gmx.net <mailto:sebastian_ml at gmx.net>>: > > > > On Wed, Apr 01, 2015 at 11:00:56AM -0400, Andres wrote: > >> On 4/1/15 10:48 AM, Daniel Heckl wrote: > >>> John, > >>> > >>> thank you four your answer. I think you have misunderstood the > >>> problem. It?s about a ip address change of the sip trunk, not of my > >>> asterisk server. > >> You would probably benefit by enabling the DNS Manager to allow for > >> dynamic IP changes: > >> > >> # cat dnsmgr.conf [general] enable=yes ; enable creation > >> of managed DNS lookups ; default is 'no' refreshinterval=180 ; > >> refresh managed DNS lookups every <n> seconds ; default is 300 (5 > >> minutes) > > > > Hello Andres, > > > > I read that same suggestion elsewhere in connection with Deutsche > > Telekom, so it seems there's some benefit in it. > > > > Daniel, did you try it out already? > > > > Kind regards, > > Sebastian > > > > -- > > _____________________________________________________________________ > > -- Bandwidth and Colocation Provided by http://www.api-digital.com <http://www.api-digital.com/> -- > > New to Asterisk? Join us for a live introductory webinar every Thurs: > > http://www.asterisk.org/hello <http://www.asterisk.org/hello> > > > > asterisk-users mailing list > > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users <http://lists.digium.com/mailman/listinfo/asterisk-users> > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com <http://www.api-digital.com/> -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello <http://www.asterisk.org/hello> > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users <http://lists.digium.com/mailman/listinfo/asterisk-users> > > > -- > > Scott Griepentrog > Digium, Inc ? Software Developer > 445 Jan Davis Drive NW ? Huntsville, AL 35806 ? US > direct/fax: +1 256 428 6239 ? mobile: +1 256 580 6090 > Check us out at: http://digium.com <http://digium.com/> ? http://asterisk.org <http://asterisk.org/> > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150402/3a411828/attachment.html>