• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

Secure SIP Problems

Status
Not open for further replies.

JST

New User
Joined
Jan 8, 2017
Messages
107
Reaction score
2
I have followed the setup instructions for secure SIP on the 3CX web page and most devices seem to work properly, but I am having major issues with the 3CX clients using secure SIP. Here are my issues:

1. Windows Client
When used as a softphone, the client cannot connect. However, it connects just fine in CTI mode. Looking at the logs, it seems that it isn't even trying to connect.

2. Android Client
This one connects and it shows as "On Hook", but I cannot make calls and fails with "Call failed, unavailable".

I am also having another issue which might be related to this problem: Phones that are enabled to use secure SIP can receive and make trunk based calls just fine, but calls between extensions are failing with "No Media".

In my network, 3CX is hosted at an external site. We initially had an IPSec vpn connection to directly connect to the 3CX system, but this resulted in less than stellar audio at times. So, we opted to setup the phones as external extensions which really improved audio, but it seems to cause issues when we are making calls from one extension to another.

Any help is appreciated!
 
Hi JST,

When you say you have made all the phones external extensions are we talking STUN extensions or via the 3CX SBC ? I probably would not recommend this scenario if using direct STUN/SIP.

Where using the SBC would simplify matters (especially since your now have more ports to open if using TLS) you must consider that your SBC and clients will both be using port 5090 for the tunnel back to your cloud system.

The only time I have seen similar issues with the 3CX Clients (no media, calls dropping internally) was with a customer using their 3CX system with a non-compliant RFC default Local Subnet.

Just an FYI you should be using either: 10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16
 
Yes, we have since realized that using STUN extensions for all desktop phones was a bad idea and moved back to using our IPSec VPN which didn't have the extension to extension problems. At the moment, one phone is working fine using TLS over IPSec and all mobile clients seem to work fine with TLS as well.

The original reason to move away from IPSec was our inability to properly configure QoS and we have now made some progress in that area.
 
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Forum statistics

Threads
141,625
Messages
748,896
Members
144,739
Latest member
Ghisl1
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.