Configuration Help

Discussion in '3CX Phone System - General' started by AH2, Aug 16, 2017.

Thread Status:
Not open for further replies.
  1. AH2

    AH2 New Member

    Joined:
    Mar 14, 2017
    Messages:
    112
    Likes Received:
    4
    Hi Everyone, I have an issue with a new SIP Trunk Provider and would like some help if any one could.
    Thanks in advanced.

    + The SIP Provider ( no internet )
    - They install a fiber optic line with a router for 1 DID and 6 Channels, they provide me with LOCAL IP ( not accessible from outside ) that's supposed to be assigned to the PBX, Gateway IP, username and password.

    + Server
    - I have a server with with 2 network cards, and not sure if to go with Windows or Debian.

    + Internet
    - Internet its provided by another vendor.

    I would prefer to go with Debian because of resource usage by the server it self, but I'm not sure about the configuration with the 2 network cards ( not that savvy with Debian/linux ), the idea would be to use networkcard 1 for the internet, and networkcard2 to connect to the SIP router.

    So I ask, what would be the best configuration recommended ?

    Thanks again.
    AH2
     
  2. cobaltit

    cobaltit Active Member

    Joined:
    Mar 22, 2012
    Messages:
    930
    Likes Received:
    150
    Best is relative. For me, the best would be Debian but I'm comfortable with Debian. Since you claim to not be that savvy with Debian, it sounds like the best for you would be Windows.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    AH2 likes this.
  3. AH2

    AH2 New Member

    Joined:
    Mar 14, 2017
    Messages:
    112
    Likes Received:
    4
    Hi, I have a questions ( which I can't test until tomorrow ), would bridging the two network cards work for windows ?
    What I'm not clear on the windows install it's which network card to select when asked on the install after public IP, I assume the one from the SIP provider Correct ? remember the SIP provider does not provide the internet.
     
  4. cobaltit

    cobaltit Active Member

    Joined:
    Mar 22, 2012
    Messages:
    930
    Likes Received:
    150
    You don't want to bridge the interfaces. It sounds like the provider is giving you a local IP and the gateway/proxy/SIP server will be likely be on that same subnet (local device). In that case you have one interface with your internal subnet and gateway (for internet access) and then the other interface with the local IP the provider gave you and no gateway. 3CX will talk to the gateway/proxy/SIP over the 2nd interface and regular internet traffic will flow over the 1st. Your provider should have a network diagram they can provide showing you their default or recommended configuration.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    NickD_3CX and AH2 like this.
  5. cobaltit

    cobaltit Active Member

    Joined:
    Mar 22, 2012
    Messages:
    930
    Likes Received:
    150
    Here is a diagram showing the setup with one of the providers I've worked with. In this case they are providing both the internet and SIP trunking but it is similar to your setup as they are providing it on separate interfaces.In this case the private (SIP) interfaces is one I provided that was on the customer's network. You wouldn't need two interfaces in this case.

    Example LAN Config with CUBE.png
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    AH2 likes this.
  6. AH2

    AH2 New Member

    Joined:
    Mar 14, 2017
    Messages:
    112
    Likes Received:
    4
    Thank you cobaltit

    I've installed everything, but keep getting an error when doing the Firewall test, I've forwarded the ports on the router and opened on firewall, even turned off FW, and still the the error. Any tip on how to resolve this ?
    [​IMG]

    Thank you.
     
  7. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    You should not bridge LAN interfaces.
    You can use Windows or Debian, functioning is the same.

    On the primary LAN card (usually eth0 in Debian) you need to have access to Internet and set it as default interface and gateway access for your 3CX system (IP addresses, FQDN, etc. Use google as DNS (8.8.8.8 and 8.8.4.4). All phones should be reachable through this interface (either on Layer 2 or Layer 3 network connectivity). You should be able to install, activate license, pass firewall checker and configure 3CX only using primary LAN interface (without SIP trunk provider).

    On the second LAN card (usually eth1 in Debian) you set address from the private network of the provider and netmask, but without gateway (IMPORANT !). You should add static route to SIP server of the provider via the gateway they have provided. Also you need to specify this LAN interface address to be used into SDP settings of the SIP trunk. If the SIP server address (reachable via second LAN card and static route) is outside traditional private addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), you need t specify SIP server address as localsubnet into Parameters settings of PBX. The second LAN interface should be used only for accessing SIP server of the provider.

    If you need advice how to setup network configuration and static routing in Debian, I'll send you an example. Don't install web interface for Debian, network configuration with 2 LAN cards is much complicated.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    NickD_3CX and AH2 like this.
  8. AH2

    AH2 New Member

    Joined:
    Mar 14, 2017
    Messages:
    112
    Likes Received:
    4
    Thanks sip.bg, please if you can send me the example on how to install debian with 2 cards would be great I can try it on another server with same exact specs.

    Thanks again.
     
  9. cobaltit

    cobaltit Active Member

    Joined:
    Mar 22, 2012
    Messages:
    930
    Likes Received:
    150
    You didn't mention what firewall you are using so it's hard to say. It could be SIP ALG on the firewall (3CX just added the ALG test so it may not detect it) or it could be something like a Sonicwall with some sort of port remapping that needs to be turned off.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    NickD_3CX and AH2 like this.
  10. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    Edit file /etc/network/interfaces -- it should look like below. In the example:
    My primary LAN interface has address 10.10.10.14/24 with default gateway 10.10.10.3
    Second LAN interface (for SIP trunk provider) has address 10.251.222.117/29.
    Static routing to provider's network (213.226.61.0/24) -- SIP trunk is via 10.251.222.113
    The provider is generic one.


