FreePBX Remote Extension Problems
-
I'm doing testing with a remote extension that I'm setting up for use by an employee that will be working across the pond in the near future. I've recently been getting unsolicited calls from extensions that do not exist on our network. The caller is not originating from our FreePBX instance, and is spamming the device directly.
From everything I've read changing the port number that the client registers on from the default of 5060 should pretty much take care of the calls, but every time I try to change it on the extension in FreePBX GUI it does nothing.
Any pointers on how I can make this change?
-
What do you mean that it does nothing? Do you mean that the change does not take effect, or that calls keep coming in regardless?
-
@scottalanmiller said in FreePBX Remote Extension Problems:
What do you mean that it does nothing? Do you mean that the change does not take effect, or that calls keep coming in regardless?
I change the port number on the extension from 5060 to a nonstandard port, save the changes, and apply configuration and there is no change. The phone stays registered and continues receiving calls.
If I go into the phone and change the registration port manually it immediately loses registration until I change it back to the standard 5060.
(Yealink T23G)
-
With that Yealink I'm pretty sure you can limit communication over SIP to just the Asterisk server. I think it is the security section.
-
@coliver said in FreePBX Remote Extension Problems:
With that Yealink I'm pretty sure you can limit communication over SIP to just the Asterisk server. I think it is the security section.
That's not where the security concern is, though. It's the other way, you want to limit it on the PBX. That people can use your handset for other things really doesn't matter.
-
@scottalanmiller said in FreePBX Remote Extension Problems:
What do you mean that it does nothing? Do you mean that the change does not take effect, or that calls keep coming in regardless?
Yes, it is like it does not recognize the port number being changed. It still registers the device on 5060 instead of say, 5072. I'm not sure what I'm missing.
-
@scottalanmiller said in FreePBX Remote Extension Problems:
@coliver said in FreePBX Remote Extension Problems:
With that Yealink I'm pretty sure you can limit communication over SIP to just the Asterisk server. I think it is the security section.
That's not where the security concern is, though. It's the other way, you want to limit it on the PBX. That people can use your handset for other things really doesn't matter.
Wouldn't that also prevent these calls from coming in or am I missing the point?
-
@coliver said in FreePBX Remote Extension Problems:
@scottalanmiller said in FreePBX Remote Extension Problems:
@coliver said in FreePBX Remote Extension Problems:
With that Yealink I'm pretty sure you can limit communication over SIP to just the Asterisk server. I think it is the security section.
That's not where the security concern is, though. It's the other way, you want to limit it on the PBX. That people can use your handset for other things really doesn't matter.
Wouldn't that also prevent these calls from coming in or am I missing the point?
Phones reach out to the PBX, not the other way around. It's a one way thing. Like a browser to a web server, exactly the same. The phones are never the servers.
-
@RamblingBiped said in FreePBX Remote Extension Problems:
The caller is not originating from our FreePBX instance, and is spamming the device directly.
Wouldn't that seem to indicate that blocking all traffic but the SIP traffic from the PBX would resolve the issue of unsolicited calls?
-
@coliver said in FreePBX Remote Extension Problems:
@RamblingBiped said in FreePBX Remote Extension Problems:
The caller is not originating from our FreePBX instance, and is spamming the device directly.
Wouldn't that seem to indicate that blocking all traffic but the SIP traffic from the PBX would resolve the issue of unsolicited calls?
I guess I might have the wrong end of the stick... are the phones getting calls that are NOT from the PBX? Rather than the PBX having anonymous calls routed through it?
-
@scottalanmiller said in FreePBX Remote Extension Problems:
@coliver said in FreePBX Remote Extension Problems:
With that Yealink I'm pretty sure you can limit communication over SIP to just the Asterisk server. I think it is the security section.
That's not where the security concern is, though. It's the other way, you want to limit it on the PBX. That people can use your handset for other things really doesn't matter.
The problem is the calls are being made directly to the device, circumventing the PBX completely... I'm getting odd extensions like 10001 and 1001 ringing the phone constantly.
I found an option in the devices configuration for IP calling that was enabled. So far (fingers crossed) since disabling that the problem has stopped.
For anyone else experiencing the issue, the option is:
Yealink WEB UI > Features tab > General Information Page > "Allow IP Calling"
Set the above to Disabled and confirm changes.
-
@RamblingBiped said in FreePBX Remote Extension Problems:
@scottalanmiller said in FreePBX Remote Extension Problems:
@coliver said in FreePBX Remote Extension Problems:
With that Yealink I'm pretty sure you can limit communication over SIP to just the Asterisk server. I think it is the security section.
That's not where the security concern is, though. It's the other way, you want to limit it on the PBX. That people can use your handset for other things really doesn't matter.
The problem is the calls are being made directly to the device, circumventing the PBX completely... I'm getting odd extensions like 10001 and 1001 ringing the phone constantly.
I found an option in the devices configuration for IP calling that was enabled. So far (fingers crossed) since disabling that the problem has stopped.
For anyone else experiencing the issue, the option is:
Yealink WEB UI > Features tab > General Information Page > "Allow IP Calling"
Set the above to Disabled and confirm changes.
Sorry, I had misunderstood. Yes, disabling IP calling would likely solve the issue.
-
@scottalanmiller said in FreePBX Remote Extension Problems:
@coliver said in FreePBX Remote Extension Problems:
@RamblingBiped said in FreePBX Remote Extension Problems:
The caller is not originating from our FreePBX instance, and is spamming the device directly.
