We have a FreePBX-12 / Asterisk-12 setup that supports about 24
extensions, most internal Snom870s but six or so external (Jitsi-2.8). we use TLS and SRTP everywhere on our side of the fence. The server host is a dedicated atom(tm) box using the FreePBX distro (CentOS-6.x)
and is up-to-date. Registrations require very long random passwords and registrable devices are further restricted by netblock filters. We have the usual firewall and fail2ban intrusion prevention and detection set-ups in place.
Our connection to the rest of the world is via PSTN.
We do our own DNS, both forward and reverse. We have NAPTR and SRV
RRs for SIP and SIPS.
That is the environment. Now for the questions.
Can I safely configure FreePBX/Asterisk to allow people to call us directly via SIP? In other words, sip://firstname.lastname@example.org would reach us and ring internally as if someone had called our main office number via PSTN. Does it make sense to do so?
I am not talking about routing our main number through a SIP trunk provider. We will remain on PSTN for the foreseeable future. But I
am curious as to whether or not it it worthwhile to allow others who have the capability to simply call us via SIP rather than over PSTN. And if we do allow it what are the caveats and how does one actually configure Asterisk to do it?
I have read a number of blogs, sections of the Definitive Asterisk book and mailing list archived posts respecting anonymous SIP calls. But I have to say these leave me rather more confused than informed. Virtually all sources advise against accepting any anonymous incoming SIP calls whatsoever. The few that do not absolutely advise against do not give much guidance in how to handle incoming calls. And frankly, I have only a dim idea how an incoming SIP call should be handled from a theoretical point of view.
Any guidance would be welcome.