• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

help with remote connections

Status
Not open for further replies.

ZenMasta

Forum User
Joined
Mar 10, 2010
Messages
215
Reaction score
7
I'm trying to setup remote connections and so far have not had any luck. I want to configure softphone and cisco spa540G
I have tried to configure firewall and settings in 3cx but need assistance.

I have attached screen grabs of my firewall, phones etc.


Thanks in advance.
 

Attachments

  • 3cx_network_ports.png
    3cx_network_ports.png
    60 KB · Views: 1,974
  • 3cx_network_tunnel.png
    3cx_network_tunnel.png
    54.6 KB · Views: 1,974
  • Firewall_NAT.png
    Firewall_NAT.png
    150.7 KB · Views: 1,974
  • 3cx_phone_config_bop.png
    3cx_phone_config_bop.png
    73.7 KB · Views: 1,974
  • cisco_spa504g_provisioning.png
    cisco_spa504g_provisioning.png
    92.5 KB · Views: 1,974
First off...first capture...the tunnel port is 5090, not 5060. You have two captures of the 3CX phone set-up, the second has the correct port.

I'm not familiar with the router/port forwarding device you are using...but I would think that you need to put the ports 5060 and 5090 into the source port space as well, would you not? The * would appear to be a wildcard. As I say, just a guess.

Do you see a registration attempt in the 3Cx log?
 
I was confused. I thought that the SIP port 5060 was supposed to redirect to 5090 because of the difference in ports and tunnel tab.

Router box is running PFSense and the wild card indicates it uses the same port requested on the destination.

So if you look at my NAT for 3cx Sip it was listening on 5060 and redirecting to 5090. I have since removed the redirect and now both soft phones can connect.

I hesitate to test the one on windows 7 because my dog will probably freak out haha, but I can see it over RDP that its on hook as well as in 3cx extension status.


Now what about the cisco phone that I have at home as well? How can I set that up?
 
ZenMasta said:
Now what about the cisco phone that I have at home as well? How can I set that up?

Well...you can't use the tunnel option, that is a 3CX phone/3CX PBX/Proxy manager to 3CX PBX only, feature.

Here is the info from the 3CX site.

http://www.3cx.com/blog/voip-howto/remote-extensions/
 
Ah thanks. I setup the phone and configured everything up to step 3. Gave it a quick test and the phone did register and I was able to call myself from it. But could not hear anything on either end.

I proceeded to configure the rest in step 3 and then after the phone rebooted it was stuck in Upgrading Firmware... probably for a good 20 minutes before I started writing this reply. I can still navigate the webconfig of this phone and such and I went to provisioning and set Upgrade Enable to No. But it seems like since it has already started it wants to finish or something.

I really want to unplug this thing because I'm anxious to test but I don't want to screw anything up, screen says dont unplug so I typically heed those warnings you know? Should I unplug, is it going to hose the phone?

I know back at the office when I had updated firmware it only took a couple of minutes
 
I would just unplug it and continue at the office.

One of the problem that can arise, when you have multiple remote extensions at the same location, is , router "confusion".

If you have been testing the the 3CX phones without using the tunnel, then they are probably telling the router that they are the one using port 5060 (the default). I assume that you've probably kept the same port for the Cisco phone too. I would change that to something a bit higher. Remember, this is the port number that you are gong to tell 3CX to contact your phone on, so...it has to be unique, behind that router. That may not be the end of it as the voice packets use another range of ports and some routers have a hard time "forgetting" that those ports were used with another IP previously. This can happen with some routers, not all, and not necessarily yours. Sometimes unplugging the router, then using just one set, can clear up that problem. If you want to run a number of sets from that location, I would suggest looking into the 3CX Proxy Manager http://www.3cx.com/blog/releases/sip-proxy-manager/. It is a more "elegant" way to run several extensions from behind a remote router, and, it can use the tunnel back to the PBX. It does require running a PC/server, at the remote end.