Wouldn't that seem to indicate that blocking all traffic but the SIP traffic from the PBX would resolve the issue of unsolicited calls?
I guess I might have the wrong end of the stick... are the phones getting calls that are NOT from the PBX? Rather than the PBX having anonymous calls routed through it?
Exactly. It seems that there are scripts running constantly looking for open sip ports on public IPs. When they find them they attempt to make calls directly to the IP hoping to uncover an avenue of exploitation.
-
@scottalanmiller said in FreePBX Remote Extension Problems:
@RamblingBiped said in FreePBX Remote Extension Problems:
@scottalanmiller said in FreePBX Remote Extension Problems:
@coliver said in FreePBX Remote Extension Problems:
With that Yealink I'm pretty sure you can limit communication over SIP to just the Asterisk server. I think it is the security section.
That's not where the security concern is, though. It's the other way, you want to limit it on the PBX. That people can use your handset for other things really doesn't matter.
The problem is the calls are being made directly to the device, circumventing the PBX completely... I'm getting odd extensions like 10001 and 1001 ringing the phone constantly.
I found an option in the devices configuration for IP calling that was enabled. So far (fingers crossed) since disabling that the problem has stopped.
For anyone else experiencing the issue, the option is:
Yealink WEB UI > Features tab > General Information Page > "Allow IP Calling"
Set the above to Disabled and confirm changes.
Sorry, I had misunderstood. Yes, disabling IP calling would likely solve the issue.
Yep, seems to have fixed the issue. However, I do find it kind of odd that FreePBX GUI has an option for defining a specific port number for an extension that basically does nothing...
Either way, problem resolved! Thanks to @coliver for pointing me in the right direction. I had initially looked through the configuration and not found the BURIED option that I was needing.
-
@scottalanmiller said in FreePBX Remote Extension Problems:
@coliver said in FreePBX Remote Extension Problems:
@RamblingBiped said in FreePBX Remote Extension Problems:
The caller is not originating from our FreePBX instance, and is spamming the device directly.
Wouldn't that seem to indicate that blocking all traffic but the SIP traffic from the PBX would resolve the issue of unsolicited calls?
I guess I might have the wrong end of the stick... are the phones getting calls that are NOT from the PBX? Rather than the PBX having anonymous calls routed through it?
That's how I read it. But that brings up another issues, shouldn't the registration process prevent this from happening?
-
@coliver said in FreePBX Remote Extension Problems:
@scottalanmiller said in FreePBX Remote Extension Problems:
@coliver said in FreePBX Remote Extension Problems:
@RamblingBiped said in FreePBX Remote Extension Problems:
The caller is not originating from our FreePBX instance, and is spamming the device directly.
Wouldn't that seem to indicate that blocking all traffic but the SIP traffic from the PBX would resolve the issue of unsolicited calls?
I guess I might have the wrong end of the stick... are the phones getting calls that are NOT from the PBX? Rather than the PBX having anonymous calls routed through it?
That's how I read it. But that brings up another issues, shouldn't the registration process prevent this from happening?
No registration used when there is no PBX involved.
-
@mlnews said in FreePBX Remote Extension Problems:
@coliver said in FreePBX Remote Extension Problems:
@scottalanmiller said in FreePBX Remote Extension Problems:
@coliver said in FreePBX Remote Extension Problems:
@RamblingBiped said in FreePBX Remote Extension Problems:
The caller is not originating from our FreePBX instance, and is spamming the device directly.
Wouldn't that seem to indicate that blocking all traffic but the SIP traffic from the PBX would resolve the issue of unsolicited calls?
I guess I might have the wrong end of the stick... are the phones getting calls that are NOT from the PBX? Rather than the PBX having anonymous calls routed through it?
That's how I read it. But that brings up another issues, shouldn't the registration process prevent this from happening?
No registration used when there is no PBX involved.
So the phone was just accepting all SIP requests. Glad you fixed it @RamblingBiped .
-
Aaaaaand I just received another call from some random extension.
Problem un-resolved.
-
@coliver said in FreePBX Remote Extension Problems:
@mlnews said in FreePBX Remote Extension Problems:
@coliver said in FreePBX Remote Extension Problems:
@scottalanmiller said in FreePBX Remote Extension Problems:
@coliver said in FreePBX Remote Extension Problems:
@RamblingBiped said in FreePBX Remote Extension Problems:
The caller is not originating from our FreePBX instance, and is spamming the device directly.
Wouldn't that seem to indicate that blocking all traffic but the SIP traffic from the PBX would resolve the issue of unsolicited calls?
I guess I might have the wrong end of the stick... are the phones getting calls that are NOT from the PBX? Rather than the PBX having anonymous calls routed through it?
That's how I read it. But that brings up another issues, shouldn't the registration process prevent this from happening?
No registration used when there is no PBX involved.
So the phone was just accepting all SIP requests. Glad you fixed it @RamblingBiped .
Yeah, that's actually pretty standard. You can just throw a bunch of phones on a network and dial each other via IP. No one does it, but nearly all phones support it out of the box.
-
@RamblingBiped said in FreePBX Remote Extension Problems:
Aaaaaand I just received another call from some random extension.
Problem un-resolved.
Well that sucks. Look for a setting called something like "Anonymous SIP".