STUN Server

Discussion in '3CX Phone System - General' started by Duff Man, Sep 8, 2014.

Thread Status:
Not open for further replies.
  1. Duff Man

    Joined:
    Sep 8, 2014
    Messages:
    15
    Likes Received:
    0
    Hi,

    I have what I think is 2 fairly basic questions.

    Info: 3cx installed, 1 ip on server that is a WAN ip.(no NAT on server side)

    1.
    Provision 1 basic Snom 710 phone by "Remote Extention STUN" and copying the provisioning link into the SNOM phone and rebooting the phone.
    Phone provisions, but has an error message (Not Registered) even though you can make calls. Worked out if i remove the STUN server from the SNOM phone it works. the stun server value on the SNOM phone that have been automatically set by the default SNOM 710 template is %%PABX IP%% %% SIP PORT %% so mywanip:5060
    I tried to query this for STUN and there is no response (used a windows stun client)
    If I remove the STUN entry from the phone (via web interface), it works ok, and the error on the phone goes away

    Is this something I am doing wrong, does 3CX act as a STUN server, or only client? Why is the Original Template incorrect? if it is?

    Default Template for SNOM 710 has this set as STUN:
    Code:
    <!--# STUN Server Default Sertting #-->
    	<stun_server idx="1" perm="">%%pbx_ip%%:%%param::sipport%%</stun_server>
    	<stun_binding_interval idx="1" perm="">300</stun_binding_interval>
    	<keepalive_interval idx="1" perm="">15</keepalive_interval>
    this does not work for me.

    2.
    The Displayname on the phone is showing 3CX Phone System, even though it was configured to show the extension name on idle. I was able to fix this by adjusting the template (background logo) field and it now works, but my question begs again why the original template is not doing this? Is it normal to have to customise the template for just about anything, or am I doing something stupid?

    Code:
        <!--########################################################-->
        <!--###                 Background Logo                  ###-->
        <!--########################################################-->
    
    	<user_idle_text idx="1" perm="">%%extension_first_name%% %%extension_last_name%%</user_idle_text>
    
    this is what i had to adjust it to in the template to make it work.

    I would have thought this would have worked as this was part of the original template, but it had no effect.

    Code:
    	<!--# DisplayName for phone in IDLE Staus, default is the Username of the EXT.-->
    	<user_idle_text idx="1" perm="">%%extension_first_name%% %%extension_last_name%%</user_idle_text>
    
    Thanks Heaps
    Duff Man
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,357
    Likes Received:
    224
    You have to understand that STUN, is simply a test, that a device can perform using a remote STUN server (and there are many to choose from), to help determine it's public IP, and the type of NAT it is located behind. The 3CX PBX is not a STUN server but can make use of one if necessary, as can many VoIP devices. The use of STUN is not mandatory depending on a number of factors in your particular set-up, and if you find that your service works without it, then great, you don't have to use it.
    With some previous 3CX PBX versions, it was necessary to provision a STUN server on most remote extensions, that is not the case now.

    http://www.3cx.com/pbx/what-is-a-stun-server/
     
  3. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    Having no NAT could be the reason for 3CX not working as STUN server for you.
    Definitely 3CX V12 can work as STUN server for remote extensions (STUN server: 3CX_server_public_ip_address at port 5060).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Duff Man

    Joined:
    Sep 8, 2014
    Messages:
    15
    Likes Received:
    0
    Thanks for the response guys.

    I realise what a STUN server is meant to do, what I don't understand is that 3CX standard templates advertise a stun server on port 5060, but it doesn't respond to stun requests on port 5060.

    So 1 person said that 3CX does act as a STUN server by default, and the other said it doesn't.
    I know mine doesn't but it might be due to a configuration problem, I can see where I configure 3CX to connect to another STUN server (stun.3cx.com), however I cannot see where I set it up to actually be a STUN server, and on what port.

    Some clarification would be appreciated.

    Thanks heaps for the response.
     
  5. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,357
    Likes Received:
    224
    A standard STUN server uses listening port number 3478 for UDP and TCP, and 5349 for TLS. I have not come across anything in the 3CX documentation to indicate that it (the PBX) performs this function. If it did then 3CX themselves would not provide access to several of it's STUN servers, such as stun3.3cx.com

    As I said, in many cases, with the latest 3CX PBX, a remote set does not require the stun server to be data filled, but if you find you do require it, then you are free to search out, and choose from a number of open servers that a Google search will find such as these...

    http://www.tek-tips.com/faqs.cfm?fid=7542
     
  6. Duff Man

    Joined:
    Sep 8, 2014
    Messages:
    15
    Likes Received:
    0
    Thansk Leejor,

    So why does the standard template for SNOM 710 tell the phone to use stun server #my3cx.wan.ip#:5060

    I have to know go hack the STUN part out of each provisioning template or they don't work. Is this normal?

    Thanks
    Wihan
     
  7. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,357
    Likes Received:
    224
    I don't use Snom sets so I'm afraid I can't answer that. The 3CXWANIP:5060 would normally be the server address. You can try just leaving it blank and see if calls complete correctly.
     
  8. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    Since version 11 3CX phone system can act as a STUN server at port 5060 for SIP clients registering to it via public address. This feature is working normally as a private STUN server and is more reliable to use than any public STUN server, which could be unreachable or overloaded at certain moments. I recommend using it than any other STUN server, sometimes you work without STUN server as well.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Duff Man

    Joined:
    Sep 8, 2014
    Messages:
    15
    Likes Received:
    0
    Hi Eagle2,

    Since this post this error have not occurred again, so I left it, but it happened again just now.

