IMO, Vitelity blew it on their description of the changes. IMO, it’s very unlikely that anyone was so paranoid that they filtered incoming RTP based on source port numbers. This would provide no extra security because an attacker that could pass all the other restrictions could choose a source port that wasn’t filtered.
I believe that the important aspect of the change is that they no longer do ‘symmetric RTP’, a.k.a. ‘connection oriented media’ on at least some calls, so a NAT that rewrites the source port number and lacks forwarding of RTP to the PBX (by default, UDP ports 10000-20000) will cause inbound audio to be lost.
The conservative fix is to both forward UDP with destination ports 10000-20000 to the PBX, and also ensure that the source port does not get rewritten when the PBX sends UDP with source ports 10000-20000.
Anyone having issues today? I’m experiencing issues with outbound and inbound calls - Vitelity is investigating. I had to provide them with some packet captures - just seeing if anyone else here is having issues?
They’ve sent out a few emails today stating they found the issue and applied a fix but obviously that’s not the case. What a headache - still waiting to hear back from them after provided them with the packet captures they requested.
When Vitelity stopped taking end-users I started with Flowroute. They have been 100% reliable over many years. I prefer their support, web ui, and reliability. Vitelity is decent and rarely has problems, but there have been times when it’s been down for a few over the past 10 years.
Flowroute:
Free port
$0.50 per DID
$0.005 inbound
Free CNAM updates** (I believe Vitelity still charges $25/ea?)
I still have two clients on Vitelity that didn’t want to switch, when I got the email about the ports I opened up 10000-36385 UDP to the PBX. Nobody’s complained (yet)
Here is the last communication from Vitelity I have - as of this morning all outbound calls and inbound calls are flowing correctly. What a nightmare - sounds like they did something behind the scenes yet again but failed to alert customers.