Do the 3CX phones, without using the tunnel, have audio problems? If they do then you may have another problem (ports blocked or miss-routed) with the router/firewall at the remote end.
 
I was able to successfully register again... problem was phone was set to auto provision so it kept wiping out the proxy I had entered previously.

So now I can make and receive calls on the hardphone but still can't hear anything.
BTW none of the soft phones have audio problems whether they are local or external via tunnel only the hard phone.
I also tried a call to softphone and transferring to hardphone extension. transfer works but the sound doesn't.

I'll look into the proxy manager, but may also just end up setting up a vpn. My brother does all this fancy networking for a living, just dont like bugging him unless I've done all I can on my own.
 
In most cases, a one-off remote extension with work, with no changes to the remote router. Of course there are exceptions. In most cases , no audio is the result of blocked ports. this may be because the router believes that these are to be directed to another IP, or it might be how your set is registering with 3CX.

Have a look at the 3CX log just after the Cisco set has registered. You can compare that to a non-tunnel registration of one of the 3CX phones. You should see the public IP of the remote router and a unique port number, perhaps 5063. It will be a port that you have changed from the (probable) default of 5060.

This is the devices port, not the port that it uses to contact the PBX at.

If, in the registration, you see a private IP, then the sets STUN settings are not correct. I suspect that this may be the case.
 
On your firewall where you have host your 3CX, you did not enable port forwarding for UDP 9000-9049 to the server. Those are the port for the audio streaming for remote ext. That is why you can register and make call and the phone will ring but you cannot hear audio. All the call control functions are handle by the SIP port. And all the voice are handle by the RTP ports which is UDP 9000-9049. Once you have the ports forwarded. You can use both your soft phone and hard phone without using the proxy.
 
I opened up that range of ports on the firewall, server side but still can't hear anything. You said something about without proxy but then how is the phone supposed to know where to register...
 
It is always the best practice to have a fix public IP address where you are hosting your 3CX server. Especially if you are going to have remote ext. But if that is not an option. Checking in with your public ip and change it manually as need is possible. If you dont mind doing all the work when your IP change. Anyways, after looking at your screen shoots again. I've notice you have setup your softphone wrong. By default, the sip proxy manager listen to clients (in this case, your softphone and your cisco phone) on port number 5080. In your screen shoots, one was set to 5090 and the other was set to 5060 which are incorrect. And that should be the reason why you have no audio. with the 3cx softphone and the cisco spa50X phones, you can totally bypass the proxy and register your phone with the public IP address where your 3CX server is. However, you will need to changes the IP address everything your ISP assign you a new one. If this is just for fun or a testing project, this setup is fine. But if it is in a production environment, I strongly suggest you to get a FIX public IP from your ISP.
 
After reviewing your screen shoots one last time. I believe you have get the whole concept wrong. If the phone and softphones are in the local network, you do not need the sip proxy manager at all. However, let say if your softphones/cisco phones are at the remote location, you will need to setup download and install sip proxy manager on a pc within your remote network. You can download and read more about sip proxy manager here: [ http://www.3cx.com/blog/releases/sip-proxy-manager/ ].
 
Soft phones are working fine internally and externally so that's on lock down.

I would prefer to try and get the hard phones to register and work externally without proxy manager if that's possible.

I tried all the steps in this guide http://www.3cx.com/blog/voip-howto/remote-extensions/
The hardphone will register but there is no audio sent or received (heard anyway)

I have turned OFF provisioning, because if I leave it on, whatever IP I specify in Ext1: Proxy and Provisioning:profile rule and Provisioning:upgrade rule is replaced by an internal IP.

[edit]
I turned OFF stun in SIP:Nat Parameters and now audio I sent from the hard phone is heard on the other end. But the hardphone still cannot hear anything the other caller is saying whether from another extension or another line such as my cell phone.

Also now this phone cannot be dialed by extension from other phones/softphones.However it can dial other extensions just fine.
 
