Is Multi Tenant possible without Domain ?

Status
Not open for further replies.

Amit Iyer

Member
Feb 6, 2018
60
11
8
30
Hello,

I have a new fusionpbx installed on a Public IP, I want to use the Multi Tenant Feature but i do not have any domains or anyother IP's. How can i create a domain in fusionpbx for multi tenant PBX's without a live domain ?
 

smn

Member
Jul 18, 2017
201
20
18
Yes you can do that. It just requires a little more configuration on the SIP phone. Create the domain on the PBX. Depending on the phone the domain name is put in a field called "realm" or "domain" or:

On Yealink phones I believe it is the "SIP Server" field.

On Aastra phones it believe it is the "Proxy Server" and "Registrar Server" fields.

On Cisco phones I believe it is the "Proxy" field.

On Polycom I believe it is Server1 > Address.

On Grandstream I believe it is Primary SIP Server.

On Linksys ATA I believe it is "Proxy".

Not sure of the hard and fast rule of where to put the IP that works for all phones but pretty sure "Outbound Proxy" is the one field that always needs to be the IP address if not using a DNS resolvable realm/domain.
 
Last edited:

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,077
579
113
I just wouldn't even try and go down any workaround for this, domains are just too cheap not to buy.
 

smn

Member
Jul 18, 2017
201
20
18
I just wouldn't even try and go down any workaround for this, domains are just too cheap not to buy.

But you can't use a domain like google.com that way :cool:. Also, this way allows you to use *.local domains.

I agree that just using a DNS resolvable domain is better. Depends what you are doing. If you are setting it all up and managing it all yourself then you can do it this way.
 

KitchM

Member
Jul 15, 2019
168
6
18
smn, is it best to use *.localhost or 127.0.0.1/*? I noticed you suggested *.local, but I am unfamiliar with how that would work.
 

smn

Member
Jul 18, 2017
201
20
18
smn, is it best to use *.localhost or 127.0.0.1/*? I noticed you suggested *.local, but I am unfamiliar with how that would work.

.local means this just. It is a valid top-level domain that is only resolvable locally, on localhost and private networks. So you can put it your own DNS server or host file if you want to resolve it that way. I usually use it as the server hostname because some applications require the server hostname to be using a top-level domain. Never have any issues with it.
 

bcmike

Active Member
Jun 7, 2018
338
58
28
54
Why bother with any magic tricks? Buy a domain and then set up a wildcard to point at your Fusion PBX. After that you can have all the sub domains you want.

Example set up *.mydomain.com , point it at the IP of your PBX and the you can do sub1.mydomain.com , sub2.mydomain.com , etc, etc without editing any records.
 

KitchM

Member
Jul 15, 2019
168
6
18
@bcmike, I ran across this before and thought I'd mention it when I came back to review this. The problem with buying a domain name is not the cost for the name, but rather obtaining another IP address from your ISP just to serve that domain. That can be very cost prohibitive. In my case, it would cost another fifty dollars per month, as shockingly bizarre as that sounds. (Further, any desire for anonymous routing will probably go out the window as well, although I haven't studied that issue as of yet.) It can get even more complex for those sharing an Internet connection.
 

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,077
579
113
@bcmike, I ran across this before and thought I'd mention it when I came back to review this. The problem with buying a domain name is not the cost for the name, but rather obtaining another IP address from your ISP just to serve that domain. That can be very cost prohibitive. In my case, it would cost another fifty dollars per month, as shockingly bizarre as that sounds. (Further, any desire for anonymous routing will probably go out the window as well, although I haven't studied that issue as of yet.) It can get even more complex for those sharing an Internet connection.

@KitchM If you think you need another IP to serve a domain name then I have to ask if you are even ready to enter this space as you clearly know next to zero about networking. Every single thing for you is going to be difficult, troubleshooting a non-starter.
 

smn

Member
Jul 18, 2017
201
20
18
@KitchM If you think you need another IP to serve a domain name then I have to ask if you are even ready to enter this space as you clearly know next to zero about networking. Every single thing for you is going to be difficult, troubleshooting a non-starter.

