3CX Soft Phone via Public IP (i.e. no VPN)

Discussion in '3CX Phone System - General' started by ziptalk, Nov 22, 2008.

Thread Status:
Not open for further replies.
  1. ziptalk

    ziptalk New Member

    Joined:
    Nov 16, 2008
    Messages:
    180
    Likes Received:
    0
    I have a simple requirement. I have fully tested the 3CX with VOIP gateways, an Analogue Gateway and can happily make and receive calls.

    When I test the Soft Phone from remote locations, I generally use a VPN connection. However, I would like the ability for the 3CX soft phone to connect in via the WAN address of the 3CX server.

    Upon configuring the 3CX SoftPhone client to connect to the WAN address, it successfully logs in. However, any calls that I make get returned as 'forbidden'.

    Calls made to this softphone from either phones on the LAN where the 3CX is based come through fine.

    Has anyone successfully managed to get a 3CX soft phone or any SIP phone to connect externally via the WAN address (Public IP) ?

    I have included my Server log below that gets generated when I try to establish a call from the SoftPhone that's not on the VPN - if anyone can see anything there that they can assist on that would be greatly appreciated. Thanks for your help. Regards, Lewis

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. light.drg

    Joined:
    Dec 23, 2008
    Messages:
    1
    Likes Received:
    0
    Hi I'm Light
    I have that problem too. And I can make call from vpn to vpn but i can't hear the voic from any distinations.
    Have you been succesfull call from vpn to vpn user with soft phone or hard phone? If can please help me to resolve this problem.
    Thanks you so much.
    Light
    :)
     
  3. ess

    ess New Member

    Joined:
    Jun 8, 2007
    Messages:
    133
    Likes Received:
    0
    This is most likely a firewall issue. A common mistake is that both ends do not have the proper ports open. Say the 3cx server is at work, and the softphone is at home. You need to have the sip and rtp ports open on the firewall at work AND at home.

    Checkout this FAQ on how to setup a home router for this 2-way communication between home and work.
    https://www.3cx.com/docs/manual/firewall-router-configuration/

    Let me know how it goes!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 ess, Dec 24, 2008
    Last edited by a moderator: Jul 19, 2018
  4. ziptalk

    ziptalk New Member

    Joined:
    Nov 16, 2008
    Messages:
    180
    Likes Received:
    0
    I managed to get this working in the end and believe it was a NAT / firewall issue.

    I am not sure how I over came it, but it was pretty much ensuring that the FQDN sip.ziptechservices.co.uk had the usual ports forwarded to the 3CX internal IP Address, and under Settings > General that sip.ziptechservices.co.uk was specified as the URI to receive external calls.

    Interestingly enough, my observations are that clients connected via VPN seem to be quicker, although it shouldn't be because either way it's packet switching across the Internet. Might be coincidence, but certainly my experience. I found the x-lite softphone client is not as quick as the 3CX one, but I am still in early-days of trialling.

    Getting it to do what you want it to do isn't that hard, getting it to do it consistently and reliably is my challenging over remote broadband links.

    Lewis
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. ziptalk

    ziptalk New Member

    Joined:
    Nov 16, 2008
    Messages:
    180
    Likes Received:
    0
    I think i tricked myself here in thinking I had overcome this problem. I haven't. I had a lan-to-lan VPN on one of our routers, and hence this skewed my interpretation that I had this one nailed. I have now come onto the remote testing phase of my setup i.e. remote softphones and hardphones and realise I still receive forbidden when I call an internal extension from the WAN. I can sign in and register my extension fine in my softphone okay with or without the tunnel.

    I cleared the Server Activity Log, dialled extension 3969 which is a SNOM 320 sat in the office. I am connecting to sip.ziptechservices.co.uk over the Internet. And I receive 'Forbidden' in the softphone. Any ideas what I am missing, I have all the respective ports forwarding inbound, i.e. sip/5060/tcp, rtp-9000-9049 tcp and udp/5090 tcp for the tunnel. Signing in is not a problem, calling an internal extension is: see log.

    Code:
    23:03:24.582  [CM503008]: Call(49): Call is terminated
    
    23:03:24.582  [CM502001]: Source info: From: "Lewis Sheridan"<sip:3966@94.185.202.167:5060>;tag=454e1439<sip:3969@94.185.202.167:5060>
    
    23:03:24.582  [CM503013]: Call(49): Incoming call rejected, caller is unknown; msg=SipReq:  INVITE 3969@94.185.202.167:5060 tid=836919194b18d800 cseq=INVITE contact=3966@82.71.0.209:21590 / 2 from(wire)
    
    23:03:24.382  [CM500002]: Unidentified incoming call. Review INVITE and adjust source identification:
    
      INVITE sip:3969@94.185.202.167:5060 SIP/2.0
    
      Via: SIP/2.0/UDP 192.168.80.101:51636;branch=z9hG4bK-d8754z-9f590d1fb024b839-1---d8754z-;rport=21590;received=82.71.0.209
    
      Max-Forwards: 70
    
      Contact: <sip:3966@82.71.0.209:21590>
    
      To: <sip:3969@94.185.202.167:5060>
    
      From: "Lewis Sheridan"<sip:3966@94.185.202.167:5060>;tag=454e1439
    
      Call-ID: ZTJhMDFlOGJlMTUzMmU0OWQ1ZGJiNzJhOTI1ZjBlYzc.
    
