My voice service provider (Vitelity) uses IP authentication and has provided me with the appropriate peer settings for the trunk including their host server address.
However they said that incoming Invites would be coming from a whole range of IP addresses.
I guess the way to accomodate for that would be to set allowguests=yes, which I prefer not do to.
Or to create a peer for each possible host IP address but that is probably also not practical.
Is there a reasonable way to accomplish this without laxing security with allowguests?
That would almost be impossible with the size of the IP address ranges that Vitelity told me signaling (and media) might come from.
It’s several /24 networks.
Is there another way with pjsip or using permit/deny maybe ?
It uses the same core support as “permit” and “deny” so the way you specify for them will also work for it, including what you’ve done. You would need to uncomment all of that section though.