3CX SBC needs a VPN?

Discussion in '3CX Phone System - General' started by adrianc, Sep 4, 2015.

Thread Status:
Not open for further replies.
  1. adrianc

    Joined:
    Sep 4, 2015
    Messages:
    20
    Likes Received:
    0
    First post!

    Does the SBC need a VPN (firewall site to site) in order to run over? I thought it created it's own tunnel and went over the WAN?

    This is for version 12.5.
    We have a head office with the PBX and a single remote site with a SBC.

    Thanks
    Adrian
     
  2. Saqqara

    Saqqara Active Member

    Joined:
    Mar 12, 2014
    Messages:
    841
    Likes Received:
    125
    No it does not, connects over port 5090

    More info - http://www.3cx.com/docs/3cx-tunnel-session-border-controller/
     
  3. adrianc

    Joined:
    Sep 4, 2015
    Messages:
    20
    Likes Received:
    0
    Thought as much.
    I followed those steps but the phones are the SBC side wouldn't connect when I had it configured over the WAN.
    PBX firewall checker passed OK.
    Spoke to 3CX support and they said it needed to be over the VPN to work (which it then did) but I needed to go with live with an installation so didn't have time to troubleshoot further.

    Is there a way of seeing if the SBC has established a connection to the PBX? The logging on the SBC machine seems very limited.

    Adrian
     
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,355
    Likes Received:
    223
    My understanding is, that if you are using VPN, then the SBC isn't necessary. It's one or the other.
     
  5. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    2,947
    Likes Received:
    178
    If i recall when on the SBC, the phone configuration is different than if on a VPN.
    The Proxy and the SIP Server need to be setup. 1 is the SBC, the other is the PBX Public IP.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. adrianc

    Joined:
    Sep 4, 2015
    Messages:
    20
    Likes Received:
    0
    I agree about it shouldn't need the VPN
    My SBC config file looks like this & the SBC network is 192.168.201.x:

    [Log]
    Type=file # cout, cerr, file, syslog
    File=C:\ProgramData\3CXSBC\Logs\3cxsbc.log
    Level=ERR # NONE", "EMERG", "ALERT", "CRIT", "ERR", "WARNING", "NOTICE", "INFO", "DEBUG", "STACK", "ERR", "VERBOSE"
    [Bridge/123456]
    Name="3CX SBC"
    Password="bgsbc1234"
    ID=123456
    #LocalSipAddr=0.0.0.0
    #LocalSipPort=5060 # local SIP (UDP/TCP) address (def: 5060)
    TunnelAddr=192.168.200.1
    PbxSipPort=5060
    TunnelPort=5090
    PbxSipIP=192.168.200.1

    When it wasn't working, it looked like this (names & IPs generalised)
    [Log]
    Type=file # cout, cerr, file, syslog
    File=C:\ProgramData\3CXSBC\Logs\3cxsbc.log
    Level=ERR # NONE", "EMERG", "ALERT", "CRIT", "ERR", "WARNING", "NOTICE", "INFO", "DEBUG", "STACK", "ERR", "VERBOSE"
    [Bridge/123456]
    Name="3CX SBC"
    Password="bgsbc1234"
    ID=123456
    #LocalSipAddr=0.0.0.0
    #LocalSipPort=5060 # local SIP (UDP/TCP) address (def: 5060)
    TunnelAddr=3cx1.companydomain.co.uk
    PbxSipPort=5060
    TunnelPort=5090
    PbxSipIP=87.x.x.x

    Would you expect to have the same public IP in TunnelAddr & PbxSipIP for it to work?
    The phone provisioning for extensions at the remote site is configured to use SBC and the IP of the SBC server (192.168.201.1).
     
  7. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,355
    Likes Received:
    223
    I would have thought that the set-up (towards the 3CX server) would be similar (much the same parameters) as used in setting up any 3CX phone that uses the tunnel option.

    Server address, either public IP or URL
    Local PBX IP
    Port info

    So I'm not sure what the difference is between the #LocalSipAddr and the PbxSipIP, Is #LocalSipAddr even used?

    I would think that TunnelAddr would be the Public IP of the Server location, and that PbxSipIP was the local IP of the server.
     
  8. adrianc

    Joined:
    Sep 4, 2015
    Messages:
    20
    Likes Received:
    0
    Thanks.
    With some more testing I've got the following settings and can see traffic from site to site going over port 5090.
    TunnelAddr=87.x.x.x
    PbxSipPort=5060
    TunnelPort=5090
    PbxSipIP=192.168.200.1

    Autoprovisioning of the phone is completed up but registration of the user fails (Yealink T42)
    No actual errors in the PBX Server Log.
    Verbose logging on the SBC log doesn't show any errors that I can see that might cause this problem.
    But when the SBC config is set to use internal IPs for both address (over the VPN) it all works OK.
     
  9. adrianc

    Joined:
    Sep 4, 2015
    Messages:
    20
    Likes Received:
    0
    So after some more digging it appears as though the SBC was binding to a 169.254 address because the LocalSipAddr is commented out by default and the install wizard doesn't put anything into the values.
    I found this out by wiresharking the PBX and seeing the 169.254 address, then found a matching IP in the SBC log.

    By putting in these values in the config file:
    LocalSipAddr=192.168.201.1
    LocalSipPort=5060

    Now the phone registers & functions OK.
    Within the PBX > Phones it lists the phones as SBC: Yealink....... 87.x.x.x rather than the private IP as it did before.

    Will leave it and check back tomorrow to make sure it's still working in the cold light of day!
     
Thread Status:
Not open for further replies.