Yes, this is not a problem. You can attach an unlimited number of domains or subdomains (both are called A records in domain provider speak) to one public IP address. Domain providers will typically limit that to maybe 100 for basic plans which is still plenty for most people.
 

KitchM

Member
Jul 15, 2019
168
6
18
@DigitalDaz, thanks for making me laugh. If you knew all the options and could think outside the box, you would probably had not said anything.

@smn, yes, quite so, but not applicable in my case, nor in real business. It is something of a cheap way to do things. Shortcuts are usually a very bad idea.

Here's something for you folks to think about. Suppose customer A gets internet service from ISP. ISP assigns IP address 1 to Customer A’s gateway device. Friend B shares service from gateway device.

Friend B gets domain name. Registrar requires IP address. Which address is used? Address 1? Who controls it? Who has access to it? Who's name is on the records? Any legal issues? How do you get packets to go thru the gateway without allowing A to see it?

I’ve only operated five domains and web sites at a time on my servers, but I feel confident that the concept can be successfully multiplied many times over. What I have found is that advice is often given from a narrow viewpoint and the questioner must wade thru the morass of confusion and dead-ends to get to the good and applicable stuff. We dare not assume.

Those who actually know something are the ones who can do it with privacy and anonymity properly deployed. Can you?

Always interested in a good debate. :)
 

ad5ou

Active Member
Jun 12, 2018
892
205
43
What ?..,..???
Here's something for you folks to think about. Suppose customer A gets internet service from ISP. ISP assigns IP address 1 to Customer A’s gateway device. Friend B shares service from gateway device.
If A and B are sharing an internet connection with a single public IP, then they are sharing the connection. End of story. There is no difference between this and just having multiple users in a household or typical office network.

Friend B gets domain name. Registrar requires IP address. Which address is used? Address 1? Who controls it? Who has access to it? Who's name is on the records? Any legal issues? How do you get packets to go thru the gateway without allowing A to see it?
Registrar doesn’t care who/what/why for a given IP address. Multiple domains, multiple hosts can point to a single IP address.
Separating host names etc for a specific service, would be up to the application layer to sort out. For example Nginx or Apache ‘virtual hosts’ to respond to correct domain name in port 80.
If additional privacy/separation is required between users behind the same public IP, it would require additional network equipment and/or advanced firewall to provide the additional security. Ultimately someone has access and control of everything in question.

Honestly, almost everything you have posted resembles someone trolling, someone missing basic network knowledge required to host a server with any hopes of security, someone misunderstanding what oneself is trying to accomplish, or someone losing something in translation in the responses that have been given.
Apologies in advance if I am mistaken in the above statement , but I must also say DigitalDaz can most certainly think outside the box and knows many more options to a given scenario than what you seem to know based on your posts.
 
Last edited:

KitchM

Member
Jul 15, 2019
168
6
18
I appreciate your viewpoint. However, I believe it to be incorrect.

For instance, can you figure a way to separate the Customer A's network management from Friend B's network management?
 

ad5ou

Active Member
Jun 12, 2018
892
205
43
Customer A can be behind their own additional firewall, Customer B can be behind their own additional firewall. This would essentially make everything behind that firewall invisible to the other network.
But.... If customer A is the one who owns the account for internet service, that person/group would have control of the modem/gateway and any necessary port forwarding to an endpoint.

An alternative method for say customer B to have their own public IP and/or more control to public ports etc, they could install a VPN capable firewall and connect to a $5/month or less VPS instance "in the cloud" and gain access to the public IP of the VPS. Customer A would still have control of the actual internet connection (as in allowed access or block access) but could not see any of the traffic passing since it would all be encrypted.
 

trey168

New Member
Apr 14, 2020
8
0
1
37
@DigitalDaz, thanks for making me laugh. If you knew all the options and could think outside the box, you would probably had not said anything.

