Messages

Completely agree regarding the use of SIP when traveling to countries blocked via the GEOIP rule...

1. This is simple to achieve but it will be more complicated in some networks to use VoIP because the port will certainly be filtered/closed as it is non-standard.
2. IPV6 is not deployed everywhere so it will not work 100%
3. Yes, the VOIP server integrates this.

In conclusion, OPNSense will not be useful to me for this part.

Yes, that's already the case; the server integrates this protection.

The idea of moving this protection to the firewall will make it easier to load the VOIP server.
Given that the firewall is at the front of the internet, I'm wondering if it's not possible to add this task to it in addition to GEOIP.

Hi meyergru,

That's one approach, but it's going to pose a problem for me.

For example, if you have someone with a mobile phone and a SIP application, they can make calls from different ASNs...

Hello,

I'm planning to implement an OPNSense front-end for a VoIP server. I'm already using GEOIP country restrictions (GeoLite2-Country-CSV - Maxmind).

I'd now like to try to effectively block VoIP scans and targeted attacks. Is this possible ?

Do you have any feedback on this approach ?

Thank you for your replies.