STUN does NOT choose random ports
Thank you Adrian. I know. I shouldn't read-up on stuff when I'm tired.
Agree with @DigitalDaz Stop using STUN (as I said earlier).
Aye. I think I'd already decided that STUN is not an option. No STUN. Bad STUN. Sit! Stay!
Even if you do cobble together some sort of mechanism to update FreeSwitch when your pubic IP changes, what is going to happen to the pubic endpoints registered to the old public IP address?
The endpoints are registered via dynamic domain name. As far as I can tell, a DNS query happens prior to registration, so as long as the DDNS IP propagates, it should then register on the newly resolved IP. Not perfect, I know.
The settings for ext_sip_ip and ext_rtp_ip only affect what FreeSwitch puts in its Contact headers and SDP body respectively.
Yes and they have to match my router's port-forwarding config to reach the PBX. The problem is that I can't dynamically allocate port forwarding with FreeSWITCH as it doesn't speak my router's dialect of UPnP. If it did, I wouldn't have had to try S**N.
Port forwarding or DMZ should work just fine as long as your public IP does not change (too often).
I am considering DMZ as I can override it via specific port definitions so using it won't break anything else on the inside. But that's mainly for ports. I 'just' need to keep FreeSWITCH up-to-date with the public IP :/
BTW, Adrian and Daz, I'd like to hear your thoughts on using UPnP in these kinds of difficult environments. Have you ever needed to use it before?
If this ends up paying for itself, I'll look into getting a VPS to sit it in. I'm also going to have to bite the IP6 bullet - I've left it far too long already.