Jump to content
Vodia PBX forum
netpro78

61.1 Blacklist

Recommended Posts

After upgrading to 61.1 I have started getting notifications of IPs being blacklisted for unsuccessful authentication attempts.  The IPs are from my trunks, and when I look at the attached capture, it is an Invite, and not an authentication attempt.

Share this post


Link to post
Share on other sites

Hi,

 

Thank you for bringing that to our notice, but 61.1. is a test build and has not been fully developed. Please go back to 61.0 for this issue to not occur.

Share this post


Link to post
Share on other sites

There was a bug where it would initially permanently whitelist addresses for the trunk, then when there was a call, it would whitelist if for the duration of the call, well and when the call ended it would delete the entry. Then the trunk was essentially not whitelisted and this could lead to blacklisting. Anyway, as we make build for 61.1 that problem should be fixed in the latest build. 

Share this post


Link to post
Share on other sites

I upgraded to 62.0 to pickup the fixes where the PBX would accidentally blacklist trunk IPs, however after the upgrade it seems to be blacklisting phones that have never had an issue registering in the past (and their configs have not changed).  If I whitelist their IPs, they can successfully register.  In some cases I noticed that the phone has successfully registered, however the IP was then blacklisted after the fact when subscribing to a BLF.

Share this post


Link to post
Share on other sites

There was still one glitch with at least one of the the 61.1 builds - which was fixed with 62.0. We still have reports that trunks get blacklisted, it seems to be related to using DNS addresses in the explicit list for the approved IP addresses.

Share this post


Link to post
Share on other sites

My trunks are all hardcoded to IPs, and they are working fine after 62.0 however my phones that started to have issues after upgrading to 62.0 are all using DNS if that could be part of the issue.

Also I saw some comments that 62.0 would have options to set the dynamic blacklist at either the IP, or the Port level.  I do not see that option, as well as I believe a related feature was a ratelimit on the emails that it generates, and I do not see those options either.

Share this post


Link to post
Share on other sites

Previously the blacklisting was strictly on per port basis, which did not make much sense for TCP/TLS. Now it is on address basis unless there is something whitelisted on that address already. We still have an issue with trunks, it is not clear what exactly triggers it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×