update on external extension

Discussion in '3CX Phone System - General' started by jramz, Apr 10, 2007.

  1. jramz

    Joined:
    Apr 6, 2007
    Messages:
    8
    Likes Received:
    0
    Hey guys,

    Here is an update on where I am at trying to hook up an IP phone at my house, and connect it to my 3cx server at my office.

    Right now I have a phone hooked up at my house, looking to the office IP for the 3cx server. The 3cx server says that my house phone is registered (which is a good thing!) However when I try to call the house phone from the office, I get no ringing in the earpiece of the office phone, and eventually a busy signal.

    This is what the server says
    12:57:48.453 CallConf::Rejected Call (C:3) is rejected: Destination is not answering
    12:57:48.453 StratInOut::eek:nCancel Call from Ext.101 to 102 has been terminated; reason:
    12:57:32.968 CallConf::eek:nIncoming Incoming call from Ext.101 to sip:102@192.168.1.100

    101 is the office, 102 is the house.

    From that I think the server is looking for ext. 102 on the LAN instead of going out to my house's IP. Am I correct it saying that? And if so how can I fix it?

    Thanks in advance,
    -Jon
     
  2. michael

    Joined:
    Apr 10, 2007
    Messages:
    8
    Likes Received:
    0
    did you check the "device is external" box?
     
  3. jramz

    Joined:
    Apr 6, 2007
    Messages:
    8
    Likes Received:
    0
    Yup, I checked the device is external box under advanced options for the extension
     
  4. dekatech

    Joined:
    Feb 13, 2007
    Messages:
    82
    Likes Received:
    0
    Jon,

    Did you bind the external extension?

    Do you have a firewall at both ends office end only? Is it a natted firewall?

    Do you have a software firewall on the 3CX server?

    I have battled this issue for awhile, and while I am still not there 100% I have made some progress. Others in this group have been successful.

    I have had to make a static route from my firewall to the 3cx server.

    Can you call from office to home? (Iknow it is hard to test.)

    Travis
     
  5. Anonymous

    Anonymous Guest

    Travis made a good point.

    if you have your extensions registered you can deal with them as:

    Internal and external.

    Internal will use the ports 7000 - 7500 and should be opened in your case as you go through a firewall (I believe this is mentioned in the configuration screen).

    External will use ports 9000 - 9003 and should be opened on the firewall aswell.

    The thing with firewalls is that it will accept the response from the external aslong it is initiated from within the firewall (there is a bit more to it but that will do for now).

    So in your case you need to open the above mentioned ports at both ends.

    Henk.
     
  6. michael

    Joined:
    Apr 10, 2007
    Messages:
    8
    Likes Received:
    0
    or you can put 3cx server under DMZ zone,but it is not safe. Another thing you can do is VPN access,if you are using a softphone at home.
     
  7. jramz

    Joined:
    Apr 6, 2007
    Messages:
    8
    Likes Received:
    0
    hi everyone,

    Thanks for the replies. I really appreciate them, hopefully I can get this thing going well. At the office I set up 1 of my phones to look for the SIP server at my public IP address (66.67.xx.xxx) instead of my local LAN IP (192.168.1.xxx). I figure this would let me concentrate on getting 1 router all working. I had all off the ports forwarded and, no luck. Then I tried to set up port triggering for all the ports and it worked! The phone that was now looking at the public IP address was able to make calls etc. So now I will head home and try to get the phone there working.

    A couple more questions though. Now when I make a call over my pstn line using my IP phones there is an echo, whereas before there wasn't. Also travis asked if the phone was set to "bind to media server" I see that option but I do not know what it means.

    Thank you to everyone for all the help so far... slowly but surely it seems to be getting better.

    Thanks,
    -Jon
     
  8. Anonymous

    Anonymous Guest

    Jon,

    You going about it the wright way so that is all good.