Have you run the firewall checker on the 3cx server? When there is one way audio, its almost always a NAT or firewall issue. Make sure all tests are passed without any exception. And on the remote hard phone, stun should be enable. The instruction on this page [ http://www.3cx.com/blog/voip-howto/remote-extensions/ ] should work the best (except for the Polycom Phones). Please post your firewall checker result and we can go from there.
 
Hi all!
I have re-written 3CX SIP Proxy Manager application to allow entering the 3CX Server's address as an URL instead of a static IP. Also, I have developed a service that automatically resolves & replaces the dynamic IP in the configuration of the 3CX SIP Proxy Tunnel service, whenever necessary, and restarts the Tunnel service to ensure a valid link.
I wish to share it (including full source code) with everyone, thinking that might be useful to those having the 3CX Server behind a dynamic IP connection.
Best regards,
Bogdan Apostol
albertc said:
It is always the best practice to have a fix public IP address where you are hosting your 3CX server. Especially if you are going to have remote ext. But if that is not an option. Checking in with your public ip and change it manually as need is possible. If you dont mind doing all the work when your IP change. Anyways, after looking at your screen shoots again. I've notice you have setup your softphone wrong. By default, the sip proxy manager listen to clients (in this case, your softphone and your cisco phone) on port number 5080. In your screen shoots, one was set to 5090 and the other was set to 5060 which are incorrect. And that should be the reason why you have no audio. with the 3cx softphone and the cisco spa50X phones, you can totally bypass the proxy and register your phone with the public IP address where your 3CX server is. However, you will need to changes the IP address everything your ISP assign you a new one. If this is just for fun or a testing project, this setup is fine. But if it is in a production environment, I strongly suggest you to get a FIX public IP from your ISP.
 

Attachments

  • 3CXSIPProxy_Binaries.zip
    55.9 KB · Views: 38
  • 3CXSIPProxy_Sources.zip
    88.2 KB · Views: 44
Why should I have stun enabled? I have a static ip and ports are mapped.
Also, why would I have more function (atleast sound on one end) with stun turned off than with it on?

I can't run the checker because of this error
"Error opening 3CXFWChecker.dll Please check the bin folder."
 
ZenMasta said:
Why should I have stun enabled? I have a static ip and ports are mapped.
Also, why would I have more function (atleast sound on one end) with stun turned off than with it on?

I can't run the checker because of this error
"Error opening 3CXFWChecker.dll Please check the bin folder."

If you have static IP and normal NAT (with port forwarding) on PBX side, you don't need STUN service.
You can disable STUN usage and specify IP mapping as it is configured in your network (NAT device).
 
SY said:
ZenMasta said:
Why should I have stun enabled? I have a static ip and ports are mapped.
Also, why would I have more function (atleast sound on one end) with stun turned off than with it on?

I can't run the checker because of this error
"Error opening 3CXFWChecker.dll Please check the bin folder."

If you have static IP and normal NAT (with port forwarding) on PBX side, you don't need STUN service.
You can disable STUN usage and specify IP mapping as it is configured in your network (NAT device).


However, you should still have STUN enable on the remote side so your phone can tell the PBX server where to send the signal to when you have an incoming call.
 
I've tried with and without stun. As I explained, I am closer to a working solution with stun disabled.

The remote (hardphone) extension can send an audio signal but cannot hear one when stun is disabled.
 
ZenMasta said:
I've tried with and without stun. As I explained, I am closer to a working solution with stun disabled.

The remote (hardphone) extension can send an audio signal but cannot hear one when stun is disabled.

In most cases, running a single remote, without STUN (not using Tunnel/Proxy Manager, etc.) will result in no audio to the remote extension, (most likely) because it is registering with its private IP. Check the 3CX log to see what the registration looks like. 3CX need to know how to properly contact the remote set, and, the router at the far end needs to pass on, not only the control messages (port 5060?), but the ports used for audio, as well.
 
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Members Online Now

Forum statistics

Threads
141,625
Messages
748,873
Members
144,738
Latest member
MattS
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.