atcomsystems.ca/forum
Posted By: jsaad IP office trouble - 04/19/16 12:36 AM
We have an IP office 9.0 system with SIP trunk on LAN2 with a public IP on the LAN2. The system gets hacked regularly. A complex password is no trouble for the hacker.

We put the IPoffice lan 2 behind a firewall with SIP trunk connectivity results in one way speech.

I used Pfsense and had no luck. 2 days of banging my head against wall is no fun.

So I am hopeful someone can advise me on a product/firewall that will work easily.
Posted By: mongo5150 Re: IP office trouble - 04/19/16 01:03 AM
What SIP provider are you using? Have you set your stun server settings?

What about changing how the SIP provider authenticates, maybe from a specific WAN IP.?????
Posted By: jsaad Re: IP office trouble - 04/19/16 01:24 AM
Verizon Business SIP trunk. Stun 216.93.246.18
Haven't had good luck getting info from Verizon business, like pulling teeth.

TCP 5060 forwarded to IPO
UDP 46750 - 50750 forwarded to IPO

Outside party can hear us, but we (inside party) cannot hear outside caller.

I found an avaya guide to integrating with Verizon business sip trunk but it depicts using a public ip on the LAN2 which is a problem.

Hacking continues.


Posted By: mongo5150 Re: IP office trouble - 04/19/16 02:18 AM
Turn off port forwarding.
Set up STUN on LAN2
Posted By: jsaad Re: IP office trouble - 04/19/16 02:20 AM
yes i have stun on lan2, port forwarding was done in our router/firewall attached to lan2.

any suggestions for a firewall
Posted By: mongo5150 Re: IP office trouble - 04/19/16 11:45 AM
It is not the firewall. When STUN is set properly, you do not need any ports opened and forwarded.
Posted By: crazyfrog Re: IP office trouble - 04/26/16 01:32 AM
When you set up the port forwarding, could you set up original IP address of the port forwarding to be the SIP server's IP?

So only request from SIP server would forward to IPO, not any other IPs including any hacker's.
© Sundance Phone System Forums - VOIP & Cloud Phone Help