Listen On 2 Of 3 IP Addresses
Hello,
We have an Asterisk server with 3 IP addresses, and need to listen on only
2 of those. This is with chan_sip. Does anyone know if it’s possible?
If Asterisk listens on the third address then it seems to cause problems with the media address put in the SDP for our use case.
Thanks very much,
7 thoughts on - Listen On 2 Of 3 IP Addresses
It’s not. The chan_sip module allows you to bind to one thing, either a specific address or an any address.
Well… maybe chan_sip cannot, but your OS can restrict traffic on any port/iface.
-H
—
Henning Follmann | hfollmann@itcfollmann.com
—
The answer is to use chan_pjsip since chan_sip is all but dead, unsupported and going away in v21. Instead of making chan_sip listen on all IPs then making a bunch of firewall/filtering rules that block one of them from being used, use chan_pjsip. It is the right solution as it is the supported driver and will continue to see updates and bugfixes.
If you haven’t started a migration from chan_sip to chan_pjsip yet, it is best advised to make a migration plan and do it now. If there is a case where something in chan_sip hasn’t made it into chan_pjsip (or it did but hasn’t been really touched/updated since) and you really need that functionality, now is the time to figure that out.
>
> > Hello,
> >
> > We have an Asterisk server with 3 IP addresses, and need to listen on only
> > 2 of those. This is with chan_sip. Does anyone know if it’s possible?
> >
> > If Asterisk listens on the third address then it seems to cause problems
> > with the media address put in the SDP for our use case.
> >
>
> It’s not. The chan_sip module allows you to bind to one thing, either a
> specific address or an any address.
>
Well…
maybe chan_sip cannot, but your OS can restrict traffic on any port/iface.
-H
—
Henning Follmann | hfollmann@itcfollmann.com
—
Thank you for that reply, Joshua.
Henning, we can restrict access using the firewall, but unfortunately that doesn’t solve the problem with the address that’s put in the SDP.
Moving to chan_pjsip solves this problem.
From: asterisk-users on behalf of David Cunningham
Reply-To: Asterisk Users Mailing List – Non-Commercial Discussion
Date: Sunday, July 17, 2022 at 5:53 PM
To: Asterisk Users Mailing List – Non-Commercial Discussion
Subject: Re: [asterisk-users] Listen on 2 of 3 IP addresses
Thank you for that reply, Joshua.
Henning, we can restrict access using the firewall, but unfortunately that doesn’t solve the problem with the address that’s put in the SDP.
Well… maybe chan_sip cannot, but your OS can restrict traffic on any port/iface.
-H
I’ve always had my servers have two or three different vlan interfaces. When I was using sip, I only bound to one interface with network segments dedicated to voip phones, but did a great deal of experimentation. I think if the endpoint devices are under your control and to specific groups of IPs or if you just had a few clients with fixed IPs, you can probably do it with a combination of appropriate firewall and routing tables and rules. The rules would have to be symmetrical so the inbound and outbound packets are restricted to a particular interface.
I gave in to the future and switched a big deployment to pjsip a couple of years ago. Since then I’ve had to connect to a couple of appliance devices that needed to reside in another network, and am operating as you describe
– which as pointed out can be done with pjsip.
Thank you Thomas.