@smn, yes, quite so, but not applicable in my case, nor in real business. It is something of a cheap way to do things. Shortcuts are usually a very bad idea.

Here's something for you folks to think about. Suppose customer A gets internet service from ISP. ISP assigns IP address 1 to Customer A’s gateway device. Friend B shares service from gateway device.

Friend B gets domain name. Registrar requires IP address. Which address is used? Address 1? Who controls it? Who has access to it? Who's name is on the records? Any legal issues? How do you get packets to go thru the gateway without allowing A to see it?

I’ve only operated five domains and web sites at a time on my servers, but I feel confident that the concept can be successfully multiplied many times over. What I have found is that advice is often given from a narrow viewpoint and the questioner must wade thru the morass of confusion and dead-ends to get to the good and applicable stuff. We dare not assume.

Those who actually know something are the ones who can do it with privacy and anonymity properly deployed. Can you?

Always interested in a good debate. :)
Friend A & B should be hosting their servers on a VPS or server on a DIA connection or colo. Not sharing a consumer connection and attempting to host servers on it. A domain is $10-20/year and a VPS with public IP is around $20/mo. I wouldn’t dream of hosting a production VoIP setup where I had to worry about “Friend B”

Now a test environment... yeah get creative. Setup a local DNS server and you can do whatever you want.

Friend A is probably violating the ISP’s TOS by sharing the connection with Friend B unless they live at the same address.
 

bcmike

Active Member
Jun 7, 2018
338
58
28
54
Friend B needs to get their own internet if they want to host anything. It's that simple.

If you're in a bind financially go rent a vps , they're dirt cheap and you'll get an IP in a data center.
 

KitchM

Member
Jul 15, 2019
168
6
18
@ad5ou, Very cool! Good thinking outside the box. I am totally impressed. That makes us stretch our minds, don't it. The possibilities may be endless as technology changes. I am going to see how I can apply your ideas.

Other comments are interesting. Sure, a person can rent a VPS, but then they have to probably do a reverse proxy to get the info to the "home" office. Gets pretty technical for most folks. Yes, a domain for $7-8 per year, a VPS is ~$8 per month and comes with at least one IP address, but the average Joe will have to do a lot to configure and maintain the server, and that still doesn't get the SIP service to the home office.

Just so you know what I've figured out, the anonymous reverse proxy server in a data center will allow traffic to anonymously be forwarded to your home office server, thereby protecting your privacy while doing business over the web. The work-from-home entrepeneur will be able to appear as a big shot, as long a professionalism is practiced. But still, those darn phone lines.......

And we need this technology more than ever before.

Ah well. Let's keep plugging away at it.

Again, thanks.
 

trey168

New Member
Apr 14, 2020
8
0
1
37
We have a box running ESXi with two VM's with FusionPBX at our colo. If they were VPS's with Linode or Vultr it would work the same, we are an ISP and have plenty of hardware & bandwidth laying around.

One Fusion instance runs our company PBX and nothing else. The other hosts all of our customer side stuff. We have a generic domain for customers that just lease "lines" from us that are delivered to an ATA. That pbx also has subdomains for customers that have their own virtual PBX from us.

We have several offices with around 10 phones each. They connect directly to our Fusion instance on its public IP/domain name. All phones are behind NAT as any home or home office connection would. They work flawlessly with no additional configuration (no reverse proxy, no GRE tunnel, VPN, or anything like that).

For our residential/small biz VoIP customers, we give them a cloud managed router that has two POTS ports. That router talks to our customer FusionPBX instance. For customers that have a hosted PBX it works the same as our company PBX.

If your aim is professionalism, a VPS is pretty well required. If your PBX is on a VPS and your home connection goes out, at least your customers will still be able to get to your voicemail. You could get on a hotspot and tell the PBX to route calls to your cell phone. If you are hosting it at home and you lose power or Internet, you're screwed. I'm all for keeping things cheap and simple but if a customer can't get a hold of you, they are quick to get on Google or Facebook and leave you a crappy review these days.
 
Status
Not open for further replies.