Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

External extension - outgoing calling TLS

Discussion in '3CX Phone System - General' started by miro, Feb 6, 2012.

Thread Status:
Not open for further replies.
  1. miro

    Joined:
    Jan 17, 2012
    Messages:
    51
    Likes Received:
    0
    Hi,

    i have 2 external extensions Yealink and Snom (they both last firmware) when i am calling local extension on remote site, i get 408 error on 3CX PBX activity log. When i am calling from local extension to both external extension everything is working great.


    Do somebody know why i cant make outbound call from external extension (we also tried both phones directly connect to the Internet) but result was the same.

    On extensions we have disabled "disallow use of extension outside the LAN" and "Disable outgoing call"


    Please anyone help, thanks.
     
  2. Ian Joyce

    Joined:
    Oct 9, 2009
    Messages:
    51
    Likes Received:
    0
    Are you trying them through the 3CX tunnel?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. miro

    Joined:
    Jan 17, 2012
    Messages:
    51
    Likes Received:
    0
    3CX softphone on mobile phone is not stable for us, so we need to use TLS, is there any solution for TLS problem except 3CX tunnel?


    Thanks.
     
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    11,113
    Likes Received:
    329
    Can you post a log showing the failed call?
     
  5. miro

    Joined:
    Jan 17, 2012
    Messages:
    51
    Likes Received:
    0
    Hi,


    this is output showing failed call from Activity log on our 3CX PBX:

    13:09:08.999 [CM502001]: Source info: From: "300"<sip:300@95.178.149.32:5061>;tag=436607539<sip:200@95.178.149.32:5061>
    13:09:08.999 [CM503013]: Call(22): Incoming call rejected, caller is unknown; msg=SipReq: INVITE 200@95.178.149.32:5061 tid=1948212017 cseq=INVITE contact=300@192.168.3.247:5062 / 2 from(wire) tlsd=192.168.0.20
    13:09:08.998 [CM500002]: Info on incoming INVITE:
    INVITE sip:200@95.178.149.32:5061 SIP/2.0
    Via: SIP/2.0/TLS 192.168.3.247:5062;rport=23779;branch=z9hG4bK1948212017;received=82.193.210.128
    Max-Forwards: 70
    Contact: <sip:300@192.168.3.247:5062;transport=TLS>
    To: <sip:200@95.178.149.32:5061>
    From: "300"<sip:300@95.178.149.32:5061>;tag=436607539
    Call-ID: 514761361@192.168.3.247
    CSeq: 2 INVITE
    Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
    Proxy-Authorization: Digest username="300",realm="3CXPhoneSystem",nonce="414d535c054053e446:b5ac988ca7c4d1d4b60f9d1a52ea7c1a",uri="sip:200@95.178.149.32:5061",response="14bdfbcf04f4ea90006241b35f4ccac7",algorithm=MD5
    Supported: replaces
    User-Agent: Yealink SIP-T20P 9.61.0.80
    Allow-Events: talk, hold, conference, refer, check-sync
    Content-Length: 0


    Thanks.
     
  6. miro

    Joined:
    Jan 17, 2012
    Messages:
    51
    Likes Received:
    0
    Hi,


    we also tried new install of 3CX PBX and results are the same, output from Activity log on PBX are the same:

    09:14:38.716 [CM502001]: Source info: From: "400"<sip:400@95.178.xxx.yyy:5061>;tag=188802917<sip:200@95.178.xxx.yyy:5061>
    09:14:38.716 [CM503013]: Call(1): Incoming call rejected, caller is unknown; msg=SipReq: INVITE 200@95.178.xxx.yyy:5061 tid=1431561073 cseq=INVITE contact=400@192.168.3.247:5062 / 2 from(wire) tlsd=192.168.0.20
    09:14:38.257 [CM500002]: Unidentified incoming call. Review INVITE and adjust source identification:
    INVITE sip:200@95.178.xxx.yyy:5061 SIP/2.0
    Via: SIP/2.0/TLS 192.168.3.247:5062;rport=48034;branch=z9hG4bK873857542;received=82.193.210.128
    Max-Forwards: 70
    Contact: <sip:400@192.168.3.247:5062;transport=TLS>
    To: <sip:200@95.178.xxx.yyy:5061>
    From: "400"<sip:400@95.178.xxx.yyy:5061>;tag=188802917
    Call-ID: 1175737099@192.168.3.247
    CSeq: 1 INVITE
    Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
    Supported: replaces
    User-Agent: Yealink SIP-T20P 9.61.0.80
    Allow-Events: talk, hold, conference, refer, check-sync
    Content-Length: 0


    Please help, thanks.
     
  7. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    11,113
    Likes Received:
    329
    You haven't detailed which extensions are located where, so I'm going to have to make some assumptions ...

    This explains why the call won't go through.

    This bothers me...are these the two extensions at the remote location? If so, why do they both have the same port number? I'm assuming that 95.178.149.32 is the public IP at the remote end?
    If that is the case, then you need to change that. Remote devices, behind the same router, NOT using the 3CX Proxy Server or tunnel, should each have different port numbers.
     
  8. miro

    Joined:
    Jan 17, 2012
    Messages:
    51
    Likes Received:
    0
    Hi,

    400 is external extension,and 200 is local extension, 82.193.210.128 is public ip on remote side and 95.178.xxx.yyy public ip on local side where is 3cx (behind nat), port 5061 is used for TLS and it should be the same.


    We have tested today with connection of 3CX PBX directly to the Internet and created new TLS certificate with public IP interface and choose in 3cx PBX that public interface to listen for tls, and everything works fine.

    We have found out, that when you create certificate you must put IP address or domain name of interface which listen TLS, so this can only be interface which is on LAN (example 192.168.x.y) or Public IP address, not behind NAT. And that is why TLS cant work behind NAT and we have problem with external extension.
     
Thread Status:
Not open for further replies.