How to manage different locations?

Status
Not open for further replies.

TurabG

Member
Aug 25, 2022
77
7
8
44
Hi all,

I am planning to migrate from 3CX to Fusion in a short time; so I am trying to figure out how I would do things that I am doing in 3CX, one of which is what they call "Session Border Controller (SBC)". I have been reading through some threads around here and know that SBCs are considered nothing but a mere marketing material.

In fact, it helped me have a stable internal communication at our locations. At one office, we have about 20 extensions. At first, we were using a cloud based PBX hosted by the VoIP provider. It was very frustrating for us to have approx. 20 clients connecting to the cloud PBX all the time and we had terrible internal communication, since even I am calling the dest next to me, it goes through the internet and comes back, it suffered quality all the time. Later we migrated to 3CX, we turned our VoIP provider's service from cloud-PBX to trunk-only and with a local SBC, which is the only client to the cloud PBX server, managing all other local clients, we solved this problem at all. (And it also had some sweet bonus like auto-provisioning of the phones.)

Now after three years, I am not pleased of the policies of 3CX and would like to migrate to FusionPBX but I couldn't yet figure how I can resolve the very first issue I had with a cloud PBX.

I will be installing FusionPBX on a private cloud VPS, in a dedicated server of ours. Any ideas are appreciated.
 

Adrian Fretwell

Well-Known Member
Aug 13, 2017
1,498
413
83
If you have a reasonably good internet connection then you should have no trouble with a call from desk to desk going via the internet. We have sites with 300+ phones all talking to each other via the internet. Make sure your internet connection is good, you have a decent reliable router, and you put in place some bandwidth management to give your VoIP traffic priority.
 

TurabG

Member
Aug 25, 2022
77
7
8
44
We have a balance router with two redundant VDSL connections which are 50 Mbps / 8Mbps + 100 Mbps / 16 Mbps. At the time when we had one of these, we were using a cloud PBX offered by our VoIP provider. By cloud I mean not a cloud server or a VPS. We were provisioning our phones directly on the provider's IP, which was managed from a web interface. And we had real hard time with communication. I think internet connection was reasonably good enough back then too and QoS was set to prioritize VoIP traffic.
 

hfoster

Active Member
Jan 28, 2019
684
81
28
34
You are right that an SBC is more of a concept, than an actual device or piece of software. Simply anything that sits at the edge of a boundary and modifies packets can be considered one.

I imagine it wasn't the SBC that 'fixed' it, more that it creates a tunnel back to the 3CX which the ISP simply wont mess with. Far too many ISPs out there maliciously and non-maliciously appear to have bizarre rules for QoS, CoS and other policies based on UDP/TCP 5060.

You can achieve similar things with off-the-shelf networking, like SSL VPNs, IPSEC or L2TP tunnelling.

Now after three years, I am not pleased of the policies of 3CX
I did see on Reddit that the owner was threatening to ban and revoke licensing for talking sh*t about 3CX. That was wild.
 

TurabG

Member
Aug 25, 2022
77
7
8
44
You can achieve similar things with off-the-shelf networking, like SSL VPNs, IPSEC or L2TP tunnelling.
How practically? You mean a tunnel between the Fusion VPS and the site router? Don't know if that would be effective if we have a handful of VPSs for some internal and external applications.
 

hfoster

Active Member
Jan 28, 2019
684
81
28
34
Yeh, the 'practically' is the hard bit with VPS's. It gets so messy having the VPN server terminate on the box itself, because you then need to deal with virtual addressing. The VPS provider might have something in place already to join the network where your VPS's are located.

Dead simple if you own the network though, or using something like Azure or AWS. The phones themselves can often support OpenVPN too, so that can sometimes be a boon.

There is alternatively TLS and ZRTP that work on FusionPBX once you've signed some certs with LetsEncrypt. This is also an effective way of making sure ISPs can't mess with the traffic, but you can't access the handsets unlike a VPN.
 

TurabG

Member
Aug 25, 2022
77
7
8
44
After these months passed since I opened this thread, I tend to install Fusion locally rather than on a VPS or something. Because this way at least internal communication (extension to extension) should not have anything to do with internet.

But I couldn't yet register my trunk in Fusion and I can't find "how" yet. I am still actively using 3CX and I do very same settings in Fusion, but the best I get is 408 request timeout. Provider says there is no registration request made to their servers.
 

hfoster

Active Member
Jan 28, 2019
684
81
28
34
You can always see what SIP packets are being sent using 'sngrep' on the terminal. I might expect it's something to do with using port 5080 as the external listening port for SIP traffic. I think 3CX listens on 5060 for all SIP traffic, not just extensions so it's slightly different.
 

Adrian Fretwell

Well-Known Member
Aug 13, 2017
1,498
413
83
With Fusion installed locally, my guess will be that your trunk registration issues are related to NAT. Port 5080 on FreeSWITCH will need to communicate with the outside world. FreeSWITCH will need to know what it's external (internet facing) IP address is so it can set this correctly in Contact headers and SDP bodies. If you have a fixed IP address then great, if not, you may struggle a little but FreeSWITCH is capable of using STUN. The main issue with putting FreeSWITCH behind NAT with a dynamic internet facing IP address is managing external registrations when the IP address changes.
 

TurabG

Member
Aug 25, 2022
77
7
8
44
I changed 5080 port to 5060 in FusionPBX. I checked sngrep and saw that one IP was scanning 5080 port trying to register an extension with a note "friendly scan". (IP: 89.163.130.180 maybe someone recognizes as malicious)

Now I am confused. First of all, I haven't opened 5080 port on my router. How come this request reached to this local machine behind NAT? Secondly, this makes me think I haven't actually managed to change the listening port from 5080 to 5060; while I am sure I did and I can still see it in external SIP profile in admin panel of Fusion.

One more thing, my Fusion log is full of 408 errors and full of retries; but sngrep doesn't list single one of these retries. Am I missing something here? Shouldn't I see retries of register requests made to my provider?
 

hfoster

Active Member
Jan 28, 2019
684
81
28
34
FreeSwitch has auto-nat, which can open router firewalls and such using uPnP or NAT-PMP. Can be quite dangerous! :)

I would expect to see the register messages myself, with no replies in sngrep. Personally, I wouldn't change the port from 5080, I think you can't run multiple profiles on the same socket. You can see the live profiles in SIP Status on FusionPBX.

Othertimes, it's just because FreeSWITCH needs a full restart and is being stubborn.
 
Status
Not open for further replies.