Allow Anonymous Inbound SIP Calls

tumbleweed

Joined
Jun 18, 2010
Messages
79
Likes
0
Points
0
#1
Hi

Currently I have Elastix "Allow Anonymous Inbound SIP Calls" is set to "Yes".
I realise that this should be set to "No" for obvious reasons, but the problem is if I set this to "no" then Inbound (DDI's) stops working. Outbound still works.

Any idea why?

Thanks
 

jgutierrez

Joined
Feb 28, 2008
Messages
5,737
Likes
0
Points
0
#2
Yes, that is a risk, since you may receive unauthorized calls... And if you have an incorrect cuastom dial plan, it can be broken, and do calls that they shouldnt.
I mean a dial plan such as:
_.

Paste the CLI output for an inbound call with it deactivated, and another with it activated.
 

DaveD

Joined
Nov 12, 2007
Messages
597
Likes
0
Points
16
#3
Are you running freepbx 2.6 or above , as this fixes the issue
 

tumbleweed

Joined
Jun 18, 2010
Messages
79
Likes
0
Points
0
#4
Thanks for the tip, but Freepbx is was on 2.7, I upgraded to 2.8.1.3 and set "Allow Anonymous Inbound SIP Calls" to "no" and rebooted. Still the same proble. External calls to any DDI numbers get "The number you have dialled is not in service".

Only affecting inbound. Outbound and extension to extension works.

Also getting "Symlink error" on system status, sio I enaned the two retrieve files (found thread on the forum), but still no good and the Symlink error is still there, but not sure if this has anything to do with my problem. Hope somebody can help as our server was hacked on Friday.

Thanks
 

DaveD

Joined
Nov 12, 2007
Messages
597
Likes
0
Points
16
#5
The number you have dialled is not in service

This sounds like an incorrect config with the trunk,check with your provider what DID is expected

In A nutshell check your inbound route configuration and your trunk config
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#6
If you use a registration with your provider, you don't need anonymous inbound SIP, If the provider sends your calls to your IP, you will as the calls will be technically "anonymous", it's as easy as that . . .

dicko
 

tumbleweed

Joined
Jun 18, 2010
Messages
79
Likes
0
Points
0
#7
Thanks Dicko

Our Voip provider sends calls to our IP, which explains it.
 

fmvillares

Joined
Sep 8, 2007
Messages
1,785
Likes
0
Points
0
#8
then if you are on open internet you have a really serious security issue using that provider
 

tumbleweed

Joined
Jun 18, 2010
Messages
79
Likes
0
Points
0
#9
Exactly! That´s why I now have a Firewall which blocks all IP´s except the providers.
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#10
Indeed, but many have "roaming" external extensions, this can be a problem in so identifying that address space, generally you can have your provider move your registration port from 5060 to a more anonymous place and so adjust your iptables, believe me, with the latest onslaught of kiddy scripts from apple I-Phone space you really have to watch the apple webkit logins, not in SIP but on your apache server, they are becoming relentless, and we all really need to lock down the web server as tightly as your SIP server because of this, look for logins by asteriskuser in the logs, that user can see all your underwear unless you do something about it. And for those in that position definitely have your catchall inbound route go straight to hangup.

regards

dicko
 

franklin

Joined
Oct 22, 2010
Messages
254
Likes
0
Points
0
#11
dicko, are you still not touching 2.x for production?
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#12
At this point in time that would be correct, but they generally have asterisk 1.4.40 (which seems to largely fix a few residual DTMF problems and an elusive agent/queue bug ) and FreePBX 2.8 and no freepbx-overidden contexts, the ones with dahdi hardware also at dahdi 2.4.1. I will probably go FreePBX 2.9 when it gets of beta which looks "very soon now" as their seems to be only three or four very minor bugs still open or new.
 

fmvillares

Joined
Sep 8, 2007
Messages
1,785
Likes
0
Points
0
#13
Re: Re:Allow Anonymous Inbound SIP Calls

dick freepbx 2.9 is in RC1 state as of today!!! as you know i made my first commit to that project adding tls and tcp functions for exetnsions....
 

RustBoy

Joined
Apr 13, 2011
Messages
97
Likes
0
Points
16
#14
We are having this exact same problem and after reading this thread I am not any closer to understanding how to fix it. Our inbound callers are hearing: "The number that you are calling is not in service..."

The message is coming from our Elastix system, so it's clear that the callers are reaching us but Elastix is not handling the call properly. If I turn on "Allow Anonymous Inbound SIP Calls" it corrects the problem but from reading this thread it sounds like this is dangerous.

Can someone please explain why the "Allow Anonymous Inbound SIP Calls" corrects the problem and what vulnerabilities we are exposing ourselves to by having this option on?

Our SIP provider has us registered with a static IP address. Our current trunk configuration looks like this:

Code:
host=ln05-10.fs.mysipprovider.net
username=3104569877
secret=
type=peer
dtmfmode=rfc2833
allow=all
canreinvite=no
insecure=port,invite
We are running: elastix-2.0.0-57 • asterisk-1.6.2.13-0 • freePBX-2.7.0-9
 

jgutierrez

Joined
Feb 28, 2008
Messages
5,737
Likes
0
Points
0
#15
Add the following line on your trunk definition:
context=from-pstn
If you have any issue, paste the CLI output (asterisk -r) to see what is going on...
 

RustBoy

Joined
Apr 13, 2011
Messages
97
Likes
0
Points
16
#16
Thanks. I will give that a try.
 

RustBoy

Joined
Apr 13, 2011
Messages
97
Likes
0
Points
16
#17
Ugh, I really need to figure out how to resolve this problem. I added "context=from-pstn" to our trunk definition but that did not resolve the problem. Our callers still keep hearing a recording that says "the number that you are calling is not in service". Customers are emailing us to ask if we are still in business. It sounds like we did not pay our phone bill and our phones were disconnected. This is an incredibly bad situation.

I have had "Allow Anonymous Inbound SIP Calls" turned on and it solves the out of service recording problem but I believe that it has led to security issues. Our outbound SIP traffic was just shut down by our SIP provider because they detected fraudulent calls being made.

Currently our Elastix System keeps taking me back to the login page after every click that I make in the web browser.

Any suggestions on how to resolve these issues would be greatly appreciated.
 

DaveD

Joined
Nov 12, 2007
Messages
597
Likes
0
Points
16
#18

RustBoy

Joined
Apr 13, 2011
Messages
97
Likes
0
Points
16
#19
DaveD said:
http://elastixconnection.com/index.php?option=com_content&view=article&id=112&Itemid=120

Lock the box down.

Also it sounds like the box has been compromised ,so I would be inclined to do a fresh install with CSF built into it this time and you will not have issues with hackers again
Thank you. I will give that a try.
 

RustBoy

Joined
Apr 13, 2011
Messages
97
Likes
0
Points
16
#20
I followed the instructions and I have installed CSF.

Code:
If all that went smooth we need to now log into Webmin from your web browser
https://your server ip:10000/
I am at the step where I am supposed to log in to the admin web page but I keep getting an error that says that my browser can't establish a connection. I must have missed a step.
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,887
Members
17,566
Latest member
Fpino
Top