Persistent connection from SIP client to FreePBX


 First post here and while I can't find any information in these forums (perhaps a noob pecking around) I have a use-case as follows:

 Establish a persistent link for a SIP client with the following:  
   UDP 5060 (SIP)
   UDP 10001-20000 (RTP)

While single ports are elementary, I can't for the life of me figure out where I specify the UDP range and am at wit's end.   

Remote.IT daemon version 4.20
Remote.IT desktop version v3.25.7


Remote.It is not designed to be port-forwarding to open a full range of ports, since it is really designed to work for applications which typically use 1-3 ports at a time. I will see if someone else from the community has a work around for you.

I’d appreciate it. In a remote office scenario, a lot of SIP Smartphones are used and that’s UDP 10001-20000. Not all smartphones have the ability to stick to one single port.

We really aren’t designed to handle a VoIP solution for a range of 10000 ports. I have found a couple of articles out on the web of how to do some things in the cloud with a firewall.
Good luck on finding a solution.

If your goal is just no open inbound ports on the FreePBX side then you could possibly setup a VPN connection from the sip client side to the freepbx side. The basics are:

  1. Setup a VPN server on the FreePBX side
  2. Setup a remoteit device on the FreePBX side (best to keep it separate from VPN server)
  3. Create a service from the remoteit device to the VPN server port
  4. Setup remoteit on the SIP client side
  5. Connect to the VPN service and get a host:port combination
  6. Install the VPN client on the SIP client side
  7. Install the client configuration file like you normally would do
  8. Change the server host and port in the VPN connection configuration to point to the remoteit host:port combination.
  9. Connect to the VPN.

This is a very simplified sudo setup but it is a powerful combination for these multiport use cases. What you lose is the zero trust of locking down the sip client system to only that host:port of the freepbx server.
If the system can connect to the vpn then it has access to the whole subnet. You would have to then lock it down via the VPN tunnel somehow so people can’t scope out the server side of your freepbx network. But this gives you no open inbound ports on the freepbx side.

1 Like