      CSeq: 1 INVITE
    
      Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, SUBSCRIBE, NOTIFY, REFER, INFO
    
      Supported: replaces
    
      User-Agent: 3CXVoipPhone 3.0.4959.0
    
      Content-Length: 0
    
      
    
    
    23:03:24.382  [CM302001]: Authorization system can not identify source of: SipReq:  INVITE 3969@94.185.202.167:5060 tid=9f590d1fb024b839 cseq=INVITE contact=3966@82.71.0.209:21590 / 1 from(wire)
    
    Appreciate any assistance on this - since the two features that make this a goer is oddly enough the fact that calls do not present themselves to extensions that are busy in a hunt group, i.e. just skips to the next, and the ability to have remote home workers and the hunt-group work remotely. I really want to lose the dependency on any VPN connectivity and truely have this work across the Internet.

    Thanks in advance, Lewis
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. William400

    William400 Well-Known Member

    Joined:
    Aug 21, 2006
    Messages:
    1,005
    Likes Received:
    0
    Hi

    Try to do the following;

    1. Set all remote phones to register against the public IP of 3Cx server.
    2. Set the 3CX Server > General , SIP domain to read the private IP address of the 3CX server. We suspect this is set to an FQDN. If you need to change this restart the 3CX Phone System service.

    Please advise the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. ziptalk

    ziptalk New Member

    Joined:
    Nov 16, 2008
    Messages:
    180
    Likes Received:
    0
    Thanks for that, I will test this evening and update accordingly. Many Thanks, Lewis
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. ndl

    ndl

    Joined:
    Nov 5, 2008
    Messages:
    51
    Likes Received:
    0
    William400,

    We're also trying to get this right at the moment can you confirm you mean the actual ip address not the FQDN.

    And we are talking about "3cx Phone system->Settings->advanced->Settings for Direct SIP Calls->Local SIP domain", I could not see a sip domain entry under 3CX Server > General

    we are using the latest version 7

    thanks,

    martin
     
  9. ziptalk

    ziptalk New Member

    Joined:
    Nov 16, 2008
    Messages:
    180
    Likes Received:
    0
    Hi Martin,

    I believe William was referring to 3CX > Settings > Advanced > Settings for Direct SIP Calls > Local SIP Domain since I too could not see it under 3CX > General as William had suggested. I replaced my FQDN with the 'public' IP Address of the server and not the local one and this allowed it to work. A clue I think is in the Server Activity log where it referes to the source ID and invite request and it appends the extension with an IP Address and if this does not match your 'Local SIP Domain' field then the call is forbidden.

    I have requested an rDNS entry and will reinstate the FQDN - and see whether that allows it to work. When you make the call in from external check the activity log and adjust the SIP Domain accordingly - I don't understand overly why this works, but it does - hope that helps.

    I actually think 3CX should do a Nugget on an end to end provisioning, i.e. common things that everyone gets stuck on, like provisioning half a dozen phones, call in from remote, general setup of the 3CX software, provisioning a gateway etc. That would probably solve half the questions on the community forum - the documentation is good - but you really have to Google to get to those answers in my experience. Hope that works for you,

    Lewis
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. ndl

    ndl

    Joined:
    Nov 5, 2008
    Messages:
    51
    Likes Received:
    0
    I think that a change to the help message displayed when you hover over the blue help icon would help give a clue, maybe replace “3cx.local” with “3cx.com“. It would help give you an idea that it’s an external address not a local address

    martin
     
  11. ziptalk

    ziptalk New Member

    Joined:
    Nov 16, 2008
    Messages:
    180
    Likes Received:
    0
    Agree... even a full blow explanation would fit into an html alt tag, or even example plus description of use.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. JohnCz

    Joined:
    Aug 27, 2008
    Messages:
    4
    Likes Received:
    0
    Earlier this week I had the same issues in getting a remote extension (PAP2T-NA) setup properly. Both the remote extension & 3CX Server are behind NAT/Firewalls. Until today, the remote extension would register successfully and could even receive phone calls....but I couldn't place a call to an internal extension # or external # (got busy signal). I upgraded to 7.1 Beta to see if that may resolve my issue but the problem still persisted. Finally, I found this post and entered a value in Advanced > Settings for Direct SIP Calls -> Local SIP Domain. We have FQDN (ex. sip.mycompany.com) for our server and I recall using this FQDN when I configured the remote device this week. So I entered the FQDN in the Local SIP Domain, registered the device and it was now able to place calls. And I left the "Allow calls to external SIP URIs" unchecked. The reason I am writing this up is because the suggestion has been made that FQDNs will not work. But it worked for me today. Perhaps this is something that has been enhanced in 7.1 Beta. But my gut tells me, if you want to us FQDN you have to make sure your remote device sip settings are configured to use it as well.


    PAP2T-NA > NAT/Firewall ----------I N T E R N E T-------------- NAT/Firewall (ports mapped) > 3CX Server
     
  13. chadsync

    Joined:
    Dec 17, 2009
    Messages:
    17
    Likes Received:
    0
    Hello,

    I am currently working with Version 9 and would like to update the domain which we register against, currently (sip.mydomain.com) and would like to have (voip.mynewdomain.com). Updating the 'local domain' does not seem to allow this change, however is there a service restart required?

    Your insight would be much appreciated.

    Thank you,
     
  14. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,594
    Likes Received:
    255
    It won't allow a change, or, the change doesn't take affect? If a restart is required, you are usually told.

    You really should have started a new thread, this is quite an old one
     
  15. chadsync

    Joined:
    Dec 17, 2009
    Messages:
    17
    Likes Received:
    0
    Thanks and I'll start a new thread on this one, thanks!
     
Thread Status:
Not open for further replies.