Configuring remote workers cheatsheet

From SIPfoundry sipXecs IP PBX, The Open Source SIP PBX for Linux - Calivia

Jump to: navigation, search

sipXecs 4.0 introduces a new near-end and far-end NAT traversal capability. With this feature, it is possible to deploy sipXecs behind a non-SIP-aware firewall and allow remote users also behind non-SIP-aware firewalls to register seamlessly and make & receive calls on the system.

In order to configure this capability, six steps need to be followed:

Step 1 - configuring NAT traversal feature

  • In sipXconfig, navigate to System->Internet Calling->NAT Traversal and: 
  * "Enable NAT Traversal": checked
  * "Server behind NAT": checked

Step 2 - configuring public IP address of sipXecs 

  * Navigate to system->servers-><click on server>->NAT
  * If the WAN-facing IP address of your NAT/Firewall is static then select "Specify IP address" and 
    enter it under "Public IP Address".  Instead, if the WAN-facing IP address is dynamic (i.e. your ISP changes 
    it from time to time), select "Use STUN" and enter a STUN server address in the "STUN Server" field 
    (stun01.sipphone.com is a somewhat reliable public STUN server that could be used here).
  * Keep all other fields as defaults.

Step 3 - define your local private network topology 

  * Navigate to System->Internet Calling.  There, you need to enumerate the domains and subnets that make 
    up the private network that your sipXecs is a part of.  For example, if your sipXecs has domain name 
    sipx.example.com and is part of private network 10.10.10.0/24 then you need to have an "Intranet Domains"
    entry of "*.sipx.example.com" and an "Intranet subnets" entry of "10.10.10.0/24" and remove the default 
    ones.  Be sure to remove any pre-configured intranet subnets that do not apply to your pricate network.
  * Make sure that 'Enable Internet Calling' check box is disabled. This setting is only useful when using 
    a session border controller other than sipXbridge.

Step 4 - Configure your firewall 

  * Next, you need to log into your Firewall/NAT and open pinholes and create port forwarding rules that will route 
    any incoming TCP and UDP traffic arriving on port 5060 to the private IP address of your sipXecs.  You also 
    need to open pinholes and create port forwarding rules for traffic arriving on the UDP port range defined in sipXconfig's 
    'system->servers-><click on server>->NAT->Show Advanced Setting' page to the private IP address of your sipXecs.

Step 5 - Configure the phone <skipping the obvious settings> 

  * Set proxy to the SIP domain of your sipXecs
  * Configure the outbound proxy to be the public IP address of the firewall/NAT fronting sipXecs
  * Disable any NAT traversal technologies (STUN, ICE, ALGs, ...) inside the remote worker's phone as well as inside
    local and remote firewalls/NATs.  Using Counterpath clients as an example, you would achieve this by selecting
    'Use Local address' instead of 'discover global address' and uncheck 'Enable ICE'.

Step 6 - Enjoy!

Retrieved from "http://sipx-wiki.calivia.com/index.php/Configuring_remote_workers_cheatsheet"
Personal tools