Setting Up Remote Phones

From Trixbox Pro Help

Jump to: navigation, search

Contents

If you wish to have phones connected to your trixbox Pro system from a remote network, your trixbox Pro machine needs to be remotely accessible over the Internet. There are a few different ways to accomplish this:

  1. (Preferred Approach) Set up a DMZ Host/Server setting so that all inbound connections to the public IP address of your router are forwarded to the private IP address of the trixbox Pro system.
    We recommend this approach because the configuration is simple, and it’s known to work with a wide variety of firewall/router equipment.
  2. (Alternate Approach) Set up port forwarding in your router/firewall.
    1. This configuration can be very complicated, and it will not work with all routers. Some routers are simply not SIP compatible. This approach is not recommended unless you have experience configuring network firewalls.
    2. Fonality’s IP phones use the SIP protocol for digital call signaling. The actual voice audio uses the RTP protocol. The port number is dynamically negotiated in the SIP signaling by the device. Routers and firewalls that are SIP aware will automatically proxy the correct RTP ports for SIP calls.
    3. Both the SIP protocol and the RTP protocol must be allowed. SIP uses UDP/5060.
    4. The exact RTP port numbers vary from phone to phone. These are the port ranges for each phone type Fonality sells. Note that these may change between firmware versions, so we suggest using a packet trace tool like Ethereal to verify what your phones are actually using.
      • Polycom = UDP/10000 - UDP/20000
      • Cisco = UDP/10000 - UDP/20000
      • Swissvoice = UDP/50000 - UDP/51000
      • Snom = UDP/10000 - UDP/11000
      • Softphone = UDP/9710 – UDP/20000
      • Aastra = UDP/3000 – UDP 4000
    5. Confirm that your firewall security policy allows all of the port ranges you have configured for port forwarding.
  3. Alternate Approach) Use a static NAT mapping with a public IP address.
    • This configuration can be very complicated, and it will not work with all routers. Some routers are simply not SIP compatible. This approach is not recommended unless you have experience configuring network firewalls.
    • This approach involves using a dedicated public IP address assigned to the external interface of your firewall. Connections to this IP address are forwarded to the trixbox Pro system. This similar to a DMZ Host/Server configuration, but allows multiple external IP addresses to be used on the firewall. For example one address is used for trixbox Pro, and another for all the computers.
    • Firewall rule-sets are typically associated with static NAT mappings.
  4. (Alternate Approach) Assign a public IP address to the trixbox Pro system.
    This approach is not recommended because it usually means that a NAT device is between the phones and the trixbox Pro system. Unless that device is SIP aware and supports QoS, there may be problems with the phones on the LAN communicating with the trixbox Pro system.
[edit]

Configuration of Phones

The configuration within every telecommuter phone must be adjusted in order to work remotely from the trixbox Pro system. The instructions below explain how. The reason for this is to allow local phones by default to communicate directly with the trixbox Pro system over the LAN with no router in between.


[edit]

Cisco Phones

Cisco phones are not currently classified as "Certified" or "Uncertified" hardware for trixbox Pro. If you choose to deploy Cisco phones, Fonality will not be able to provide you support (except hourly, best effort support).

To set up a Cisco phone as a remote teleworker phone, you will need to determine the IP address used by the trixbox Pro server, and prepare each Cisco phone as described below.

  1. Press the “settings” Button
  2. Press 9 for "Unlock Config"
  3. Enter the MAC address (case sensitive). You can find this on a label on the bottom of the phone in the middle. It is 12 characters long containing numbers, and usually letters as well. Toggle between Number and Alpha as needed to enter the MAC Address. Press Accept when finished
  4. Press 3 for "Network Configuration"
  5. Enter 27 for "Alternate TFTP" and set it to YES, then Press "Save"
  6. Press 3 for "Network Configuration" again, and enter 7 for "TFTP Server", then Press "Edit". Enter the IP address of the trixbox Pro server, then press Accept.
  7. Press Back twice
  8. Disconnect the power cable from the phone, and then reconnect it.

It might be necessary to clear the old settings from the phone, and to repeat the above process if the settings are not picked up from the trixbox Pro server. If you need to clear the settings in the phone, use the following steps:

  1. Press the “settings” Button
  2. Press 9 for "Unlock Config"
  3. Enter the MAC address (case sensitive). You can find this on a label on the bottom of the phone in the middle. It is 12 characters long containing numbers, and usually letters as well. Toggle between Number and Alpha as needed to enter the MAC Address. Press Accept when finished
  4. Press 3 for "Network Configuration"
  5. Enter 28 for "Erase Configuration" and set it to YES, then Press "Save"
  6. Disconnect the power cable from the phone, and then reconnect it.
  7. Re-program the TFTP Server setting as described above.
  8. Contact Fonality support at http://support.trixbox.com for assistance with changing the configuration files on the trixbox Pro server in accordance with your new extension numbers.
[edit]

Polycom Phones

NOTE: The Auth Username and Auth Password are both case sensitive and should reflect the MAC address.

