how to differentiate remote and local extensions?

Discussion in 'General' started by Patrick_elx, Jan 3, 2009.

  1. Patrick_elx

    Joined:
    Dec 14, 2008
    Messages:
    1,120
    Likes Received:
    0
    Hi,

    I have a setup with some local SIP phones on the LAN and I would like to open a few remote extensions accessible from the WAN side.

    I would like to restrict the remote extensions dialing rights to avoid some easy hacking.

    How can I do it with the elastix gui? I guess that by digging manually into the config files I should probably be able to define different contexts (a subject I need to work on as it's still really blurry to me). But I don't see how to protect my local extensions to be connected by a remote client if I open my inbound ports on my firewall for the true remote ones.

    Another way will be to have all remote connected by VPN, but that will work only with softphone.

    Happy new year

    Patrick
     
  2. danardf

    Joined:
    Dec 3, 2007
    Messages:
    8,069
    Likes Received:
    12
    Hi Patrick.

    Maybe only used an authentification MD5 on every extension!
    Like that, you restrict all remote extensions and nobody (except your extension) can connect to Elastix server.
     
  3. rafael

    Joined:
    May 14, 2007
    Messages:
    1,454
    Likes Received:
    1
    Two options.

    The first one edit the extention on the web interfase and change it context to
    ext-local. It would work well but you won't have other services such as voicemail, etc..

    Option #2 would be to create a context what include this services. For this you should edit the file
    /etc/asterisk/extensions_custom.conf and copy this lines at the end of the file

    Code:
    [from-internal-additional]
    include => from-internal-additional-custom
    include => app-pbdirectory
    include => app-dialvm
    include => app-vmmain
    include => app-callwaiting-cwoff
    include => app-callwaiting-cwon
    include => ext-group
    include => grps
    include => app-speeddial
    include => app-calltrace
    include => app-directory
    include => app-echo-test
    include => app-speakextennum
    include => app-speakingclock
    include => app-cf-busy-off
    include => app-cf-busy-off-any
    include => app-cf-busy-on
    include => app-cf-off
    include => app-cf-off-any
    include => app-cf-on
    include => app-cf-unavailable-off
    include => app-cf-unavailable-on
    include => ext-meetme
    include => ext-paging
    include => app-blacklist
    include => ext-queues
    include => ext-findmefollow
    include => fmgrps
    include => app-miscapps-7
    include => app-miscapps-6
    include => app-dnd-off
    include => app-dnd-on
    include => app-dictate-record
    include => app-dictate-send
    include => app-recordings
    include => app-userlogonoff
    include => app-pickup
    include => app-zapbarge
    include => app-chanspy
    include => ext-test
    include => ext-local
    exten => h,1,Hangup
    
     
  4. rafael

    Joined:
    May 14, 2007
    Messages:
    1,454
    Likes Received:
    1
    There are ethernet phones that support vpn. We use the atcom 530 that is a good cheap ip phone and it support vpns.

    regards,

    rafael
     
  5. Chilling_Silence

    Joined:
    Sep 23, 2008
    Messages:
    488
    Likes Received:
    0
    You can try and generate 15 char + passwords, thats generally a good start, rather than using the password = ext :D
     
  6. Patrick_elx

    Joined:
    Dec 14, 2008
    Messages:
    1,120
    Likes Received:
    0
    by reading Asterisk: the future of telephony, I'm starting to grab slowly some more concepts.

    i was thinking today of restricting the IP of my local extensions by putting something in their sip context like:
    deny=0.0.0.0/0
    allow=[lan ip]/32; to allow my local users
    deny=[router IP]/255 ; is it needed to block outside WAN access? they should present their public IP or can they be seen by only the LAN ip by asterisk?
     
  7. Patrick_elx

    Joined:
    Dec 14, 2008
    Messages:
    1,120
    Likes Received:
    0
    Seems that's the way I'm leaning to.

    The more I'm learning, the more I'm confused about the whole picture..
    Thanks to this community for the great help that bring me back to my feet more often than I can admit here. ;-)
     

Share This Page