Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

v15 stun issues

Discussion in '3CX Phone System - General' started by Rob24h, Nov 17, 2017.

Thread Status:
Not open for further replies.
  1. Rob24h

    Joined:
    Mar 20, 2017
    Messages:
    85
    Likes Received:
    6
    Hi,

    We just installed a hosted 3CX v15 SP1 and we seem to have some issues with STUN at the remote extensions. We are not using a SBC (and don't plan to). The phones we are testing with are Yealink T19.

    If we use the default phone template provided by 3CX the PBX is set as the STUN host with port 5060 as STUN port. This is not working. Phones can register but there is no audio at all.

    If we change the STUN port to 3478 (still keeping the pbx as the stun host) we seem to have audio but then we have a delay of 6 seconds in establishing the calls.

    If we change the STUN host to stun_eu.3cx.com with port 3478 we have no issues with calling at all an no issues with delay. The problem we are facing here is that extensions appear in the phone tab with their internal IP and cannot be provisioned.

    What is the recommended way (we would expect the default template) and what can we do to fix this issue?
     
  2. Saqqara

    Saqqara Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    1,251
    Likes Received:
    202
  3. Rob24h

    Joined:
    Mar 20, 2017
    Messages:
    85
    Likes Received:
    6
    There is no SBC, we only use STUN.
    When I look at the limitations it says: "In STUN provisioning assign a minimum of 12 RTP ports"
    This is done by the template I think but that also does not explain why everything works on the 3CX external STUN and not on the PBX.
     
  4. Rob24h

    Joined:
    Mar 20, 2017
    Messages:
    85
    Likes Received:
    6
    Today we did some more testing and used a Yealink T41P to test this on but we have exactly the same results as on the T19.

    Now we noticed all our problems disappear when we set the NAT option in the phones to Disabled instead of STUN.
    Can anyone explain why this is and if it has any consequences to leave NAT disabled?
     
  5. us1

    us1

    Joined:
    Oct 19, 2015
    Messages:
    80
    Likes Received:
    21
    When setting up phones via STUN, each phone per location must be configured to use a unique local SIP port and local RTP port range. For example, you can't have 10 phones all using local SIP port 5065 and local RTP ports 14000-14009. To work around this, go to each phone's provisioning settings in the 3cx console and increment both the SIP port as well as the RTP ports. I typically increment the local SIP port by 2 and the local RTP ports range run consecutively.

    E.G.
    Phone 1: SIP-5067 RTP 14000-14009
    Phone 2: SIP-5069 RTP 14010-14019
    Phone 3: SIP-5071 RTP 14020-14029
    etc.

    Also make sure that you set each extension to "PBX delivers audio" in order to have communication between extensions to work correctly.

    Best of luck.
     

    Attached Files:

  6. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,086
    Likes Received:
    64
    Have you considered the possibility of using a site-to-site VPN? This would eliminate all of the issues you have observed. You should also do the upgrade to SP2 and then check and see if new templates have been issued.

    In the meantime, it is assumed that you have run the firewall checker at the 3CX site and all has passed - meaning that the needed ports are open and forwarded. It is also assumed that at the remote site you disabled any SIP ALG in the router. The issue you face is that the router has to handle the NAT and PAT and some do a better job than others. STUN is not really needed if the IP addresses at both ends are static, but the system will indicate STUN in order to uniquely establish ports for each phone as a way of overcoming the PAT issue. One key is that the PBX must provide audio should be set. This prevents the phones from trying to negotiate the audio paths directly between one another and bypassing the PBX.

    What you may want to try is to manually provision a couple of phones first. The SIP server will be your 3CX FQDN and 5060 the SIP port. Then, in the phone, there will be a local SIP port and this is where you will need to give each phone a unique local SIP port - 5060, 5062, 5064, etc. You will also need to provide a range of RTP ports that are unique to each phone and as pointed out if the phone allows for a range, 12 ports should be allocated. In order to create a pinhole in the router, you should enable each phone with keep-alives with an interval of no more than 30 seconds. It makes no difference as to the type of keep-alive. This will effectively keep the ports open so that any incoming call can traverse the router and reach the needed extension. If the phone has a network setting that calls for NAT, enable it and enter in the public IP of the remote site (usually in network). It may also have a NAT setting on the account page for a proxy, leave disabled. Leave STUN, ICE, TURN and others disabled. Keep the initial configuration as simple as possible. Once you are complete, you can then test and see if all is working OK.

    If so, you can then modify some aspects of the template to mimic the settings you manually set in the phones (keep alive, 30 seconds, enable NAT, NAT IP, no STUN, etc.) and use as a default (assumes that the common settings for all phones are the only ones impacted). You could also modify the template to be unique to each phone, which would encompass the ports, but this is probably not needed as you can do using the 3CX phone provision tab. If you do a unique, you will need to rename them when saving. It may be wise to also set the phone to provision on every reboot.

    Hope this helps.
     
Thread Status:
Not open for further replies.