[miro]

Hi,

i have 2 external extensions Yealink and Snom (they both last firmware) when i am calling local extension on remote site, i get 408 error on 3CX PBX activity log. When i am calling from local extension to both external extension everything is working great.


Do somebody know why i cant make outbound call from external extension (we also tried both phones directly connect to the Internet) but result was the same.

On extensions we have disabled "disallow use of extension outside the LAN" and "Disable outgoing call"


Please anyone help, thanks.

[Ian Joyce]

Are you trying them through the 3CX tunnel?

[miro]

3CX softphone on mobile phone is not stable for us, so we need to use TLS, is there any solution for TLS problem except 3CX tunnel?


Thanks.

[leejor]

Can you post a log showing the failed call?

[miro]

Hi,


this is output showing failed call from Activity log on our 3CX PBX:

13:09:08.999 [CM502001]: Source info: From: "300"<sip:300@95.178.149.32:5061>;tag=436607539<sip:200@95.178.149.32:5061>
13:09:08.999 [CM503013]: Call(22): Incoming call rejected, caller is unknown; msg=SipReq: INVITE 200@95.178.149.32:5061 tid=1948212017 cseq=INVITE contact=300@192.168.3.247:5062 / 2 from(wire) tlsd=192.168.0.20
13:09:08.998 [CM500002]: Info on incoming INVITE:
INVITE sip:200@95.178.149.32:5061 SIP/2.0
Via: SIP/2.0/TLS 192.168.3.247:5062;rport=23779;branch=z9hG4bK1948212017;received=82.193.210.128
Max-Forwards: 70
Contact: <sip:300@192.168.3.247:5062;transport=TLS>
To: <sip:200@95.178.149.32:5061>
From: "300"<sip:300@95.178.149.32:5061>;tag=436607539
Call-ID: 514761361@192.168.3.247
CSeq: 2 INVITE
Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
Proxy-Authorization: Digest username="300",realm="3CXPhoneSystem",nonce="414d535c054053e446:b5ac988ca7c4d1d4b60f9d1a52ea7c1a",uri="sip:200@95.178.149.32:5061",response="14bdfbcf04f4ea90006241b35f4ccac7",algorithm=MD5
Supported: replaces
User-Agent: Yealink SIP-T20P 9.61.0.80
Allow-Events: talk, hold, conference, refer, check-sync
Content-Length: 0


Thanks.

[miro]

Hi,


we also tried new install of 3CX PBX and results are the same, output from Activity log on PBX are the same:

09:14:38.716 [CM502001]: Source info: From: "400"<sip:400@95.178.xxx.yyy:5061>;tag=188802917<sip:200@95.178.xxx.yyy:5061>
09:14:38.716 [CM503013]: Call(1): Incoming call rejected, caller is unknown; msg=SipReq: INVITE 200@95.178.xxx.yyy:5061 tid=1431561073 cseq=INVITE contact=400@192.168.3.247:5062 / 2 from(wire) tlsd=192.168.0.20
09:14:38.257 [CM500002]: Unidentified incoming call. Review INVITE and adjust source identification:
INVITE sip:200@95.178.xxx.yyy:5061 SIP/2.0
Via: SIP/2.0/TLS 192.168.3.247:5062;rport=48034;branch=z9hG4bK873857542;received=82.193.210.128
Max-Forwards: 70
Contact: <sip:400@192.168.3.247:5062;transport=TLS>
To: <sip:200@95.178.xxx.yyy:5061>
From: "400"<sip:400@95.178.xxx.yyy:5061>;tag=188802917
Call-ID: 1175737099@192.168.3.247
CSeq: 1 INVITE
Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
Supported: replaces
User-Agent: Yealink SIP-T20P 9.61.0.80
Allow-Events: talk, hold, conference, refer, check-sync
Content-Length: 0


Please help, thanks.

[leejor]

You haven't detailed which extensions are located where, so I'm going to have to make some assumptions ...

09:14:38.257 [CM500002]: Unidentified incoming call. Review INVITE and adjust source identification:

This explains why the call won't go through.

To: <sip:200@95.178.xxx.yyy:5061>
From: "400"<sip:400@95.178.xxx.yyy:5061>;tag=188802917

This bothers me...are these the two extensions at the remote location? If so, why do they both have the same port number? I'm assuming that 95.178.149.32 is the public IP at the remote end?
If that is the case, then you need to change that. Remote devices, behind the same router, NOT using the 3CX Proxy Server or tunnel, should each have different port numbers.

[miro]

Hi,

400 is external extension,and 200 is local extension, 82.193.210.128 is public ip on remote side and 95.178.xxx.yyy public ip on local side where is 3cx (behind nat), port 5061 is used for TLS and it should be the same.


We have tested today with connection of 3CX PBX directly to the Internet and created new TLS certificate with public IP interface and choose in 3cx PBX that public interface to listen for tls, and everything works fine.

We have found out, that when you create certificate you must put IP address or domain name of interface which listen TLS, so this can only be interface which is on LAN (example 192.168.x.y) or Public IP address, not behind NAT. And that is why TLS cant work behind NAT and we have problem with external extension.