Browser-Phone VS slipstream

Which clients do you use? And how do you connect to a SIP trunk / DID without Asterisk?

I use WebRTC with Asterisk, and Browser Phone for the client (https://github.com/InnovateAsterisk/Browser-Phone). I don't use it much, but good enough for the rare times I have to use the phone.

Also have a look on this browser phone written using sipjs library for any help - https://github.com/InnovateAsterisk/Browser-Phone

If you want to go webrtc route you can check https://github.com/InnovateAsterisk/Browser-Phone which works with FS too.

with this SIPPhone in WebRTC( https://github.com/InnovateAsterisk/Browser-Phone.git)

Disabling UPnP makes your system more secure, but unless you also disable all NAT ALGs in your router, you're still exposed to its dangers.

I don't think most routers have a setting for that, so if infected devices are part of your security model, it would be wise to assume NAT is entirely non-functional because of [NAT slipstream attacks](https://samy.pl/slipstream/). An infected device can modify the router's NAT table to effectively act like UPnP, except they don't provide a user interface for you to audit.

If you're NAT free (i.e. only use IPv6) disabling UPnP can be a decent security measure if you're willing to manually do all of your firewall exclusions, but honestly host firewalls are the only reliable protection method for most people these days.

> Use a SIP Application Layer Gateway. This is a horrible feature offered by some routers. Basically, it deep-packet-inspects your SIP traffic, rewrites the headers, and creates port forwards on-the-fly to make sure the inbound audio stream makes its way to your device. SIP ALGs are a total hack and notoriously buggy.

Yes, these hacky ALG features also allowed internet users to access internal IPs on arbitrary services (!); named “remote arbitrary firewall pinhole control”. The attack was published in 2020 and named NAT slipstreaming [1].

[1] https://samy.pl/slipstream/