Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

3CX Tunnel

Discussion in '3CX Phone System - General' started by SimWhite, Dec 21, 2016.

Thread Status:
Not open for further replies.
  1. SimWhite

    Joined:
    Dec 19, 2016
    Messages:
    17
    Likes Received:
    1
    Could you tell some info about 3CX Tunnel technology? Is it use any kind of encryption?
     
  2. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,222
    Likes Received:
    93
    If you talk about the SBC, then you can enable TLS transport which uses industry standards of mutual TLS connection. As the compute power of mobile devices is not even some devices would not be able to handle this in a timely manner, so the only encryption would be a custom protocol which can not be seen as security as such
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. SimWhite

    Joined:
    Dec 19, 2016
    Messages:
    17
    Likes Received:
    1
    So as I understand the only way to get encrypted connection with encrypted voice is to use 3CX Client without 3CX Tunnel and use TLS with RTP Mode = Only secure? What about IP-phones? Other softphones?
     
  4. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,222
    Likes Received:
    93
    IP Phones can not speak tunnel it self, they need the SBC and as said here you are fine.
    In IP Phones other options are SIP TLS + sRTP or VPN the device to your Firewall.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. SimWhite

    Joined:
    Dec 19, 2016
    Messages:
    17
    Likes Received:
    1
    But as I understand only 3CX Client can use SRTP, isn't it?
     
  6. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,222
    Likes Received:
    93
    sRTP can also be used on an ip phone but without secure sip it is a bit of a "useless" exercise... If you talk about provisioning method then yes this needs to be custom build for your install in the template...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. SimWhite

    Joined:
    Dec 19, 2016
    Messages:
    17
    Likes Received:
    1
    OK. Could you explain how TLS works in your 3CX clients? I install LE certificates on the server on port 5061, check it with openssl s_client and Phonerlite softphone and it works fine. But your client won't connect. As I understand if I use 3CX Tunnel the connection established from localhost (127.0.0.1) but TLS service didn't accept connections from the localhost (it seems it is bind to the interface IP and not to the 0.0.0.0 as UDP/TCP service). And when I disable 3CX Tunnel and try to connect directly to the port 5061 as any other softphone like Phonerlite, 3CX Client shows me TLS error. As I understand it won't accept LE certificate? Why?
     
  8. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    CSIPsimple client for Android works well with TLS and SRTP
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. SimWhite

    Joined:
    Dec 19, 2016
    Messages:
    17
    Likes Received:
    1
    I don't have and don't use android-based devices. Also I need working push-technology so I try to use 3CX Client.
     
    StefanW likes this.
Thread Status:
Not open for further replies.