Register phone with dynamic IP

Hi all,

I have a PBX on AWS but with only restricted and whitelisted IP’s.

One of my user is registering with dynamic IP but i am tired of adding and white listing the IP every time.

Is there any permanent solution that will allow that user to register without whitelisting the IP every time.

How are you managing access to the PBX? If using the PBX Firewall module, the Responsive Firewall feature exists for this express purpose.

1 Like

I am using two firewalls.

  1. AWS Firewall
  2. FreePBX Responsive Firewall

I have to whitelist the ip on AWS and then on the FreePBX Firewall as well.

DDNS via freepbx firewall or vpn to system itself is all i can think of

i dont believe the aws firewall accommodates hostnames

But one more thing in the way is stopping me.

The remote user is trying to register via Softphone installed on an Android Smartphone.

So what could be the possibility now.

You could also send the calls to the user’s cell phone directly through Find Me/Follow Me by adding the cell phone number followed by # to the Follow-Me List. To tell the call is a business call, I changed External CID Configuration to Fixed CID Value and put the business phone number which I always answer.

Where do you want me to Install OpenVPN?
Do I have to Install it on Freepbx Server or on separate server and assign an IP address.

Cell phones will change their IPs based on location and connected wifi. To avoid opening you PBX to the world, you can provide the user with a secure and fixed IP. To do that you will create a new AWS Instance and install openvpn server on it. Assign fixed IP to the openvpn server and install the client files from the installed openvpn server into the user’s phone. This way the user will have one secure IP (the openvpn server IP) no matter where the use is. The VPN server will change the cell phone IP into the server’s IP address when the phone is connected to the server.

A SIP TLS solution without vpn overhead or complexity would be appropriate for your use case.

This doesn’t solve the issue of the device (softphone) having a dynamic IP to source from when the firewall is deny all but allow this whitelist. The OP wants to not have to whitelist new IPs every time this device changes IP. Doesn’t matter the transport when the source IP is not fixed.

The solution is DDNS on the device or a VPN to guarantee the device is coming from the allowed source IP.

Yes, this is an alternate proposal to whitelisting. Allow all from Internet to SIP TLS. Add responsive firewall if desired…

The attack/risk surface is the same as with openvpn. With the vpn, you need to have a port open to the Internet anyway. In either case, everything is encrypted. He’s already got NAT working properly (assumed).

1 Like

I have port “1194” open only to trusted IP. No matter where I go, my cell phone will have the OpenVPN IP which is whitelisted in FreePBX server.

Guys I have Nat setup properly and working fine.

However the only thing which I am encountering is Dynamic IP Issue.

Then that’s not a dynamic solution is it :slight_smile:

2 Likes

https://www.linkedin.com/posts/qxork_apiban-activity-6617627592398823424-GHSz

Not trying to promote it… just sharing in case someone finds this useful.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.