    You do not have to have all your ports open on your router. Your scenario you can do with the following ports

    UDP Send/receive 5060 - 5062 these are your sip ports
    UDP send/receive 7000 - 7300 these are for your extensions ( you need to open them as you go external)
    UPD send/receive 9000 - 9500 also for your extensions
    UDP send/receive 10000 - 20000 big range you can limit this but in general these work this is for your sound to pass through.

    These ports have to be open at both routers, because you work with two firewalls.

    The echo, i assume you make a call to a pstn number using your IP phones which go through your 3CX box. The echo is not related to 3cx as i3cx can not fix it but can cause it. In your scenario it is most likely that the time for the echo cancellation to kick in takes a little longer. So try to reduce the echo cancellation time. You can do this on your phone or on your ATA.

    Let us know how you go :).

    Henk.
     
  9. jramz

    Joined:
    Apr 6, 2007
    Messages:
    8
    Likes Received:
    0
    Hi Henk,

    Thanks for the replies they are helping! Right now I can call the phones between the office and house, and they ring, but when you pick up there is no audio.

    Any thoughts on this? On my linksys routers (at home and the office) I have ports 1-30000 open on port range forward and the same on port triggering. The phones didn't start working until I did the triggering.

    Thanks for all your help and other's help as well,

    -Jon
     
  10. jaiume

    Joined:
    Apr 7, 2007
    Messages:
    15
    Likes Received:
    0
    Hi Jon,

    On your office router, have 5060 and 9000-9003 (or what ever is configured as 'Ports to use for external calls') forwarded to you 3cx server. These should be TCP and UDP forwards.


    On your home router - have a look at what the SIP and RTP ports are configured as in the phone's setup. E.g. My Budgetone 101 uses 5060 for SIP and 5004 for RTP (RTP starting, 2 ports are required for RTP, so it would be 5004 and 5005). Now configure your router to forward those ports to your phone's address.

    If your phone at home gets assigned address, you could set up two rules on your router's port triggering- one that opens port 5060 (if that's the phone's SIP address) when outbound port of 5060 is used, and 5004-5005 (if those are your RTP ports) again if port 5060 is used. You trigger the RTP ports to open on the SIP trigger, because the SIP is usually a precursor to RTP traffic.

    On your 3CX server, make sure the home extension is maked as external in the Advanced configuration.

    Hope this helps.
    Jamie
     
  11. Anonymous

    Anonymous Guest

    That applies for external calls, we are trying to use extension to extension dialing and they are dealth with as internal calls unless you set the device as external.

    For extension to extension dialing through a firewall you need to have 7000 - 7500 open ans explained in the configuration screen. :).
    Everything else you are spot on Jamie, i just felt I needed to clarify the internal and external use of the port requirements.

    Ok no sound.

    That is the 10000 - 20000 port range (UDP send/receive) also known as RTP (and RTPC) and Codecs make sure you have the codecs set to G711 on the phones codecs is not a router setting.

    Jamie was hinting towards this I think, because you want a duplex converstion it does not hurt to have mirror port configuration with that I mean. If you have a send on port 10000 you need to have a receive on port 10000 on the other router the returning traffic should be accepted by default.

    That scenario works well at base where the 3cx is installed as the port nomination is dictated from there. But that will not work from your home, what happens there is this.

    1. call gets initiated
    2. 3cx accepts
    3. 3cx designates a port
    4. router in office sees a request from the 3cx designated port but rejects as it is not originated from that router. So for that reason you need to open the ports on that router .

    Based upon what you say you get the phone to ring but when you answer you get the "nobody home :)" it is al silent. I assume the ringing stops when you pick up the phone so all the SIP hand shaking works that is a good thing.

    Sound should come through based upon your port range as you set port triggering to be 1 - 300000 (that is almost half of all ports (there are 65000 odd)).

    If possible can you post the log on the 3cx I like to see if there is something comming up in the server log regarding the media server etc. That might help us. I think your router and firewall config is correct (based upon what you posted) there migh be a media server binding issue.