    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).

    source /etc/network/interfaces.d/*

    # The loopback network interface
    auto lo
    iface lo inet loopback

    # The primary network interface
    # allow-hotplug eth0
    auto eth0
    iface eth0 inet static
    address 10.10.10.14
    netmask 255.255.255.0
    gateway 10.10.10.3
    # dns-nameservers 8.8.8.8 8.8.4.4

    # allow-hotplug eth1
    auto eth1
    iface eth1 inet static
    address 10.251.222.117
    netmask 255.255.255.248

    up route add -net 213.226.61.0/24 gw 10.251.222.113 dev eth1


    VLAN interfaces could also be used (for machines with one LAN port like Intel NUC mini PC).
    DNS is configured into another file -- /etc/resolv.conf, you should use google DNS in order to be able to activate 3CX license.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    NickD_3CX and AH2 like this.
  11. AH2

    AH2 New Member

    Joined:
    Mar 14, 2017
    Messages:
    112
    Likes Received:
    4
    I'm using Windows 10, with default firewall, even if the firewall it's disable the issue persists.
     
  12. AH2

    AH2 New Member

    Joined:
    Mar 14, 2017
    Messages:
    112
    Likes Received:
    4
    Question, when doing the install I select command right ? not web install.

    Thanks for the help I will try this setup as well.
     
  13. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    The 3CX iso file will not install web interface for Debian by default. SSH is enabled by default.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    The issue should be related to port forwarding in your router and eventually SIP ALG enabled, not to Windows firewall. Windows firewall is configured properly by default to allow 3CX services to work normally. What make is your router ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. AH2

    AH2 New Member

    Joined:
    Mar 14, 2017
    Messages:
    112
    Likes Received:
    4
    I will try debian version later today. The provider is here trying to set up but we cant get the 5060 port working :mad: .
    keep getting this error.
    [​IMG]

    Modem ZTE F660
     
  16. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    + The SIP Provider ( no internet )
    - They install a fiber optic line with a router for 1 DID and 6 Channels, they provide me with LOCAL IP ( not accessible from outside ) that's supposed to be assigned to the PBX, Gateway IP, username and password.



    As far as I understood, you have a second LAN card for connectivity to this provider, there should be no NAT of traffic involved, if you have configured static routing to provider via this LAN card. There should be no gateway configured on second LAN card.
    Firewall checker shows how traffic from/to your primary LAN card is translated to/from internet via your router.

    Regarding your ZTE F660, most probably there are built-in voice ports (FXS), so port 5060 is in use by this device and can't be used by 3CX. This means you can't have external extensions, except those using 3CX tunnel and can't have VoIP providers via internet.
    The other option is you haven't configured correctly port forwarding (TCP: 5000,5001,5060,5061,5090; UDP: 5060,5090,9000-9500) from public address (internet) to local address of the PBX (primary LAN card).

    Regarding Windows vs. Debian -- there is no difference in behavior regarding network settings, i.e. your system should work both on Windows and on Debian.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #16 sip.bg, Aug 17, 2017
    Last edited: Aug 17, 2017
    NickD_3CX and AH2 like this.
  17. AH2

    AH2 New Member

    Joined:
    Mar 14, 2017
    Messages:
    112
    Likes Received:
    4
    Hello,
    Well it looks like Firewall test worked, thanks for the info.

    Now I cant get the set up to work.

    I have 2 networkcards, 1 for the internet, 2 for the SIP router. the SIP router it's IP authenticated, no need for user pass, just needs to be connected, but I cant get it to work, not sure how to set up that config.

    I've installed windows, and ran Firewall, all Green now :).
    But calls wont go out.

    From what Im told the SIP router it's IP authenticated, no need for user password, the provider gives me.

    SIP ROUTER IP AUTHETICATED.
    90.60.0.9 REGISTAR GATEWAY
    90.60.11.126 < SHOULD BE THE IP ASSIGNED FOR THE BOX < IVE SET THIS IP AS STATIC ON THE ETH2 with netmask and not gateway.
    90.60.11.125 < IT THE IP FOR THE SIP ROUTER
    192.168.0.5 < ITS THE STATIC IP FOR THE ETH0 ( WITH INTERNET )
     
  18. cobaltit

    cobaltit Active Member

    Joined:
    Mar 22, 2012
    Messages:
    930
    Likes Received:
    150
    Again, the firewall checker doesn't matter for your SIP trunk as the checker is running on the 1st interface (the one with the gateway) and you want your SIP traffic on the 2nd interface. You want to do the following from command prompt as administrator:

    route add 90.60.0.0 mask 255.255.255.0 90.60.11.125 -p

    This tells the PBX to route all traffic to the 90.60.0.0/24 subnet via the SIP router
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    AH2 and NickD_3CX like this.
  19. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    Beside adding static route, as cobaltit pointed, you need to specify your address 90.60.11.126 in SIP trunk Option settings -- Select which IP to use in 'Contact' (SIP) and 'Connection'(SDP) fields and also define 90.60.0.0/24 as local subnet in Parameters settings (in menu Settings > Parameters search for LOCALSUBNETS parameter and add this value), otherwise you may experience one-way audio effects and eventually no incoming calls, as traffic may be NAT-ed. You may need to restart 3CX services afterwards to reflect changes in local subnets.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    AH2 likes this.
  20. AH2

    AH2 New Member

    Joined:
    Mar 14, 2017
    Messages:
    112
    Likes Received:
    4
    Thanks for the help, We ended up changing providers to one that could offer an all virtualized service.

    Regards,
    AH
     
Thread Status:
Not open for further replies.