For firmware revision 1.6.x:

  1. Obtain the IP address assigned to the phone, and browse to it.
    1. Press the “Menu” button
    2. Select “Status…”
    3. Select “Network…”
    4. Select TPC/IP Parameters…”. The IP Address will be shown on the LCD display.
    5. Browse to the IP address using your web browser.
      Example:http://192.168.1.100
  2. Click on the “Lines” Link, and authenticate.
    1. Username: “Polycom” (case sensitive)
    2. Password “456”.
    3. Scroll down to the field labeled Address, in the line you want to use, for example Line 1.
    4. Change the sNNNNNN.trixbox.fonality.com settings to
    5. sNNNNNNx.trixbox.fonality.com where NNNNNN is your server number. Click the “Submit” button when finished changing these settings.
    6. The phone will automatically reset once the changes are made.


The following image demonstrates a valid configuration:

Image:Correctconfig.jpg


For earlier firmware revisions

  1. Obtain the IP address assigned to the phone, and browse to it.
    Press the “Menu” button followed by the “Select” soft key twice. The IP Address will be shown on the LCD display.
    Browse to the IP address using your web browser. Example: http://192.168.1.100
  2. Click on the “Registration” Link, and authenticate.
    Username: “Polycom” (case sensitive)
    Password “456”.
  3. Change the sNNNNNN.trixbox.fonality.com settings to sNNNNNNx.trixbox.fonality.com where NNNNNN is your server number. Click the “Submit” button when finished changing these settings.
  4. The phone will automatically reset once the changes are made.
[edit]

Snom Phones

  1. Obtain the IP address assigned to the phone, and browse to it.
    1. Press the “<” key twice, followed by the soft key below the word “IPAdr” in your LCD display. This will show the IP address on the LCD display.
    2. Browse to the IP address using your web browser. Example: http://192.168.1.100
  2. Click on the "Advanced" link on the left side of the screen.
  3. Change the "Update Policy" setting to "Never update, do not load settings".
  4. Click "Save" to save this change.
  5. Click on the “Line 1” link on the left side of the screen.
  6. Change the sNNNNNN.trixbox.fonality.com settings to sNNNNNNx.trixbox.fonality.com where NNNNNN is your server number.
  7. Click the “Submit” button when finished changing these settings.
[edit]

Swissvoice Phones

Swissvoice phones are not classified on the "Certified" or "Uncertified" list. You will not be able to obtain support for these phones, should you choose to deploy them, other than hourly, best effort support.

  1. Obtain the IP Address assigned to the phone and browse to it.
    1. Press the “OK” button under the “Menu” display on the LCD.
    2. Scroll down to “Admin Settings” and press “OK” again.
    3. Click “OK” for “Current settings”
    4. Click “OK” for “Network Configuration”
    5. Press the down arrow button to scroll down one position to see the IP Address.
    6. Browse to the IP address using your web browser. Example: http://192.168.1.100
  2. Click on the “Administrator” button, and log in:
    1. Username: admin
    2. Password: admin
  3. Click on the “SIP configuration” link on the left side of the screen.
  4. Change the sNNNNNN.trixbox.fonality.com settings to sNNNNNNx.trixbox.fonality.com where NNNNNN is your server number. Click the “Submit” button when finished changing these settings.
[edit]

trixbox Pro Softphone

  1. Right click on the screen of the softphone.
  2. Click on "Settings".
  3. Click on the "SIP Accounts" on the left side labeled "sNNNNNN.trixbox.fonality..." where NNNNNN is your server number.
  4. In the field labeled "Domain" change the sNNNNNN.trixbox.fonality.com settings to sNNNNNNx.trixbox.fonality.com where NNNNNN is your server number.
  5. Click the button labeled "OK".
[edit]

Aastra Phones

  1. Obtain the IP address assigned to the phone, and browse to it.
    1. Press the "Options" key.
    2. Press the Down arrow on the buttons below the LCD screen to option "9 Network Settings" and press the right arrow to Enter.
    3. Enter 22222 and press the right arrow to Enter.
    4. Down arrow to "2 IP Address".
    5. Browse to the IP address using your web browser. Example: http://192.168.1.100
  2. Enter authentication information.
    1. Username: “admin” (case sensitive). Do NOT loging with 'user' regardless of Aastra's documentation.
    2. Password “22222”.
  3. Click on the "Global SIP" link.
    1. Change the sNNNNNN.trixbox.fonality.com settings to sNNNNNNx.trixbox.fonality.com where NNNNNN is your server number. Click the “Save Settings” button when finished changing these settings.
  4. The phone will will need to be restarted for the changes to take effect.
    1. Pull the power on the phone and plug it back in.
[edit]

Recommended Equipment

If you suspect that your equipment may not be SIP compatible, or you desire QoS functionality, we suggest that you consider the Cisco/Linksys BEFSR81 as a replacement in both the remote location, and at the main location. Networks with more than about 20 workstations should consider a more powerful piece of equipment. Consult Fonality for recommendations.