    Hope this helps.

    Henk
     
  12. jramz

    Joined:
    Apr 6, 2007
    Messages:
    8
    Likes Received:
    0
    quick update.

    Here at the office I have 2 phones. 1 extension(#100) is looks for the 3cx server on the LAN (192.168.1.xxx) the other extension(#101) looks for the 3cx server on WAN (66.67.xxx.xxx). Those phones work great calling between each other. Now when I try to call the home extension(#102) I get a fast busy signal and echo. But the 3cx server says the 2 phones are connected.

    This is a call from #101 to #102

    12:38:22.718 CallLegImpl::eek:nConnected Established media channel for Ext.102: remote=192.168.1.102:5004; local=66.67.28.29:9002
    12:38:22.718 StratInOut::eek:nConnected Call from Ext.101 to Ext.102 is established
    12:38:22.718 CallLegImpl::eek:nConnected Established media channel for Ext.101: remote=192.168.1.101:5004; local=66.67.28.29:9000
    12:38:21.484 CallConf::eek:nIncoming Incoming call from Ext.101 to sip:102@66.67.28.29

    This is a call from #100 to #102

    12:47:19.156 StratLink::eek:nHangUp Call(C:31): got Hang-Up from Ext.100; reason: BYE
    12:47:12.968 CallLegImpl::eek:nConnected Established media channel for Ext.102: remote=192.168.1.102:5008; local=66.67.28.29:9002
    12:47:12.968 StratInOut::eek:nConnected Call from Ext.100 to Ext.102 is established
    12:47:12.968 CallLegImpl::eek:nConnected Established media channel for Ext.100: remote=192.168.1.103:5004; local=5.150.135.202:7080
    12:47:11.562 CallConf::eek:nIncoming Incoming call from Ext.100 to sip:102@192.168.1.100


    I had no idea this was gonna be this fussy when I got everything, I thought it was just gonna be plug and play basically.... But I'm not giving up!!!

    Thanks for all the help everyone. I'll get this workin,

    -Jon
     
  13. dekatech

    Joined:
    Feb 13, 2007
    Messages:
    82
    Likes Received:
    0
    It seems that you may have both phones checked as external. Only one phone in yur setup should be external. (The one NOT located on the same network as your 3CX server).

    This should eliminate your fast busy.

    Travis
     
  14. archie

    archie Well-Known Member
    3CX Staff

    Joined:
    Aug 18, 2006
    Messages:
    1,309
    Likes Received:
    0
    From these log lines I see that you have two IP addresses on the server (66.67.28.29 and 5.150.135.202). Currently, we're not supporting multiple interface cards on the server.
     
  15. Anonymous

    Anonymous Guest

    Archie,

    It is not two nics in the same box :) it is like wan to wan dialing.

    He has an IP segment at home and an IP segment in the office, using the internet to connect the two.

    By the looks of it it might be a NAT issue. Looks like the SIP traffic gets "lost in translation" (sound like a movie :)).

    jramz,

    Mate do not get me wrong, the setup is not FUZZY it is actually one of the easiest arround. But what you are trying to do is not kindergarden type stuff, it is more in the order of high school type stuff.

    It looks like your 3CX is configured pretty ok. I think you have a nat issues. Would be interesting to see if you can see if you can access your phone from your office via html. Eg use the web configuration to configure you IP phone (if it has that capability). Or if you can log into your router at home from your office.

    I think (like i said) that it is a NAT issue, as it drops before the SIP negotiation. From memory you opened all the ports on your router?

    Now I am not saying this will work in the end, but we can atleast have a good stab at it :).
     
  16. dekatech

    Joined:
    Feb 13, 2007
    Messages:
    82
    Likes Received:
    0
    Not sure if this thread is dead but.... what types of phones are you using?

    The reason for the question is I have found if our phone is not capable of a STUN server setting you may have some issues using external extensions.

