Migration to PJSIP

antonis77 · July 1, 2021, 6:29am

I check on fail2ban and i dont ve any ip’s banned

PitzKey · July 1, 2021, 6:38am

Did you restart the PBX after changing the ports?

antonis77 · July 1, 2021, 6:39am

Yes i did

matt_klein · July 2, 2021, 1:35pm

Hi antonis77 -

I just started migrating my extensions to PJSIP too. I had a similar issue where as soon as I converted the extension to PJSIP the endpoint wouldn’t register. I banged my head against the wall on this for several hours and found that two things had to be done to resolve the issue for me:

PJSIP in PBXact communicates on a different port than chan_sip by default. I found that the default port PJSIP uses is 5260. As a result, I had to forward that port in my firewall to the PBX.
On the endpoint itself, I needed to change the SIP settings to use 5260 as the port.

In my case, I’m using Grandstream endpoints. In the web UI for the endpoint, I had to update:

Accounts>Account 1>General Settings>SIP Server and Accounts>Account 1>General Settings>Outboud Proxy to use port 5260
Accounts>Account 1>SIP Settings>Basic Settings>Local SIP Port to 5260

In most cases, that took care of the registration issue. In a couple of cases I had to do a Factory Reset on the endpoint and re-provision it.

Not sure if this will work for you, but I thought it might at least spark an idea for you.

sorvani · July 3, 2021, 2:07am

Or, preferably (unless you are @dicko) , you should have moved SIP to some other port and pjsip to 5060.

Then all of your devices would have just worked.

dicko · July 3, 2021, 2:12am

(dicko (that’s me) has not had one malign attempt at his listening port and protocol in three years, some apparently find that risable , go figure . . .)

I have a couple of honeypots that average 5000 individual ASN’s a month on upd/5060 and many of those ASN’s cover many bots. You will likely be surprised from where these attacks are originating. And if you are listening on UDP/5060, sooner or later, the bad guys will penetrate your defenses because they are a lot cleverer than you and have a bigger budget , often governmental.

It’s happened before more than once, are you sure it won’t happen again?

sorvani · July 3, 2021, 3:04am

I don’t argue the move to be non-standard helps reduce. But for people that have no idea what they are doing it causes more issues.
People like the OP and the person I replied to have no idea how all of this works. Or they would never have the problems posted.

dicko · July 3, 2021, 3:12am

Then help them see them see the light.

Please stop continuing to denigrate (for whatever your reason is) my generally considered ’ good advice’ namely . . .

" PLEASE STOP LISTENING FOR SIP INVITES OR REGISTRATIONS ON UDP/5060 AS IT WILL HURT YOU SOONER OR LATER AND THERE IS ABSOLUTELY NO NEED THAT YOU DO SO, NO MATTER WHO TELLS YOU OTHERWISE"

system · August 3, 2021, 3:12am

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.