Debian google cloud, phone not registering, documentation wanted

Discussion in '3CX Phone System - General' started by jmooo, Jan 9, 2017.

Thread Status:
Not open for further replies.
  1. jmooo

    Joined:
    Mar 11, 2015
    Messages:
    18
    Likes Received:
    0
    Hello

    I'd sure like more information on configuring the gcloud version of 3cx debian.
    3cx install script is excellent...

    My local phone is behind a firewall.
    I opened my gcloud IP address to my local phone as well as usual 3cx ports.
    Entered the gcloud IP address as proxy, with user ID, pass, as per usual setup.
    Phone fails to register with error 408.

    phone is spa504g
    on 3cx graphical window under extensions I have the options to use outside of lan set.


    Is there a way to use SBC tunnell for connections to gcloud version of 3cx debian?
    I am challenged to configure a tunnel? As I don't find option on the graphical display...

    What am I missing?
     
  2. GiannosC_3CX

    GiannosC_3CX Guest

    Dear Jmooo,

    Here is the link to find how to configure the SBC http://www.3cx.com/docs/3cx-sbc-windows/ and here is how it works http://www.3cx.com/docs/3cx-tunnel-session-border-controller/
    Also, if you configure the SBC you need to open 5001 and 5090 ports on you firewall on both sites.
    On your system under extension configuration you need to unchecked the option "Disallow use of extension outside the LAN" but cisco Spa series phone will not work outside the LAN as it does not support HTTPS connections and the NGINX webserver only accepts HTTPS.
     
  3. jmooo

    Joined:
    Mar 11, 2015
    Messages:
    18
    Likes Received:
    0
    thankyou
    is the current debian version of 3cx capable of accepting SBC tunnel connections?
    if so, since the graphical interface is without any option other than LAN (unlike windows versions) what is command line method of adding tunnel option for an extension on google cloud debian 3cx?
     
  4. cobaltit

    cobaltit Active Member

    Joined:
    Mar 22, 2012
    Messages:
    928
    Likes Received:
    148
    This statement should be revised to say that it won't provision outside of the LAN due to the HTTPS limitation, but it absolutely will work outside of the LAN if manually provisioned. You could also manually edit the Nginx config file to allow HTTP connections from your IP address if you wanted to provision the phone but that is not supported.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. jmooo

    Joined:
    Mar 11, 2015
    Messages:
    18
    Likes Received:
    0
    Thankyou
     
  6. GiannosC_3CX

    GiannosC_3CX Guest

    The SBC is available on windows and Raspberry Pi. The 3CX Phone System (debian/windows) versions are capable of accepting 3CX SBC tunnel.
     
  7. jmooo

    Joined:
    Mar 11, 2015
    Messages:
    18
    Likes Received:
    0
    Thankyou
    I notice the configuration option is restricted to LAN for the extensions on the debian version.
    How do I configure SBC tunnel as a connection option for 3cx debian?
     
  8. GiannosC_3CX

    GiannosC_3CX Guest

    You can only set that option for phones that support it. Cisco phones will not provision outside the Lan in version 15. To install SBC , here is the link to find the SBC exe and installation instructions http://www.3cx.com/docs/3cx-sbc-windows/ .
     
  9. jmooo

    Joined:
    Mar 11, 2015
    Messages:
    18
    Likes Received:
    0
    now that explains many problems
    thanks so much
     
  10. Oogaboo

    Joined:
    Jan 2, 2017
    Messages:
    5
    Likes Received:
    0
    To fully understand, because still not completely clear to me:
    in 3CX v15, Cisco SPA5xx phones in remote location will not be able to connect. But will they work if installing a 3CX SBC locally for the phone to connect to? Or doesn't that change anything for the https issue?
     
  11. GiannosC_3CX

    GiannosC_3CX Guest

    Hi Oogaboo,

    The Cisco SPA5xx phones in remote locations will be able to connect/register to the PBX through Stun and SBC (using as proxy server the IP of the SBC) but with manual provisioning. Please note that manually provisioning devices can work but are un-supported by 3CX and the configuration is not secure.
     
  12. Telcreek

    Joined:
    Dec 30, 2016
    Messages:
    27
    Likes Received:
    2
    I second not using manual config, especially if you don't have a super tight security policy or open ports just to trusted IPs. I've also had phones lock me out of the web interface because 3CX thinks they are naughty. You could also use a VPN and provision the phones as if they were on a local network. You gain the added benefit of inter-office calls being encrypted. This presumes you have a router capable of IPSec everywhere you have SPA phones. I am not familiar with Google Cloud's products but if they have a service like AWS you could use that or set up and entirely new compute instance and run a firewall distro on it like Pfsense or VyOS. I do the latter because Amazon's VPN service is around $30 a tunnel a month.
     
  13. mo@closetrak.com

    Joined:
    Feb 9, 2016
    Messages:
    2
    Likes Received:
    0
  14. Oogaboo

    Joined:
    Jan 2, 2017
    Messages:
    5
    Likes Received:
    0
    I installed SBC on a RPI locally. Connections between SBC and 3CX cloud server seem to be ok (when doing netstat it reports ESTABLISHED with 3CX IP on 5090)
    Adapted Cisco SPA525 xml script on 3CX server to accept SBC connections.
    On Cisco phone entered SBC IP as proxy server.
    Phone rebooted, manual provision of phone using phoneIP/admin/resync?http://FQDN:5000/provisioning/......xml

    Nothing happens... phone doesn't restart or do anything :/
     
  15. GiannosC_3CX

    GiannosC_3CX Guest

    Hi Oogaboo,

    Please note that enabling the option from the template does not mean that provisioning through SBC will work. Nginx will still not accept http connections.
    First you need to check that SBC is connected and you can only do this from the sbc logs. Then you need to manually setup the phone to register. Use the extensions username and password and for provisioning server use the IP of the SBC.
     
Thread Status:
Not open for further replies.