Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Secure SIP Problems

Discussion in '3CX Clients' started by JST, Dec 7, 2017.

Thread Status:
Not open for further replies.
  1. JST

    JST New Member

    Joined:
    Jan 8, 2017
    Messages:
    107
    Likes Received:
    1
    I have followed the setup instructions for secure SIP on the 3CX web page and most devices seem to work properly, but I am having major issues with the 3CX clients using secure SIP. Here are my issues:

    1. Windows Client
    When used as a softphone, the client cannot connect. However, it connects just fine in CTI mode. Looking at the logs, it seems that it isn't even trying to connect.

    2. Android Client
    This one connects and it shows as "On Hook", but I cannot make calls and fails with "Call failed, unavailable".

    I am also having another issue which might be related to this problem: Phones that are enabled to use secure SIP can receive and make trunk based calls just fine, but calls between extensions are failing with "No Media".

    In my network, 3CX is hosted at an external site. We initially had an IPSec vpn connection to directly connect to the 3CX system, but this resulted in less than stellar audio at times. So, we opted to setup the phones as external extensions which really improved audio, but it seems to cause issues when we are making calls from one extension to another.

    Any help is appreciated!
     
  2. eddv123

    eddv123 Well-Known Member

    Joined:
    Aug 15, 2017
    Messages:
    1,404
    Likes Received:
    186
    Hi JST,

    When you say you have made all the phones external extensions are we talking STUN extensions or via the 3CX SBC ? I probably would not recommend this scenario if using direct STUN/SIP.

    Where using the SBC would simplify matters (especially since your now have more ports to open if using TLS) you must consider that your SBC and clients will both be using port 5090 for the tunnel back to your cloud system.

    The only time I have seen similar issues with the 3CX Clients (no media, calls dropping internally) was with a customer using their 3CX system with a non-compliant RFC default Local Subnet.

    Just an FYI you should be using either: 10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16
     
  3. JST

    JST New Member

    Joined:
    Jan 8, 2017
    Messages:
    107
    Likes Received:
    1
    Yes, we have since realized that using STUN extensions for all desktop phones was a bad idea and moved back to using our IPSec VPN which didn't have the extension to extension problems. At the moment, one phone is working fine using TLS over IPSec and all mobile clients seem to work fine with TLS as well.

    The original reason to move away from IPSec was our inability to properly configure QoS and we have now made some progress in that area.
     
Thread Status:
Not open for further replies.