We're in the process of routing calls through our on-prem pbx (NOT through telnyx/twilio/vonage/other SIP provider) over to vapi and would like some clarifications on a few things: 1. Can I add our pbx's public IP's to an allowed list within our vapi account? - This could allow us to not set authentication on our numbers and rely on IP based security. 2. Which codecs are supported? - I was able to get g.711/ulaw as g.722 to work without issue, but Opus had unexpected results and resulted in no audio. 3. Are there any media IP ranges and UDP port ranges that need to be put into our allow list? - This is typically supplied by providers to ensure compatibility with other systems. A good example is https://sip.telnyx.com/ 4. Does VAPI support TLS/SRTP communication? I'm sure I have more questions but this should suffice. Again, I am not using a CPaaS to connect, so vendor specific information (twilio, telnyx, vonage) will not fully apply. Thank you and please let me know if you have any questions!

@Cheeto_Burrito Hello! I'm Shubham from Vapi Solutions Engineering team. Let me address your questions about direct SIP connectivity: 1. **IP Whitelisting & Authentication**: Yes, you can configure IP-based security through our BYO SIP Trunk functionality. This is defined as:

ts
export class SipTrunkGateway {
  /**
   * This is the address of the gateway. It can be an IPv4 address like 1.1.1.1 or a fully qualified domain name like my-sip-trunk.pstn.twilio.com.
   */
  @IsFQDNOrIP({ ipVersion: '4' })
  ip: string;

  /**
   * This is the port number of the gateway. Default is 5060.
   *
   * @default 5060
   */
  @IsOptional()
  @IsNumberWithHelpfulError()
  @Min(1)
  @Max(65535)
  port?: number;

  /**
   * This is the netmask of the gateway. Defaults to 32.
   *
   * @default 32
   */
  @IsOptional()
  @IsInt()
  @Min(24)
  @Max(32)
  netmask?: number;

  /**
   * This is whether inbound calls are allowed from this gateway. Default is true.
   *
   * @default true
   */
  @IsOptional()
  @IsBoolean()
  inboundEnabled?: boolean;

  /**
   * This is whether outbound calls should be sent to this gateway. Default is true.
   *
   * Note, if netmask is less than 32, it doesn't affect the outbound IPs that are tried. 1 attempt is made to `ip:port`.
   *
   * @default true
   */
  @IsOptional()
  @IsBoolean()
  outboundEnabled?: boolean;

  /**
   * This is the protocol to use for SIP signaling outbound calls. Default is udp.
   *
   * @default udp
   */
  @IsOptional()
  @IsString()
  @IsIn(['tls/srtp', 'tcp', 'tls', 'udp'])
  outboundProtocol?: string;

  /**
   * This is whether to send options ping to the gateway. This can be used to check if the gateway is reachable. Default is false.
   *
   * This is useful for high availability setups where you want to check if the gateway is reachable before routing calls to it. Note, if no gateway for a trunk is reachable, outbound calls will be rejected.
   *
   * @default false
   */
  @IsOptional()
  @IsBoolean()
  optionsPingEnabled?: boolean;
}

2. **Supported Codecs**: - G.711U - G.711A - G.729 - OPUS 3. **Media IP Ranges & Ports**: For SIP signaling: - Protocol: UDP/TCP - Default Port - Dynamic IP allocation from our SBC cluster For RTP Media: - Port Range: Default - Dynamic IP allocation from our SBC cluster 4. **TLS/SRTP Support**: Yes, we support TLS/SRTP for secure communications. You can configure this in the gateway settings:

ts
  @IsOptional()
  @IsString()
  @IsIn(['tls/srtp', 'tcp', 'tls', 'udp'])
  outboundProtocol?: string;