    So first of all, please note my system is the 3CX Cloud version, running on an offsite machine.
    I understand the 3cx will query stun from stun.3cx.com, this is not my issue, my issue is the handsets also query stun to my 3cx server, and the server is not responding to their stun queries.

    So I have 3 tenants currently installed, their ports for SIP and STUN is 5060, 6060, 7060

    The phones that I am using for testing is a Yealink T42G, and a Yealink T48G.

    Both phones provisioned successfully and can make calls, but the calls were taking about 10 seconds to connect.
    The dial plan is working, so when entering the number that matches the plan the phone goes from idle to Dialing...

    But it takes about 10 seconds for 3cx to register anything (it just reports the extention as idling)

    I looked into the logs and found this.
    Feb 17 01:17:58 GUI [715]: TKUI<6+info >878.081.855:TalkUIRect[w:478,h:285]
    Feb 17 01:17:58 GUI [715]: TKUI<6+info >878.084.434:CTalkTabManager::LoadData end
    Feb 17 01:17:58 ipp [738]: IIPP<5+notice> SET_VOLUNE,00000001 00000008
    Feb 17 01:17:58 GUI [715]: SCA <6+info >878.297.269:[SCA]: Can't get account object by lineID[0]
    Feb 17 01:18:00 netS[553]: LLDP<6+info > unable to guess frame type, dest mac [01 00 0c cc cc cc]
    Feb 17 01:18:06 SIP [756]: SUA <4+warnin> [000] stun get map address err
    Feb 17 01:18:06 SIP [756]: SUA <5+notice> [000] STUN get rtp binding mapped port fail
    Feb 17 01:18:06 SIP [756]: SUA <5+notice> [000] b is 0, unset the b= field
    Feb 17 01:18:06 SIP [756]: SUA <5+notice> [000] ssco:SRTP disabled
    Feb 17 01:18:06 SIP [756]: SUA <5+notice> [000] last DTMF is:-1
    Feb 17 01:18:06 SIP [756]: SUA <5+notice> [000] b is 0, unset the b= field

    as you can see it took 8 seconds to contact the STUN server, which failed.
    I logged into my Yealink and manually changed the stun to disable, and the problem instantly dissapeared, all calls now connect within 1 second.

    I checked my other tenants, and they also have stun set, using port 7060 for instance and they do not suffer from this issue.

    I checked my 3cx server, and if i match the process ID with the netstat output i can see that port 7060 is in use by the PhoneSystem service of the correct tenant, and also port 5060 is in use by the phone system service of the correct tenant.

    SO it seems that for some reason 1 tenant STUN is working, the other isn't, even though they are both normal installs.

    Any idea how to test a stun server (other than by using a phone) like can i query it from command line, or is there a tool i can get to query it?

    Thanks
     
  10. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,061
    Likes Received:
    56
    The question is whether or not STUN is really needed? If you have a static public IP and a router that handles one-to-one port forwarding correctly, then the chances are high that STUN is not needed. In your case, if I understood you correctly, you have a direct WAN connection to the 3CX system so there is no NAT being performed. As a result, you should be able to disable the STUN settings in 3CX and remove any setting in the phones as well and have each group point directly to their respective SIP ports..

    From the 3CX blog:

    Note: There are cases that STUN resolution is not required. For example, when a server has a public IP and no firewall in front of it. To tun off STUN resolution, from the 3CX Management Console, navigate to “Settings” > “Network” > “STUN server” tab. Check the “Turn off STUN requests” check box, enter the “Static Public IP” of the server and “Select Network card Interface”. For additional information regarding working without STUN resolution read our “How and when can I switch off STUN Resolution?” article.:
     
  11. mamo

    Joined:
    Aug 22, 2016
    Messages:
    35
    Likes Received:
    1
    Today, I tried to configure a snom D765 as remote extension and ran into exactly the same problem, as described here.

    Snom displays "Not Registered". And in the logs it says:
    Code:
    Sep 24 01:43:04 [WARN ] SIP: stunserver xxxxxxx.3cx.de:5060 is not answering, will try again in 300 seconds
    After deleting the STUN server from snom settings, everything seems to work fine.
    Interestingly, under http://wiki.snom.com/wiki/index.php/Set ... tun_server you can read that even snom "strongly discourage" from using their STUN-feature.
    => Having this setting inside the standard template seems to be an obvious mistake. Maybe someone could file a bug report in order to get this fixed in future versions?
    (would do it myself, but can not find where I should send bug reports)

    I did some tests with a STUN client for windows. Indeed there is a STUN server running on my 3CX server that I could reach at port 5060. However there seems to be some wired firewall / port forwarding issue, preventing access from outside. If I do a STUN request on the local server IP on port 5060, I will get a proper reply. If do the same test with my public IP, it will fail.
    I triple checked all port forwarding settings in my Lancom router, but could not find any errors. Port 5060 is certainly forwarded to 3CX for TCP and UDP. Firewall Check in 3CX does not find any errors. Disabling Windows Firewall doesn't change anything either. I am at loss, why my STUN server is not reachable from outside. Maybe it even is reachable but does not answer to remote requests?
     
  12. Sopock

    Sopock Member

    Joined:
    Jul 11, 2012
    Messages:
    448
    Likes Received:
    20
    Even if remote extension is behind NAT?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.