chris_c_
Active Member
- Joined
- Aug 19, 2010
- Messages
- 509
- Reaction score
- 67
System: IPBX 13-12 running on Ubuntu 14.04 Trusty.
Just completed a manual set up of IPBX's three randomly generated "port knocker" ports, to allow for remote SIP client registration (for a remote roadwarrior / traveling man softphone extension).
I have a recommendation regarding the auto configuration of said gateway ports.
http://miniupnp.tuxfamily.org/
to install on debian/ubunutu/raspbian (?):
to invoke :
(careful... command name is different from package name!!)
Fact is, 99.9% of all hardware gateway routers that IPBX runs behind, have the UPnP feature available and enabled. So a client device (ie pbx server) hiding behind the gateway, on the LAN, can programatically issue a request to the gateway, to map a port on the public IP, to its private LAN IP and port.
So, have the IPX install script call a command line binary, called "miniupnpc", to use UPnP to attempt to automatically open those 3 randomly selected "KNOCK" TCP ports on the gateway router, and forward to the 3 TCP ports on the IP of the IPBX machine.
And while it's at it, to forward the 5060 SIP UDP port to the IPBX server, for the 2 way SIP registration and call traffic.
This new way is superior to the current way, because if any of the ports is already occupied, the script will detect that error condition, via return value from the
binary, and retry by selecting another random port, until it succeeds and all 3 random TCP ports are mapped via UPnP.
Worse comes to worse, if the UPnP mappings fail due to UPnP disabled on the gateway router, the script can print out the instructions to tell the admin to manually forward the 3 TCP ports to enable this remote softphone port knock security feature.
Most of the time though it'll just work, and save thousands or even hundreds of thousands of IPBX admins, so much time..
Just completed a manual set up of IPBX's three randomly generated "port knocker" ports, to allow for remote SIP client registration (for a remote roadwarrior / traveling man softphone extension).
I have a recommendation regarding the auto configuration of said gateway ports.
http://miniupnp.tuxfamily.org/
to install on debian/ubunutu/raspbian (?):
Code:
apt-get install miniupnpc
Code:
upnpc
Fact is, 99.9% of all hardware gateway routers that IPBX runs behind, have the UPnP feature available and enabled. So a client device (ie pbx server) hiding behind the gateway, on the LAN, can programatically issue a request to the gateway, to map a port on the public IP, to its private LAN IP and port.
So, have the IPX install script call a command line binary, called "miniupnpc", to use UPnP to attempt to automatically open those 3 randomly selected "KNOCK" TCP ports on the gateway router, and forward to the 3 TCP ports on the IP of the IPBX machine.
And while it's at it, to forward the 5060 SIP UDP port to the IPBX server, for the 2 way SIP registration and call traffic.
This new way is superior to the current way, because if any of the ports is already occupied, the script will detect that error condition, via return value from the
Code:
upnpc
Worse comes to worse, if the UPnP mappings fail due to UPnP disabled on the gateway router, the script can print out the instructions to tell the admin to manually forward the 3 TCP ports to enable this remote softphone port knock security feature.
Most of the time though it'll just work, and save thousands or even hundreds of thousands of IPBX admins, so much time..