For testing IP address change recovery, just unplug the phone line from the DSL modem for about one second and plug it back in. Confirm when it comes back online that the address is different.
Yes, you do, but if you use SIP over TLS on a non-standard port, the risk is very small. If you must use UDP, limiting access to the subnets of the pool from which 1und1 assigns your address is pretty good, as the vast majority of attacks come from cloud servers, typically obtained fraudulently. Or, if your devices or router support it, connecting to the server via OpenVPN is another secure option.
There are other posts here where it is written that the Fritz can interfere with other SIP servers as the box has its own small PBX. I don’t know how to disable that behavior or be able to exactly describe it.
You may not be able to use your telephony account on other lines than your own DSL line. Even if it is allowed, you may have to switch to SIP/TLS for signalling and sRTP for the media. Just saying.
You can forget about DynDNS. You are making a bad thing worse. AFAIK, all the major service providers do CoMedia (connected media). They basically use advertised and existing connections to send back singalling and media and rely a bit on the router. Depending on what kind of NAT flavor your router’s firewall supports, you may need something like reverse port rules (aka outbound NAT rules). It’s easier to understand this if you look at the various states of the connections inside the router (provided there is an option to do so).
With “connected media” you do need to be concerned with the current external IP, except that you might be registered to the older, now invalid, IP for a short period of time.
With DTAG accounts I could demonstrate how to enable “connected media” without specifying the WAN IP and, with slightly different settings to explicity use the current WAN IP (in this case port forwarding is also needed).
I will test it maybe today or tomorrow, if I disconnect my Modem for a short time what will happen if I get a new IP Address.
My Router is a Cisco C891F were I have the Zone based Firewall enabled.
When I did the tests now, then I have disabled the Number on the Fritz Box and disabled the Switch Port were the Fritz Box is connected then it seemed to work correctly for incoming calls.
I don’t know how much different is 1und1 from DTAG because I use a DTAG Line with 1und1.
Maybe we can test, if connected Media is also possible there.
You really need to delete - or minimum disable - all your external (green lighted) phone-numbers in your FritzBox. Because FB is: 1 A router, 2. A micro-PBX. Than you don’t need to forward any ports through your FB to you PBX. You don’t need to open any ports in your FB. You must stop the FB from playing the PBX role, because your PBX is now behind the router, the Free-PBX.
The Free-PBX shall register directly on the 1&1 server by using whatever router or DSL-landline, the type of router doesn’t matter, as long as the router doesn’t catch the phone-numers, too. Sip-settings shall allow NAT, so that the pbx is aware of the router’s external IP adress. Than the PBX will see a change of the adress and hopefully directly re-connects with its new external IP. Anyway, the internal IP of your PBX should be granted by your FB fix via DHCP which can cause somtimes some trouble because of IP6 versus IP4. My solution is to set a fixed IP4 adress the free-PBX.
concerning voice-mail: Be aware that the american way of thinking is totally different from the german way. In the american way nobody has the idea of a “comon voice-mail-box”. There are only voice-mail-boxes per extension / per user or person. If you think of a common voice-mail-box you need to forward all incomming calls on “no answeer” to an extenion which has a voice-mail configured. This extension needs not to have an inbound route. Than you may allow different extension to play the voicemails from that “foreign” extension.
And set the voice-mail-box always to “EN” and never to “DE”. DE doesn’t work for 3 years since there is still an error with the translating of the german wording “(…) eine Nachricht (…)”. saying “one message”. The german version just works if you have more than one messages, otherwise the play recordings breaks after the german 1 for one, because 1 is not translate to “eine”, but to “eins”. In english there is: one is one and never “eine” or “eins”. They don’t differentiate between feminin and neutrum (as the latin speaker would say).
My trunk won’t register with config as decribed and config changes mentioned at the end of this post:
[2022-05-19 18:04:13] WARNING[13175]: res_pjsip_outbound_registration.c:1045 handle_registration_response: 403 Forbidden fatal response received from ‘sip:[email protected]’ on registration attempt to ‘sip:[email protected]’, retrying in ‘30’ seconds