Ticket #5057 (closed Feature Requests: fixed)

Opened 2 years ago

Last modified 2 years ago

Device NAT setting defaults to 'no' in 2.9.

Reported by: drmessano Assigned to: p_lindheimer
Priority: minor Milestone: 2.9
Component: Core - Users/Devices Version: 2.9-branch
Keywords: Advanced Settings Cc:
Confirmation: Unreviewed Distro:
Backend Engine: All Distro Ver:
Backend Ver: SVN Revision (if applicable):

Description

The default for SIP nat under Advanced Settings > Devices which applies to new devices is 'no'. This default makes no sense and will catch many off-guard. Should be changed to 'yes'.

Change History

04/10/11 04:25:35 changed by drmessano

Note that even 'no' is incorrect here, as 'never' would effectively be the proper 'off' setting here.

'yes' is an 'allow', as the prerequisite externhost/externip, canreinvite/directmedia and localnet settings would need to be in place before the behavior is addressed with the individual device. 'yes' is a safe default that breaks nothing. This is well documented on the Wiki.

04/10/11 04:57:46 changed by drmessano

  • type changed from Bugs to Feature Requests.

Discussed with mickecarlsson on IRC. I don't disagree with our defaults being the Asterisk defaults, however, this setting is expected by many and a paradigm change was made for 2.9. Changing to a feature request. Existing installs should migrate to nat=yes as default, as the wonderful Advanced Settings module has a nice shiny arrowing noting when a setting is not default. This should minimize the impact of the change.

04/10/11 13:38:45 changed by p_lindheimer

  • owner set to p_lindheimer.
  • priority changed from major to minor.
  • component changed from Other Module to Core - Users/Devices.

I made the change to the default of no. I understand your perspective which is usually the mind set that I have on most things, not changing what people are used to.

The reason it was originally put as yes for the default is that it helped people setting up remote extensions but did not hurt standard installations. However, it also helps lower the security threshold when the default is yes since most people don't change this resulting in easier targets for SIP telephone fraud when systems get cracked. As a result, I think leaving the default to the more secure setting that is consistent with most installations (local extensions) is more important then the stumbling block it will create for some people as you correctly point out, but can be changed with the advanced settings default if desired.

I'm welcome to feedback on this perspective, it was security motivated but there may be other arguments or angles that I have not considered?

04/10/11 14:03:00 changed by drmessano

What about displaying NAT under "Device options" when a new SIP device/extension is created? There's real estate there for it.

If nothing else, one would see the setting is NO at creation time now and dig into why the default is now NO (if needed... See next paragraph). Right now, you would need to go back into the device settings AFTER creation, after an external device wasn't working, and nose around.

Providing the NAT option at creation time would also be better for security sake. We know NAT=yes ALWAYS works, local or external, where NAT=NO breaks external. One would be more inclined to NOT change the default from NO if the option was there to set for each device/extension at creation. Even if the grand majority of ones devices/extensions WERE external, and they DID change the default to YES, this would at least give them the option to select NO for specific devices/extensions. This would prevent one from just being lazy and leaving YES on devices/extensions that didn't need it.

04/10/11 14:16:22 changed by p_lindheimer

dremssano,

in 2.9 there is an option to show most of the options at device creation time in Advanced Settings, there's an "Always Show Device Details on Add" option which lets you see everything. However, in the simple mode, maybe there should be a few more things we see. What's your thoughts on that give that option?

(And it appears there is a bug, it appears that option is hidden, meaning it can't be set, that was not the intention, reporting that bug in a second.)

04/10/11 18:21:25 changed by drmessano

I'm aware of the "Always Show Device Details on Add", however, as I stated above, adding the NAT setting to simple mode would not only negate any support issues, but would facilitate better use of the default.

As far as expanding the scope of simple mode, the only other option that comes close in importance would perhaps be the canreinvite/directmedia setting as more use is made of it, however, I see it being at least a far second to NAT setting. I would also say cluttering simple mode with too many options would take away from the importance of the few we do show.

04/11/11 17:33:53 changed by p_lindheimer

  • status changed from new to closed.
  • resolution set to fixed.

(In [11990]) closes #5057 expose nat setting on extension creation when in simple mode

04/11/11 17:36:21 changed by p_lindheimer

I agree with you wrt to the nat setitng. On canreinvite though most installations, nat or not, don't usually change that default. I don't think it should be exposed at extension creation. If you need that then you are best of exposing all the settings since there are probably others as well. Also, the default for that can also be configured in the Advanced Settings.

04/12/11 02:40:22 changed by drmessano

I couldn't agree more. This change is perfect.