I HAVE A DREAM Public Facing (SIP) + TravelinMan (SSH, etc) ?

M

markd89

Member
Joined
Sep 3, 2013
Messages
97
Reaction score
9
I read http://nerdvittles.com/?p=30297 about the Public Facing option where a FQDN is needed to connect to the server.

I like the idea of doing that to make access easy for Softphones on Android.

Part of @wardmundy's writeup is to obfuscate the SSH port. I'm assuming that this is because SSH is now open to the world.

My question is why not combine the FQDN idea with TravelinMan? i.e. Require FQDN to access the server for SIP, but for other protocols require a whitelisted/TravelinMan IP.

This would make it easy for users with cell phones (who may not be technical) and for admin access (me), I can jump through the TravelinMan hoops for SSH. The result should be a more secure server as only SIP is open to the world.

What do you think?
 
KNERD

KNERD

Well-Known Member
Joined
Mar 9, 2014
Messages
1,677
Reaction score
593
Or you could setup VPN where SSH is only listening on port 22 of the VPN private IP address of the server.
Another easy option is to use certificate only login access to SSH
 
wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,206
Reaction score
5,228
markd89 said:
I read http://nerdvittles.com/?p=30297 about the Public Facing option where a FQDN is needed to connect to the server.

I like the idea of doing that to make access easy for Softphones on Android.

Part of @wardmundy's writeup is to obfuscate the SSH port. I'm assuming that this is because SSH is now open to the world.

My question is why not combine the FQDN idea with TravelinMan? i.e. Require FQDN to access the server for SIP, but for other protocols require a whitelisted/TravelinMan IP.

This would make it easy for users with cell phones (who may not be technical) and for admin access (me), I can jump through the TravelinMan hoops for SSH. The result should be a more secure server as only SIP is open to the world.

What do you think?
Click to expand...

The problem with a WhiteList for SSH is, when you're out of town, you are locked out. Any of @KNERD suggestions eliminate this.
 
M

markd89

Member
Joined
Sep 3, 2013
Messages
97
Reaction score
9
wardmundy said:
The problem with a WhiteList for SSH is, when you're out of town, you are locked out. Any of @KNERD suggestions eliminate this.
Click to expand...

Thanks, Ward. Wouldn't TravelinMan always make sure I have access. (Always = within a few minutes of my dynamic dns updating)?
 
M

markd89

Member
Joined
Sep 3, 2013
Messages
97
Reaction score
9
If I enable Public Facing with your script, does TravelinMan coexist or is there hacking involved in using them together?

(I looked at your install script and it's a little over my head)

Thanks again,
Mark
 
You must log in or register to reply here.

Members online

No members online now.
Total: 96 (members: 0, guests: 96)

Latest Posts

Forum statistics

Threads
25,825
Messages
167,843
Members
19,250
Latest member
mark-curtis
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Top