• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

STUN, ports and SBC

Status
Not open for further replies.

Andriy

Customer
Advanced Certified
Joined
Apr 14, 2018
Messages
183
Reaction score
16
Hello,

I have 20 Fanvil X3S phones in my office connected to 3CX iin cloud via STUN. However, they where all provisioned with same SIP port 5065.

This works fine and I did not have any problems so far, however, the tutorial below clearly states that I should either increment ports for each phone (for example 5060, 5061, 5062...... ) and also RTP ports as well or use 3CX SBC.

I have heard on this forum that SBC has many benefits (possible to use same port and additional encryption, as well as masking Voip traffic). However, I also heard that phones become dependent on SBC device, and it needs to reboot and may putt all the phones offline if it goes down.

https://www.3cx.com/3cxacademy/videos/intermediate/configuring-remote-extensions/

Am i just lucky that everything works? Should I
1) leave everything as is because "Ain't broke don't fix it" ?
2) Change ports for every phone to use different ports?
3) Switch to SBC and keep same ports?

Thank you
 
Hi Andriy,

For a site with more than a single remote phone I would always use the 3CX SBC as there are many benefits - you have been very lucky here however with your STUN phones.

Normally there are lots of port related issues (this is the reason you must increment). The other benefits that the SBC brings however are:

* Plug and Play provisioning (without having to enter username and password as you did with STUN).
* Added security across the 3CX tunnel as well as additional encryption if selected.
* Bandwidth and latency benefits (the traffic stays local to the remote site/phones) where with STUN it traverses back to the PBX and back up (hence PBX delivers audio is required).
* Benefits when using methods such as transfer, parking etc between the phones on the remote site - again for the above reasons.

If you start experiencing issues I would look at the SBC (and it is definitely the preferred method) with that being said if it is working fine you can stick with how you have it - however if you are security conscious you may want to switch to SBC for the security benefits it brings.
 
  • Like
Reactions: Andriy
Hello, eddv123

Thanks for the tips. So I was lucky? OK then i think i should not wait for anyh problems and will start getting ready with SBC.

I have installed SBC on Raspberry and it works just fine but
1) it worked just fine even before I added 5090 port forwarding rule. am i lucky again?
2) When calling a number through SBC it takes more time to start calling than when I do the same without SBC. is it a problem? does SBC add to latency?

Thank you
 
I find the setup of STUN can be very hit or miss, sometimes you get problems, sometimes none at all.

The 3CX SBC should always utilize port 5090, you must have a rule to allow it through the firewall somewhere or it will not build the tunnel, this is a must for the SBC. I would also enable port 5001 for provisioning also.

How long are we talking on this call delay ? it is not an issue I have encountered before.
 
Hmm,
That is very strange. I tried to connect the phones and make calls before adding 5090 port forwarding rule. I was expecting to get an error ^ but it just worked.

I later added the rule and nothing changed. I have now tried to remove the rule again - and still working. I double checked if my phone is connecting via SBC (not direct SIP or STUN), and I am sure it is in SBC mode. How is this possible remains a mystery.

as for calls delay - i measured with timer and its 8 seconds.
I pick up the phone > dial a number > no signals at all for 8 seconds > I start to hear waiting signals and the phone called starts ringing.

Without SBC (when using STUN)
I pick up the phone > dial a number > I start to hear waiting signals right away. Not a big problem, but a bit annoying because people do not know if there is something wrong with the phone and if they should wait more...
 
Your phones when provisioned using STUN are hard coded for 15 days, if you have re-provisioned them over the SBC this will work (at least it has for me in the past) ensure that you have re-provisioned the phones over the SBC however as if not they will still have the STUN configuration on them.

By provisioning across the SBC what I mean is that you have selected them in the phones node and added them to an extension as SBC.

8 seconds is a long time - I would PCAP trace this using wireshark from the handset.
 
Yes sure, I reprovisioned 2 phones to check and it worked. - the delay is a problem though.

Unfortunately, i did not lear yet what this means:
"PCAP trace this using wireshark"

Any documentations or tutorials on this?
 
Just to clarifiy... you need 5090 port forwarded on the PBX side... not the SBC side
 
Cobaltit

Thanks for clarification. I am using 3cx in Cloud hosted by 3cx - there is no option to set port forwarding. I think it is setup by default - isn't it?

PS: After 3 days of using SBC the delay seems to have went away.

thanks
 
Last edited:
Yes if you used PBX Express then the port forwarding on the PBX side should be all set.
 
  • Like
Reactions: Andriy
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Forum statistics

Threads
141,618
Messages
748,848
Members
144,729
Latest member
yparker0320
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.