Solved Phones keep going offline - Yealink T46s on Google hosted 3CX

Discussion in '3CX Phone System - General' started by Michael Torfs, Jan 30, 2018.

Thread Status:
Not open for further replies.
  1. Michael Torfs

    Joined:
    Jan 23, 2018
    Messages:
    30
    Likes Received:
    1
    We have a small setup, 3 Yealink T46S phones on a Google hosted 3CX.
    After some time or after an action 2 of the 3 phones go offline.

    The google VPS is on a dynamic IP address, should that be a fixed one?

    I keep getting this activilty log message:
    01/30/2018 9:43:50 AM - There's another STUN server that resolves to the same IP: ##:3478/UDP fk=0; ignored

    Is that the reason?

    In the phone provisioning I made sure the 3 phones have a different port for the "Local SIP Port of Phone" setting.
    I also made sure the 3 phones have different ranges for the "Local RTP Audio Ports Start" en "Local RTP Audio Ports End" ports.

    Thx for any help.
     
  2. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    4,349
    Likes Received:
    274
    Hello @Michael Torfs

    Do you notice your public IP changing when the issue occurs? What do you do to restore functionality when the issue occurs?
    The error you are getting is not related to the issue you are experiencing and it is normal to see it if the IP is set to Dynamic.
    Do you see an registration errors in the Activity log when the issue occurs? Are the phones provisioned with the default template and the supported firmware?
     
  3. Michael Torfs

    Joined:
    Jan 23, 2018
    Messages:
    30
    Likes Received:
    1
    What we do to reconnect the phones is disconnect the Lan cable (with power over ethernet) and reconnect.

    We do indeed use the firmware that is provided by 3CX and the default template, I did not change anything there.

    This is the activity log for a phone that is now disconnected:

    01/30/2018 12:45:42 PM - [CM505001]: Endpoint Extn:00: Device info: Device Not Identified: User Agent not matched; Capabilities:[reinvite, replaces, able-no-sdp, recvonly] UserAgent: [Yealink SIP-T46S ## 805ec0040b02] PBX contact: [sip:00@##:5060]
    01/30/2018 12:45:42 PM - [CM503002]: Call(C:17): Alerting Extn:00 by contact <sip:00@##:5065>
    01/30/2018 12:45:32 PM - [CM505001]: Endpoint Extn:00: Device info: Device Not Identified: User Agent not matched; Capabilities:[reinvite, replaces, able-no-sdp, recvonly] UserAgent: [3CX Push Service] PBX contact: [sip:00@127.0.0.1:5060]
    01/30/2018 12:45:32 PM - [CM503002]: Call(C:17): Alerting Extn:00 by contact <sip:00@127.0.0.1:5488>
    01/30/2018 12:45:32 PM - [Flow] Target endpoint for 00 is Extn:00
    01/30/2018 12:44:27 PM - Leg L:16.4[Extn:00] is terminated: Cause: 487 Request Terminated/INVITE from 127.0.0.1:5488
    01/30/2018 12:44:27 PM - Leg L:16.5[Extn:00] is terminated: Cause: 487 Request Cancelled/INVITE from ##:5065
     
  4. Michael Torfs

    Joined:
    Jan 23, 2018
    Messages:
    30
    Likes Received:
    1
    Can it be the provisioning method.

    It is now direct Stun (remote), I could use 3CX SBC?
     
  5. Michael Torfs

    Joined:
    Jan 23, 2018
    Messages:
    30
    Likes Received:
    1
    3CX SBC is not the solution.... And would not be a good solution since the ip address can change..

    this is what happens to extention 01, it dissapeared already after 30 seconds:

    01/30/2018 2:10:59 PM - [CM504002]: Endpoint Extn:01: a contact is unregistered. Contact(s): [sip:01@127.0.0.1:5488 / 01]
    01/30/2018 2:10:33 PM - Currently active calls [none]
    01/30/2018 2:10:32 PM - Trying to establish CSTA session to <sip:01@##:5066>
    01/30/2018 2:10:32 PM - [CM504001]: Endpoint Extn:01: new contact is registered. Contact(s): [sip:01@127.0.0.1:5488 / 01,sip:01@##:5066 / 01]
    01/30/2018 2:10:32 PM - [CM504002]: Endpoint Extn:01: a contact is unregistered. Contact(s): [sip:01@127.0.0.1:5488 / 01]
     
  6. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    4,349
    Likes Received:
    274
  7. Michael Torfs

    Joined:
    Jan 23, 2018
    Messages:
    30
    Likes Received:
    1
    I installed the 3CX hosted solution in Goolge Cloud, using the PBX Xpress setup from 3CX.
    I assumed that all configuration would be done correctly by the PBX Xpress scripts.

    Do you agree, or do I still need the configure the firewall of this google vps instance?
     
  8. Michael Torfs

    Joined:
    Jan 23, 2018
    Messages:
    30
    Likes Received:
    1
    also, the phones all three do connect, as you can see below.
    I guess if the firewall was misconfigured, they would not even connect or be able to place calls.

