how to differentiate remote and local extensions?

Patrick_elx

Joined
Dec 14, 2008
Messages
1,120
Likes
0
Points
0
#1
Hi,

I have a setup with some local SIP phones on the LAN and I would like to open a few remote extensions accessible from the WAN side.

I would like to restrict the remote extensions dialing rights to avoid some easy hacking.

How can I do it with the elastix gui? I guess that by digging manually into the config files I should probably be able to define different contexts (a subject I need to work on as it's still really blurry to me). But I don't see how to protect my local extensions to be connected by a remote client if I open my inbound ports on my firewall for the true remote ones.

Another way will be to have all remote connected by VPN, but that will work only with softphone.

Happy new year

Patrick
 

danardf

Joined
Dec 3, 2007
Messages
8,069
Likes
10
Points
88
#2
Hi Patrick.

Maybe only used an authentification MD5 on every extension!
Like that, you restrict all remote extensions and nobody (except your extension) can connect to Elastix server.
 

rafael

Joined
May 14, 2007
Messages
1,454
Likes
1
Points
0
#3
Two options.

The first one edit the extention on the web interfase and change it context to
ext-local. It would work well but you won't have other services such as voicemail, etc..

Option #2 would be to create a context what include this services. For this you should edit the file
/etc/asterisk/extensions_custom.conf and copy this lines at the end of the file

Code:
[from-internal-additional]
include => from-internal-additional-custom
include => app-pbdirectory
include => app-dialvm
include => app-vmmain
include => app-callwaiting-cwoff
include => app-callwaiting-cwon
include => ext-group
include => grps
include => app-speeddial
include => app-calltrace
include => app-directory
include => app-echo-test
include => app-speakextennum
include => app-speakingclock
include => app-cf-busy-off
include => app-cf-busy-off-any
include => app-cf-busy-on
include => app-cf-off
include => app-cf-off-any
include => app-cf-on
include => app-cf-unavailable-off
include => app-cf-unavailable-on
include => ext-meetme
include => ext-paging
include => app-blacklist
include => ext-queues
include => ext-findmefollow
include => fmgrps
include => app-miscapps-7
include => app-miscapps-6
include => app-dnd-off
include => app-dnd-on
include => app-dictate-record
include => app-dictate-send
include => app-recordings
include => app-userlogonoff
include => app-pickup
include => app-zapbarge
include => app-chanspy
include => ext-test
include => ext-local
exten => h,1,Hangup
 

rafael

Joined
May 14, 2007
Messages
1,454
Likes
1
Points
0
#4
Patrick_elx said:
Another way will be to have all remote connected by VPN, but that will work only with softphone.
There are ethernet phones that support vpn. We use the atcom 530 that is a good cheap ip phone and it support vpns.

regards,

rafael
 

Chilling_Silence

Joined
Sep 23, 2008
Messages
488
Likes
0
Points
0
#5
You can try and generate 15 char + passwords, thats generally a good start, rather than using the password = ext :D
 

Patrick_elx

Joined
Dec 14, 2008
Messages
1,120
Likes
0
Points
0
#6
by reading Asterisk: the future of telephony, I'm starting to grab slowly some more concepts.

i was thinking today of restricting the IP of my local extensions by putting something in their sip context like:
deny=0.0.0.0/0
allow=[lan ip]/32; to allow my local users
deny=[router IP]/255 ; is it needed to block outside WAN access? they should present their public IP or can they be seen by only the LAN ip by asterisk?
 

Patrick_elx

Joined
Dec 14, 2008
Messages
1,120
Likes
0
Points
0
#7
rafael said:
Option #2 would be to create a context what include this services. For this you should edit the file
/etc/asterisk/extensions_custom.conf and copy this lines at the end of the file
Seems that's the way I'm leaning to.

The more I'm learning, the more I'm confused about the whole picture..
Thanks to this community for the great help that bring me back to my feet more often than I can admit here. ;-)
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,938
Messages
130,959
Members
17,632
Latest member
moaulool
Top