Routing all outbound calls to a central server

[yukon]

Hi All,

I have an issue where I want to route all my outbound calls to a central fusionpbx server. My setup looks something like this:
Customer Site A (Asterisk)
Customer Site B (Kamailio)
Customer Site C (Cisco CME)

Central Hosted (FusionPBX)

Instead of each customer site routing directly to my carriers, I want them to go to my Central Hosted site then out to my carriers. I also want to NOT use registered connections, just an ACL because of the added headaches for customers setting up registration.

On my central hosted system, I have created domains, "customera.mydomain.com", "customerb.mydomain.com", etc. and then have added the customer's IP's under ACL.

On each customer, I've created a gateway to my central server and then a route to the central server. The calls are getting routed fine but then there's a "no route" error because they are looking in the PUBLIC context.

On the central server. I have changed the context on my outbound route to "public" and everything works as I want, HOWEVER. I'm wondering if there's a smarter way to do this, or if there's any security issues with doing it this way. Any feedback from the community here?

Thanks!

 

[DigitalDaz]

That's absolutely the wrong way to do it, the ACLs are for carriers.

What you actually need to do is int eh extensions advanced settings there is a field for CIDR that allows you to do this.

I'd strongly advise that you just do normal registration though as I'm unaware how IP auth affects things that may check to see if you are registered, possibly ring groups queuing etc.

 

[yukon]

Ok. I figured it was the wrong way.

I tried the extensions advanced CIDR and it appeared it was still trying to register and failing. I was getting authentication failures. Have you tested that to make sure it actually works?

I really don't care about ring groups, etc. This central server is just handling calls and sending them outbound to carriers, there will be nothing local on them.

 

[DigitalDaz]

it appeared it was still trying to register and failing

If your endpoints are still trying to register, then that's got nothing to do with the server, you need to tell the endpoints not to try and register.

 

[yukon]

Ok. I set my endpoints as no reg. However then routing calls they are still not able to find the outbound route. It just says:
60183830-51bf-4953-af54-80d562a9aac0 2017-05-29 18:05:47.600917 [INFO] mod_dialplan_xml.c:637 Processing 1001 <1001>->5152299282 in context public
60183830-51bf-4953-af54-80d562a9aac0 2017-05-29 18:05:47.700861 [INFO] switch_core_state_machine.c:311 No Route, Aborting

So how in this instance can I get them to send calls to the outbound routes?

 

[DigitalDaz]

If they are in context public then that means you probably still have a wrong entry in the ACL

 

[yukon]

If they are in context public then that means you probably still have a wrong entry in the ACL

What makes you say that? I added the customer servers to the ACLs, I added an extension with their IP's int he auth acl field. I don't see them trying to register and they appear to be sending calls to 5060.

What other ACL's are there?

 

[DigitalDaz]

The customer servers should NOT be added to the ACL, the ACL is for carriers, thats what puts them in the public context.

 

[yukon]

@DigitalDaz You're telling me how NOT to do it, but i'm not getting any input on what the RIGHT way to do it is. Per mark fusionbpx should operate as a carrier like this which is essentially what I'm trying to do. But I want to find the right way to handle this.

 

[DigitalDaz]

I told you in the second post of this thread how to do it.

 

[yukon]

@DigitalDaz Honestly, if that had answered the question, I would have stopped posting.

I did what you suggested, but it's not routing calls to the outbound routes for some reason. It keeps trying to find them in the PUBLIC space only.

 

[DigitalDaz]

Yukon. you mustn't be flushing memcache or something, as long as they are going to port 5060 and are not in the ACL, then there is no way they can be in the public context. make sure they are in the advanced option in the extension then flush memcache and reloadacl