Domains

[CPav]

Hello all,
I currently have a few tenants setup with their respective domain names. What is the correct way to configure the client side(softphone) domain credentials?
At present, I set the domain name of the customer in the "domain" field of the softphone and then select the outbound proxy option and type the actual pbx URL here.

Is there a better way of doing this so that I don't have to set outbound proxy? I've tried setting the username as user@domain but this doesn't work. Any other way?

 

[CPav]

Just to add some clarity on my question. My current softphone setup works as below:

Domain: [your multi-tenant domain name]
Username: [extension]
Password: [password]
Use Outbound Proxy: [ticked]
Outbound Proxy: [DNS URL for PBX]

From some other posts I see if I do not want to use the multi-tenant domain name in the "domain" field then I should create a DNS A record per domain/client. So I'm assuming this would be the only way to free up the need to use "outbound proxy"?

My next question would be, does this impose a security risk at all? Since the domain names are now public?

 

[AIC2000]

I don't see it any less secure than having any of your PBX domains "public" in any way. It'll always reach the same box (even if you don't use a domain and use an IP which isn't recommended).

I'd definitely recommend going with the A record route. Even if you create subdomains to keep things simple, such as:

clienta.properpbx.domain
clientb.properpbx.domain
clientc.properpbx.domain

etc.

 

[inform11]

Proxy = sip-domain1.com
Use Outbound Proxy: Yes
Outbound Proxy: 10.10.10.10 (ip-address freeswitch)

to correctly register the phone!

DNS not used

 

[CPav]

Thanks AIC2000,
The reason I asked about security, is at the moment I just use pbx.domain.com, then each client has to specify their domain within fusionpbx, Ive seen many attempts from intruders trying to gain access and make calls, but they do so without using any domains in the auth attempt, I guess I'll create a honeypot domain with a DNS A record for now and watch it over the next few days

 

[AIC2000]

Yeah - there are ways to go around it, but it does all depend on each device then which can become difficult to manage if you're using proxy settings. It's definitely more consistent to imagine giving your customers "their own dedicated PBX domain' if you like - then they authenticate using that. In theory, it looks no different then to having multiple PBX's - one per customer.