5060 internal 50xx external ports

kernel32 · April 21, 2022, 4:57pm

Hello, I have small raspbx server running on port 5060 but I have 2 external endpoints/extensions that for security reasons I have setup on my router external port 5065 but internally 5060, so for freepbx/asterisk it is all under 5060 but for the endpoint I had to add xxx.xxx.xxx.xxx:5065 to access the router but when I do this the call drop at 31 seconds. I dont know where to whitelist 5060 and 5065 in freepbx, thanks in advance, I am pretty much new on this VoIP world.

Stewart1 · April 21, 2022, 5:19pm

Asterisk does not support this. If possible, change pjsip Port to Listen On to 5065, forward 5065 > 5065 in your router, and change your internal extensions to also register to port 5065.

If that’s not feasible, other options include using different protocols for internal and external, or putting e.g. pjsip on 5065 and chan_sip on 5060.

jcolp · April 21, 2022, 5:36pm

PJSIP does actually provide a configuration option[1] to have a separate port externally alongside IP address, of course I can’t speak for the FreePBX UI.

[1] asterisk/pjsip.conf.sample at master · asterisk/asterisk · GitHub

david55 · April 21, 2022, 5:57pm

You can run chan_pjsip on multiple transports, each with a different port. I think you will need to do some hand crafting for this.

kernel32 · April 21, 2022, 5:58pm

Solved! it worked! just thinking I little bit out of the box and problem solved, I did your idea of moving the 2 external extensions to CHAN_SIP and it works just fine. I figure it out that moving out of default port reduce a lot those (mostly Chinese) attempts to access the server. thanks again.

kernel32 · April 21, 2022, 6:01pm

thanksx yeah I don’t feel safe doing hand crafting on this topics yet

lgaetz · April 21, 2022, 6:23pm

To Josh’s point above, the param can be enabled manually by editing the file pjsip.transports_custom_post.conf

[0.0.0.0-udp](+type=transport)
external_signaling_port=5065

[0.0.0.0-tcp](+type=transport)
external_signaling_port=5065

[0.0.0.0-tls](+type=transport)
external_signaling_port=5065

Moving to another port in the 506x range won’t accomplish much. You would get a better result picking a random port in the 40k-60k range.

kernel32 · April 21, 2022, 6:35pm

Good info! thanks!

system · April 28, 2022, 6:35pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.