Dynamic dns on deny / permit

I have all my extensions set up to only permit my local subnet, but one of my employees needed a phone at home, but she is on a dynamic ip. Does the deny / permit fields support a ddns service?


No, but you can restrict the range to something quite usable.

Find what address they are currently using, (rasterisk -x ‘sip show peer (EXT)’ )and then

whois ip.add.re.ess

look for the smallest network in that issue, perhaps

use that as your “allowed network” , the way dsl and cable works will pretty well guarantee that whatever the dynamic IP awarded will be within that network.

Some networks like comcast and apple are /8 but most are /16 or smaller. If they travel outside home territory, consider not using 5060 for their registration port.


I wish I could do that, but her IP addresses change so wildly at least weekly that even a /8 would not work. Right now I am just manually changing it when it stops working.

The only other idea I have is to get a VPN connection at her house.

Any other ideas?

If her IP is changing that wildly then she is probably stealing someone elses WIFI, there is no solution if that is the case.No ISP will award DHCP outside their registered networks. Post some exmples of here IP at the /16 level, don’t use 5060, tell her to buy a real network connection . . .

Over at the PBXinaFlash project they have something called Travelin’ Man. It uses dyndns and links this in with iptables to restrict access. I have no idea whether this will work with the FreePBX implementation but a solution does exist out there. I know in the UK some ISP’s do use various subnets and sometimes a connection will seem to jump wildly but the only have two or three different ones. So maybe you could use iptables to allow only certain subnets to access your PBX rather than to use the allowed subnets on the extension.