[edit]

Troubleshooting Tips

  1. You can not use trixbox Pro with the routers listed below. These routers are not SIP compatible, so they will not work with remote telecommuters:
    • Netgear FVX538
    • Linksys WRT54G (Newest firmware is known to be OK)
  2. Your router/firewall at the main location MUST hash both the UDP source port and source IP address. Some older routers only hash the UDP source port when they perform the NAT function for UDP connections. If you use a router that works like that, you'll get extremely confusing results where the wrong phone conversations are heard by the wrong people when simultaneous telecommuter calls are conducted.
  3. It will take between 10 minutes to 48 hours for your own name servers to recognize a change in your public IP address, however. Once the name servers recognize the update, or you manually flush your name server's DNS resolver cache, remote phones will be able to connect to it. If you still can not connect after the name servers updated, we may need to update the phone configuration to connect to the remote hostname of your server.
  4. If you are attempting a non-DMZ configuration, consider the use of a packet trace tool like Ethereal to examine the actual packet activity. You can temporarily install a 10 MB/s half duplex hub between the trixbox Pro system and your network so that the packets can be easily analyzed by your packet tracer. Be sure to remove all half duplex equipment from your network before placing the system into production.
[edit]

Using a Network VPN Connection

As mentioned above, trixbox Pro only allows one phone from each remote location if the Router/Firewall equipment uses Network Address Translation (NAT) to convert private IP addresses to public IP addresses. If you must install more than one phone in a single remote location, you may use a Network connection to eliminate the NAT between the IP Phones and the trixbox Pro server in order to allow proper operation.

Another possible reason for deploying a Network VPN Connection is if you are concerned about sensitive communication between your main office and your remote locations potentially being intercepted by a potential attacker on the internet. Using the VPN will add an additional layer of security by encrypting all transmissions between your sites.


NOTE: This configuration is beyond the scope of the Fonality support agreement. This configuration should only be attempted by experienced network administrators. You may need to employ a network consultant for successful deployment of this configuration. Fonality will be unable to provide advice and/or guidance beyond the contents of this documentation. You may want to consult the technical support resources provided by your network equipment vendor if you require additional assistance.


Cisco 1700 (and higher) routers and Cisco PIX devices are known to work well, although configuration is complex. Many Cisco routers offer optional hardware encryption modules for enhanced VPN performance. Consult your equipment vendor for specific suggestions on which products and models to use in your price range and for your desired level of performance and intended scale of use. You will want to ask them about running a SIP VoIP phone configuration through the VPN, and get feedback from them accordingly. Bandwidth requirements for trixbox Pro IP Phones will be 90Kb/sec per call (bidirectional) with about one packet every 20ms.


  1. The IP Phones must not be reconfigured to use the sNNNNNNx.trixbox.fonality.com server address as described earlier in this document. They should use the default setting of sNNNNNN.trixbox.fonality.com where NNNNNN represents your server number. This will cause them to use the private IP address for your trixbox Pro system rather than the public IP address. This is essential in order to ensure proper operation.
  2. You must select appropriate VPN Router/Firewall equipment for both the main site and remote site(s). Be sure to select high performance equipment, ideally with hardware accelerators for the VPN encryption. The more consistent the performance is between the two sites, the better the audio quality will sound.
  3. The main office location where trixbox Pro is installed must use a different IP Address Subnet than every single remote VPN office. For example:
  • Main Office 
Network Subnet: 196.168.1.0/24
Subnet Mask: 255.255.255.0
Router LAN IP Address: 192.168.1.1
Router WAN IP Address: 12.34.56.78 (Example, Assigned by ISP)
trixbox Pro Server IP Address: 192.168.1.10(Example)
  • Remote Office: 
Network Subnet: 196.168.2.0/24
Subnet Mask: 255.255.255.0
Router LAN IP Address: 192.168.2.1
Router WAN IP Address: 12.34.50.20 (Example, Assigned by ISP)
  1. Remote VPN Endpoint: 12.34.56.78 (IP Address of Main Office)
  2. The Router/Firewall equipment you select must allow routing through the VPN so that hosts on the remote network can access the main office network and vice versa with no Network Address Translation (NAT). In the example above, that would mean that an IP Phone at the remote location using 192.168.2.100 can communicate directly with 192.168.1.10 bidirectional with no restrictions. Be sure that the proper routing configuration is established to allow bidirectional communication. You should be able to ping and trace route successfully in both directions using the private IP addresses assigned to each location’s devices.
  3. Consider selecting a low bit encryption for best performance. Typically 40 bit encryption is suitable for VoIP on most VPN equipment. Depending on the age and capabilities of the equipment you use 128 bit or faster may also work well. You may need to try them and compare to be certain of the performance capability of your selected equipment.
  4. Be sure that the internet access at every location is adequate to carry 90Kb/sec (bidirectional) for each IP phone call plus the VPN network overhead for your selected method of encryption. Pay special attention to the “upload” bandwidth, as this can be a problem for some ADSL connections.
  5. If your router supports QoS for SIP, we suggest that you enable it so that you get improved IP Phone performance during web browsing and email downloading. You may consider enabling QoS by IP address so that all communications to/from your trixbox Pro server’s IP address are prioritized over any other traffic.

See Also: Planning Your Network for VoIP

Retrieved from "http://help.trixbox.com/index.php/Setting_Up_Remote_Phones"
Personal tools