Intrusion Detection blocking PJSIP


(Mvogel4949) #1

I have a FreePBX 14 system that keeps blocking pjsip connections. The IP doesn’t show up in the banned list but when I stop intrusion detection the remote phone can connect. I can whitelist the IP but with a remote phone this can change. The issue is only with pjsip. If I change the extension to sip it will register right away.


PJSIP Issue - Yealink T27G - TLS - Will Not Connect
#2

The firewall might not trust the IP range the phone is on. I know unless a proxy is used to authenticate you could whitelist the phone as you said. External devices outside of a network are tricky since you have to stay secure from the outside world but still let the phone through your firewall over the internet.

Any way for you to set up the phone to authenticate over a VPN of some sort? That way you could trust the phone if its authenticated correctly and it will register over PJSIP. Not quite sure why its trusted over Chan_sip, but you may want to stay away from Chan_sip over external since it does use insecure TLSv1.

Dont have much other info but from what you gave thats all I can suggest.


(system) closed #3

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.