Hosted 3CX Server Configuration

Discussion in 'Windows' started by grnerd, Nov 3, 2014.

Thread Status:
Not open for further replies.
  1. grnerd

    Joined:
    Aug 6, 2014
    Messages:
    22
    Likes Received:
    0
    I am looking for some best practices advice for a new 3CX installation. I have a Windows Server 2008 R2 VM hosted in the cloud. I have a static IP assigned to the Server. All of the phones will be here at our location, connecting to the server in the cloud.

    I began the 3CX setup and it was asking me for some FQDN's and I decided to cancel the install to ask for advice.

    Should I somehow create a VPN tunnel back to my network and add this server to the domain, or should I register a DNS name that will point to the new 3CX servers IP?
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,595
    Likes Received:
    255
    How many phones at that location? That may determine if you should make use of the 3CX SBC. If you do, then you can use the 3CX tunnel (not secure like VPN), if you want. Using VPN would mean not having to deploy the SBC, but some users have experienced issues if the VPN is not able to keep up when the traffic becomes too much, so it can depend on bandwidth and the VPN equipment you are using. If you have a static IP, then you can use DNS but, it's not necessary unless you plan on changing providers, and that static IP, in the future.
     
  3. grnerd

    Joined:
    Aug 6, 2014
    Messages:
    22
    Likes Received:
    0
    Approx 30 Phones. Might grow to about 50 in the next few years.
     
  4. grnerd

    Joined:
    Aug 6, 2014
    Messages:
    22
    Likes Received:
    0
    So if I use the SBC, what or how should I fill in the FQDN info in the setup?
     
  5. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,595
    Likes Received:
    255
    I assume that you do not have a Domain Name, nor are you using a DNS service at this point.

    See this article.. http://www.3cx.com/blog/docs/fqdn-ip-phone/

    The SBC can be datafilled with the fixed Public IP of your 3CX server.
     
  6. grnerd

    Joined:
    Aug 6, 2014
    Messages:
    22
    Likes Received:
    0
    I have a domain name, but the new 3CX server is not a part of our domain at this time, but rather in it's own workgroup. That is what prompted my question, whether I should find a way to create a VPN to my home network in order to add it to the domain.

    I will take a look at that article, thanks!
     
  7. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,595
    Likes Received:
    255
    VPN is the way to go if your configuration can keep up with (encrypting/decrypting) the amount of VoIP traffic you are sending. VoIP can't wait for delayed packets, they just get dropped, and as a consequence, audio quality suffers, as others have discovered.

    You would simply direct the VPN router, at the remote end, to establish a secure connection with the public IP at the server end. Then every set/device would be considered local, to the 3CX server.
     
  8. grnerd

    Joined:
    Aug 6, 2014
    Messages:
    22
    Likes Received:
    0
    I would love for this to work, but I cannot figure out how to configure an IPSec endpoint on the remote server. It is Windows 2008 r2 with one NIC that has a static IP assigned to it.
     
  9. grnerd

    Joined:
    Aug 6, 2014
    Messages:
    22
    Likes Received:
    0
    Yep, here again, this article refers to both a private and a public PBX address, and I only have a public address.
     
  10. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,595
    Likes Received:
    255
    You have to have a device, at either end, that supports the type of VPN you wish to use. In s situation such as yours, that usually entails routers capable of establishing a connection.

    Usually, for security reasons, amongst others, the server is behind a router of some sort and assigned a private IP. I would assume, but have not tried it, (perhaps others could provide some experience), that if you are using a single public IP, you could try putting that into both fields.
     
  11. grnerd

    Joined:
    Aug 6, 2014
    Messages:
    22
    Likes Received:
    0
    Ok, thanks. I am most likely going to speak with the hosting company today about my options.
     
  12. grnerd

    Joined:
    Aug 6, 2014
    Messages:
    22
    Likes Received:
    0
    This is the bit I am struggling with figuring out. Any best practices on configuring this type of tunnel? Since the Public IP is on the only interface in the server, I am not sure how to pull this off.
     
  13. grnerd

    Joined:
    Aug 6, 2014
    Messages:
    22
    Likes Received:
    0
    I think I have figured it out, I will report back later...
     
  14. davidbenwell

    davidbenwell Active Member

    Joined:
    Apr 27, 2010
    Messages:
    704
    Likes Received:
    0
    We provide Hosted 3CX for our customers and the setup we do is as follows.

    We Operate a High Availability VMware Cluster and give each customer a VM running our firewall / VPN Service and the other being a VM running Windows 2012 R2 for 3CX.

    We supply Draytek Routers for customer sites which support VPN IPSEC and link this back to their firewall. 3CX Server in this case would have an internal IP Address and the only traffic allowed to 3CX externally is to and from the VoIP Network with everything else being blocked for increased security.

    VPN resolves issues with Cisco Phones crashing and nat issues.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. 3cxBora

    Joined:
    Jun 17, 2015
    Messages:
    35
    Likes Received:
    0
    Hi, David:

    1) Do you have 3cx softphone that required you to open different ports for each customer?
    2) Has your configuration changed since v14 has multi-tenant cloud server or are you still providing
    a) 3cx VM
    b) VPN/FW VM (software firewall such as Untangle or pFsense)

    Thanks for your feedback,
    Bora


     
Thread Status:
Not open for further replies.