Incoming Numbers

Our provider deliver inbound numbers to the pbx directly by sip url

up until recently it was simple of adding to sip.conf

[incoming-77-240-54.10]
context=fromoutside
type=friend
host=77.240.54.10
disallow=all
allow=ulaw
allow=alaw
dtmfmode=rfc2833
insecure=port,invite

however the provider has now said we need to allow from 5 different /24 IP Ranges

how am i supposed to do this. create a duplicate of the above 1280 times :open_mouth:

Combine a good firewall with allowguest=yes.

I notice you are using type=friend, Does that mean your provider can authenticate with you with a username and password combo?

If so then you can set host=dynamic and add a permit and deny block to your peer in sip.conf and let they auth.

If they cant you could define a template and use it to create your peers and save some typing.

incomingprovider
context=fromoutside
type=peer
disallow=all
allow=ulaw,alaw
dtmfmode=rfc2833
insecure=port
deny=0.0.0.0/0.0.0.0
permit=77.240.54.0/255.255.254.0

provider-54.10
host=77.240.54.10

provider-54.20
host=77.240.54.20

provider-54.30
host=77.240.54.30

Heā€™s got insecure=invite, which means he thinks that they are not authenticating (although more likely he copies it without understanding, as with the friend). Iā€™m not sure why he has insecure=port.

People are so confused with the options insecure=port,invite and with the difference between peer and friend . Most of them use it without really understand what this really meansā€¦ I admit I was one themā€¦

[quote]

insecure=port Allow matching of peer by IP address without
matching port number
insecure=invite Do not require authentication of incoming INVITEs
insecure=port,invite (both)

;------- Naming devices ------------------------------------------------------
;
; When naming devices, make sure you understand how Asterisk matches calls
; that come in.
; 1. Asterisk checks the SIP From: address username and matches against
; names of devices with type=user
; The name is the text between square brackets [name]
; 2. Asterisk checks the From: addres and matches the list of devices
; with a type=peer
; 3. Asterisk checks the IP address (and port number) that the INVITE
; was sent from and matches against any devices with type=peer
;
; Donā€™t mix extensions with the names of the devices. Devices need a unique
; name. The device name is not used as phone numbers. Phone numbers are
; anything you declare as an extension in the dialplan (extensions.conf).
;
; When setting up trunks, make sure thereā€™s no risk that any From: username
; (caller ID) will match any of your device names, because then Asterisk
; might match the wrong device.
;
; Note: The parameter ā€œusernameā€ is not the username and in most cases is
; not needed at all. Check below. In later releases, itā€™s renamed
; to ā€œdefaultuserā€ which is a better name, since it is used in
; combination with the ā€œdefaultipā€ setting.[/quote]