Thanks for the reply, that looks pretty solid. What is working for me right now is
- Changed the SIP BindPort to a random port for example 40500
- Changed the SIP BindAddress to my local FreePBX server address, 10.1.1.5
- Updated all phone configs to register with proxy like so, 10.1.1.5:40500
- Port Forwarded 40500, TCP and UDP, to 10.1.1.5
I also set up SIP TCP on the port to save battery on remote softphone cellphone clients
- Added tcpenable=yes to Asterisk SIP settings
- Added tcpbindaddress=10.1.1.5:40500
- amportal restart
- Updated the remote extension settings in FreePBX to accept TCP only, and qualify:no
- Updated softphone clients to register to for example sip.myHQpbx.com:40500 TCP
To make things a little more interesting, I also have a remote office setup with another FreePBX server and its own SIP ITSP, lets call it RemoteOffice1 and HQ.
RemoteOffice1 has a phone that registers line 1 to its own FreePBX, but then also registers line 2 to HQ’s FreePBX
(proxy: sip.myHQpbx.com:40500 UDP)
Then HQ phone has line 1 registered to its own pbx, and line 2 registered to sip.myRemoteOffice1pbx.com:40600
To make this work, I had to port forward RTP and SIP on both routers suchas
HQ Router forwards:
40500 TCP/UDP -> 10.1.1.5
10000 - 20000 UDP -> 10.1.1.5
40600 TCP/UDP -> 192.168.5.5
10000 - 20000 UDP -> 192.168.5.5
Without the RTP forwards at both routers, I would get no way audio when calling from one office that is registered to the other office.
I am happy with the security of this configuration so far, it was a pain to figure out some of it, but everything is working great now.
I also should mention that I received a TON of support from other forum members, especially @dicko, everyone here is super helpful and responsive. To make up for all the time I drain from other members with my questions, I try to give back by replying to posts that I can help others with.