    I have been using the IP501 from polycom and have not been successful with external extensions. I decided to set up a the 3CX softphone on an external network, it registered and was able to make and receive call, that my IP501 phone could not do, after trading emails with Nick it was determined that the likely culprit was the phones inability to have a STUN server set (the external phone).

    Could be an issue.... just mu .02...

    Travis
     
  17. Palafrenero

    Joined:
    Dec 4, 2006
    Messages:
    1
    Likes Received:
    0
    Team,

    I'd like to discuss this issue, because after reading the manual, several other users posts and the responses from the forum members (specially 3CXsupport, itfarmer and others with high rank), I think the process for making 3CX work seamlessly with both internal and external phones (either hard or soft) in a NATed environment should be more clearly documented and made sticky. This would help to avoid multiple posts on the same topic, and be a step-by-step guide for everyone in the same situation to follow, thus improving customer satisfaction and the product's spread.

    My scenario is the following: I have a Windows XP PC, and I've been running 3CX since versions 2.x, and lately the 1699, 1928 and 1929 builds of the 3.x train. It does not have any SW FW enabled, and is located in a subnet with private addressing (192.168.x.x) behind a Symantec firewall connected to the Internet. The public IP address is dynamic, so a Dynamic DNS service is used to make the external devices find home. I have both fixed internal HW phones and external mobile softphone users (that may be at any time directly connected to Inet, or through a HW NAT firewall. I've tried several softphones, but the most flexible seem to be x-lite and idefisk, which automatically find out if NAT /STUN is required or not.

    To answer Travis' question, I have COSUN HW phones, which support lots of IP phones modes (including nortel and other proprietary IP modes as well as SIP), STUN, all popular codecs, etc.

    As suggested in the manual and the forums, I've forwarded to the 3CX PBX in the FW ports 5060-5063 both UDP and TCP (although the FW log shows only 5060 is used) and 9000-9007 for external phones RTP (same as on the 3CX config page). I also previously had UDP 3478, but learned that only outgoing STUN packets need to be allowed (on by default for external IP config).
    One point I want to discuss is the requirement in some posts to open the external FW to forward HUGE port ranges (7000-7500, and 10000 to 20000) to allow internal-to-external or external-to-external calls. This is dissapointing from a security standpoint, and also contradicts the manual's requirement to open the 900x ports for these calls types.

    From my experience analyzing the FW's and 3CX's logs, I found the following:
    - The server correctly communicates with the STUN server, and shows this in the log, usually getting a port in the 50000+ range:

    StunClient::process STUN resolved external IP=200.126.nn.nn:52800 by server 80.239.235.209

    - The phones, both internal and external, correctly register, place and hang calls over port 5060:

    23:06:09.781 StratLink::eek:nHangUp Call(C:1): Ext.100 hung up call; reason: BYE

    23:06:05.078 CallLegImpl::eek:nConnected Call(C:1): Created audio channel for Ext.100 (192.168.128.2:10020) with Media Server (192.168.128.5:7058)

    23:06:05.062 StratInOut::eek:nConnected Call(C:1): Setup completed for call from Ext.101 to Ext.100

    23:06:05.062 CallLegImpl::eek:nConnected Call(C:1): Created audio channel for Ext.101 (192.168.128.3:8000) with Media Server (192.168.128.5:7060)

    23:05:56.890 CallConf::eek:nProvisional Call(C:1): got response from 100

    23:05:56.625 CallConf::eek:nIncoming Call(C:1): Incoming call from Ext.101 to sip:100@192.168.128.5

    - I have all phones accounts setup to bind to Media Server, so that all calls flow through it, to avoid the needs to setup specific RTP ports on each internal phone, and configure individual phone RTP forwarding rules in the FW, which would become a security and administrative nightmare. Thus, all external phones have a tick in "Extension is external", but not the internal ones. All of them also have the "Supports Re-Invite" and "Supports 'Replaces' header" ticks in.

