Migration to PJSIP


#21

I check on fail2ban and i dont ve any ip’s banned


(Itzik) #22

Did you restart the PBX after changing the ports?


#23

Yes i did


(Matt Klein) #24

Hi antonis77 -

I just started migrating my extensions to PJSIP too. I had a similar issue where as soon as I converted the extension to PJSIP the endpoint wouldn’t register. I banged my head against the wall on this for several hours and found that two things had to be done to resolve the issue for me:

  1. PJSIP in PBXact communicates on a different port than chan_sip by default. I found that the default port PJSIP uses is 5260. As a result, I had to forward that port in my firewall to the PBX.

  2. On the endpoint itself, I needed to change the SIP settings to use 5260 as the port.

In my case, I’m using Grandstream endpoints. In the web UI for the endpoint, I had to update:

  1. Accounts>Account 1>General Settings>SIP Server and Accounts>Account 1>General Settings>Outboud Proxy to use port 5260

  2. Accounts>Account 1>SIP Settings>Basic Settings>Local SIP Port to 5260

In most cases, that took care of the registration issue. In a couple of cases I had to do a Factory Reset on the endpoint and re-provision it.

Not sure if this will work for you, but I thought it might at least spark an idea for you.


(Jared Busch) #25

Or, preferably (unless you are @dicko) , you should have moved SIP to some other port and pjsip to 5060.

Then all of your devices would have just worked.


#26

(dicko (that’s me) has not had one malign attempt at his listening port and protocol in three years, some apparently find that risable , go figure . . .)

I have a couple of honeypots that average 5000 individual ASN’s a month on upd/5060 and many of those ASN’s cover many bots. You will likely be surprised from where these attacks are originating. And if you are listening on UDP/5060, sooner or later, the bad guys will penetrate your defenses because they are a lot cleverer than you and have a bigger budget , often governmental.

It’s happened before more than once, are you sure it won’t happen again?


(Jared Busch) #27

I don’t argue the move to be non-standard helps reduce. But for people that have no idea what they are doing it causes more issues.
People like the OP and the person I replied to have no idea how all of this works. Or they would never have the problems posted.


#28

Then help them see them see the light.

Please stop continuing to denigrate (for whatever your reason is) my generally considered ’ good advice’ namely . . .

" PLEASE STOP LISTENING FOR SIP INVITES OR REGISTRATIONS ON UDP/5060 AS IT WILL HURT YOU SOONER OR LATER AND THERE IS ABSOLUTELY NO NEED THAT YOU DO SO, NO MATTER WHO TELLS YOU OTHERWISE"