    After some time only 1 phone stays connected.
    And the connection especially seems to be lost when ending an action/call.

    Calls are never interrupted.

    Screen Shot 2018-01-30 at 16.28.41.png
     
    #8 Michael Torfs, Jan 30, 2018
    Last edited: Jan 30, 2018
  9. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    4,349
    Likes Received:
    274
    The firewall on the PBX side is configured and the firewall checker should pass all tests, however the firewall on the remote site might still need configuring. If you multiple phones behind the same public IP you need to port forward the ports to the local IP of each phone to avoid issues. There may also be SIP ALG enabled on the remote site that might need disabling. This need for additional configuration is what the SBC eliminates. There may also be the case that the firewall is blocking registrations after a time period.
    If you familiar with wireshark you can do the following :
    Once the issue appears access the web interface of the affected phone and navigate to Settings / Configuration. Start a pcap trace. At the same time start a capture from the PBX. You can so by navigating to Dashboard / Activity Log and start a capture. Leave the running for a few minutes and then stop the captures. Save both files and check the register messages. Are the phones sending any? Are the messages reaching the PBX? If so does the PBX reply with an error or a Authentication message? Do those messages reach the phones?
     
  10. Michael Torfs

    Joined:
    Jan 23, 2018
    Messages:
    30
    Likes Received:
    1
    changing firewall settings on a google vps instance is something that I have no knowledge of.

    Guess I will then just buy a server, install the 3cx debian iso, and let everything work in my local Lan. I do have experience with linux. Guess I'll save myself a lot of time like that.

    I can restore a backup from a google hosted 3cx installation on a local lan debian 3cx install (excluding backup of License Key Information & FQDN)?
    and afterwards change the phone provisioning?
     
  11. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    4,349
    Likes Received:
    274
    I am sorry if i was not clear before. If the firewall checker passes on the PBX side then you are good to go. You can test it be navigating to Dashboard / Firewall Check and running the test. Please note that this will stop PBX services.

    The firewall configuration needed is in the location the phones are located not on the Google side.

    Yes you can.
     
  12. Michael Torfs

    Joined:
    Jan 23, 2018
    Messages:
    30
    Likes Received:
    1
    Ok, sorry, I will indeed be able to configure my router.

    I see that NAT has 2 options: open or secure. It is now secure.
    There is also the option to disable SIP ALG, it was unchecked, I checked it now.

    BTW: in 3CX indeed the firewall check is ok
     
  13. us1

    us1

    Joined:
    Oct 19, 2015
    Messages:
    80
    Likes Received:
    21
    Did you change the SIP and RTP ports in the provisioning setup for the phones? When doing direct STUN in this manner, each phone needs to be set to its own unique SIP port. Otherwise it'll cause problems like what you're seeing.

    The default SIP port is 5065 and the default RTP port range is 14000 to 14009. I usually make my first phone 5067 and 14010-14019 and increment from there.

    Make these changes and reprovision the phone. That should prevent the drops that are NOT related to the dynamic IP changing. You really should have a static IP for your cloud server (as required by 3cx support).
     
  14. Michael Torfs

    Joined:
    Jan 23, 2018
    Messages:
    30
    Likes Received:
    1
    Ok, did all that, think it was already ok, besides the ALG SIP.
    Will test tomorrow

    Do I need to setup any port forwarding, the phones have unique ports, I gave them static local ip adresses (through DHCP reservations), all the rest (VOIP provider and 3CX server) are external?
     
  15. Brian Cross

    Brian Cross New Member

    Joined:
    Jul 26, 2017
    Messages:
    109
    Likes Received:
    27
    I think Yealink phones need 12 ports per. And you might want to create static routes.
     
  16. Michael Torfs

    Joined:
    Jan 23, 2018
    Messages:
    30
    Likes Received:
    1
    Meanig I should make these ranges 14010-14019, more like 14010-14025 to be save?
     
  17. Michael Torfs

    Joined:
    Jan 23, 2018
    Messages:
    30
    Likes Received:
    1
    I tried static routes, at least for the SIP ports 5065 and so.... Phones did not register then... But isn't that what the 3CX tunnelling service should do to prevent these statis port mappings?
     
  18. Brian Cross

    Brian Cross New Member

    Joined:
    Jul 26, 2017
    Messages:
    109
    Likes Received:
    27
    I think 12 would be fine. I had a similar issue as soon as I spread the ports and create static routes the phones have been perfect.
     
  19. Brian Cross

    Brian Cross New Member

    Joined:
    Jul 26, 2017
    Messages:
    109
    Likes Received:
    27
    If you were using a SBC that would use the tunneling service.
     
  20. Michael Torfs

    Joined:
    Jan 23, 2018
    Messages:
    30
    Likes Received:
    1
    no indeed, using direct SIP (STUN remote)

    I'll try then first extending the 14xxx range per phone from 10 to 12.
     
    Brian Cross likes this.
Thread Status:
Not open for further replies.