    So, the thing is that when trying to place calls between external and internal phones, the 3CX Media Server correctly handles the internal "leg" between itself and the internal phone, but then tells the remote phone to send its call flow over to a 50000+ port in the FW's public IP, instead of using the 900x ports specifically configured for this. I think this 50K+ port is obtained from a STUN process, but the audio from the remote phone gets blocked (audio flows seamlessly from internal to external, because the MS correctly sends the RTP flow to the RTP port reported by the external device).
    For some reason, I can not erase the STUN server configuration in the config page (I can only change the server name), or otherwise tell the server to ignore STUN at all, so I'm unable to force the MS to use the specific 900x ports reserved and forwarded for that purpose. I don't really think STUN disable is a good idea, but it would be to make a smarter use of it (or, at least try to make use of 900x ports before).
    A test was also made to open the mentioned 7000-7500 port range and make all phones Internal, which ctually worked (like if they all where on the same LAN) but again, this contradicts the very need for the 900x range definition, and creates a potential security or DoS hole too big for my taste.
    I have extensive experience in Windows, Linux and Firewalls from many makes and sizes administration and support, but I just can't figure out how to make 3CX MS to use the 900x range.

    Any help would be really appreciated, and if the logs are needed, I can send them privately by mail, to avoid exessive clogging of the forum. I'd also like to see if the Advanced terms "Supports Re-Invite" and "Supports 'Replaces' header" could be explained a little more, maybe providing scenarios in which to mark them or not, to expand the manual's sections.

    Hope this helps the community (my 2 cents).

    Thanks and regards,

    Ricardo
     
  18. archie

    archie Well-Known Member
    3CX Staff

    Joined:
    Aug 18, 2006
    Messages:
    1,309
    Likes Received:
    0
    Hi Ricardo,

    First of all, thank you for your detailed post, it should help a lot to many peoples that seeks for answers here.
    I will try to explain and clarify only couple of points from your post.

    Yes, you're right. You shouldn't forward huge range of RTP ports, that 900x range is precisely enough. Mind, that every simultaneous external call takes two ports of that range (RTP and RTCP). So, if you have 8 ports forwarded you can make 4 external calls simultaneousely.

    Well, we can not be sure, that 900x range is correctly mapped at NAT. So, for every external leg Media Server binds receiving sockets to a port from 900x range, and than tries to resolve its mapping by using STUN resolution process. The fact it uses 50K+ port means, that your NAT maps 900x ports to 50K+ range, not just forwards it. I'm not fluent with NAT settings, so I can not suggest you correct settings, but I'm sure you can do it right having this input :)
     
  19. CyberPunk_1000

    Joined:
    May 10, 2007
    Messages:
    2
    Likes Received:
    0
    Hi Everyone,

    I seem to be suffering a similar problem to what has been described in this thread and i wonderd was this ever resloved or does any one have any suggestions i could try?

    My 3cx software is running on a windows box behind a linux based firewall NAT router, i have forwarded the recommended ports to this as follows:
    5060
    3478
    9000 - 9003

    I have multiple soft and hardphones INSIDE the NAT with various softphones OUTSIDE the NAT, in particluar i am using Granstream budgetone 100s and Counterpath eyebeam 1.5 (My Cisco 7940 is still in the post).

    The problem is as follows; The softphones register with the pbx through the firewall with out a problem and internal to extranal calls, and external to internal calls work flawlessly using eyebeam (softphone), but when i try and use the budgetone hardphone i can dial or be called, but the person on the other end can only hear me speaking, i cannot hear them. I have tried various STUN settings and so forth but with no luck. The external phones are not behind any sort of NAT.

    Any one got any ideas or suggestions?
     
  20. dekatech

    Joined:
    Feb 13, 2007
    Messages:
    82
    Likes Received:
    0
    I have only been successful using external phones that allow a STUN server setting.

    I am perplexed how some VoIP hosted solutions circumvent the NAT issue without using STUN....

    Travis
     

Share This Page