Registration from outside Lan

Discussion in 'General' started by msalsido, Sep 11, 2010.

  1. msalsido

    Joined:
    Aug 5, 2010
    Messages:
    4
    Likes Received:
    0
    I installed elastix 2.0

    I Can :
    * Create sip extension
    * Inside Lan can comunicate all extensions
    * Use DMZ for router
    * From outside LAN can see the platform

    I can't
    * Can't validate registration in X-lite
    Always got error 408 Request Timeout
    - All settings as described in "elastix without fears"
    - Also deactivate all QoS in Advance Setting

    Any advice will be appreciated.

    Mark
     
  2. andyshawn

    Joined:
    Apr 3, 2009
    Messages:
    113
    Likes Received:
    0
    Good Article omid.

    Hey Mark,

    Is the elastix server assigned a public IP address? Is the server behind a firewall?
     
  3. dingoland

    Joined:
    Jan 16, 2008
    Messages:
    220
    Likes Received:
    0
    Hi Mark,

    You have to forward ports UDP 5060 and 10000-20000 to your elastix server in your router.
    You have to enable nat=yes for the extension outside the LAN in your extension settings.
    You have to permit your external extension IP to register by changing permit/allow IP addresses in extension settings.

    Regards
     
  4. msalsido

    Joined:
    Aug 5, 2010
    Messages:
    4
    Likes Received:
    0
    Tks for the advice now I'm reading material and looking how to do....


    What do I have.

    Internet > MODEM > ROUTER TPLINK 340G > ELASTIX

    TPLINK 340G. Have set Elastix to be exposed to the public adress (DMZ)

    I can access the elastix platform inside using local ip 192.168.1.20
    from outside have created a host name to deal with the dynamic IP.

    With DMZ supposed no need to open more ports... I'm in here....
     
  5. dingoland

    Joined:
    Jan 16, 2008
    Messages:
    220
    Likes Received:
    0
    Hi,

    No need to put Elastix in a DMZ, in your local LAN is better.
    In your DMZ, open only the needed ports to your elastix else you can be hacked very quickly.
    Install fail2ban to secure your installation.

    For the external extension, in your DMZ, no difficulty if you read my last post about the settings in the FreePBX ;)

    Regards
     
  6. msalsido

    Joined:
    Aug 5, 2010
    Messages:
    4
    Likes Received:
    0
    I disable the DMZ to protect network.
    Open ports for the Elastix machine
    open 5060 and 10000-20000
    Set NAT=yes

    Still didn't know the right settings for permit/allow ...

    LAN IP 192.168.0.120
    PUBLIC IP - Dynamic using dyndns free to solve dynamic IP.

    Regards
     
  7. dingoland

    Joined:
    Jan 16, 2008
    Messages:
    220
    Likes Received:
    0
    The things you done are right !

    For the permit/deny, enter the public ip of the remote extension in the permit field (the public ip address where the remote extension will connect from, not which of the elastix server. If not static, you can put a range of ip addresses by changing the subnet mask).

    To test, you can let the permit/deny to 0.0.0.0 but anyone can connect if they know your extension credentials.

    Regards
     
  8. JCMilleniuM

    Joined:
    Oct 7, 2010
    Messages:
    10
    Likes Received:
    0
    Same problem in here!!

    My scenario:

    LAN (asterisk inside) ----- motorola wireless router ----- INTERNET ----- router w firewall ----- OFFICE LAN


    • Elastix Version 2
      NAPT is enabled on the motorola router
      I'm using DDNS on the motorola router since it has a DDNS client
      My asterisk box is on the DMZ of the motorola router
      nat=yes, hostextern=****.ath.cx, externip=***.ath.cx, localnet=192.168.0.0/255.255.255.0, qualify=yes, externrefresh=120 on the sip_general_custom.conf file

    When I connect from inside the lan with just the ip it works like charm ex: 100@192.168.0.5
    When I try to connect from inside the lan with the sip client using the host name it does not work ex: 100@***.ath.cx
    It will not register from outside either.

    How can i fix it :S

    Thanks
     
  9. dingoland

    Joined:
    Jan 16, 2008
    Messages:
    220
    Likes Received:
    0
    Hi,

    Did you forwarded the rtp ports and voip port 5060 in your router from the outside to your elastix server ?

    Regards
     
  10. msalsido

    Joined:
    Aug 5, 2010
    Messages:
    4
    Likes Received:
    0
    Sorry, for my poor english.

    JC, I'm still so newby, but have walked that way... With many internet providers you can't inside the lan network call the public ip. Don't know why, But I can't. Inisde the lan have to use the local ip, outside the lan use the public IP. To use extension from outside. In Elastix server, set each extension / configure the ip, should input the external ip from where you are going to use the extension.

    What I'm still didn't find out is for example if using laptop and in the day move to 2 or more sites how to configure the Elastix to autorize any public IP where I try to connect.
     
  11. trymes

    Joined:
    Aug 19, 2009
    Messages:
    228
    Likes Received:
    0
    A few notes: MilleniumX mentioned setting externip= to a hostname. It should be set to an IP Address.

    Msalsido: The problem you describe with not being able to use the external hostname from the LAN is caused by your router, not your ISP.

    Also, the basic idea is this:

    1.) Ports 5060 and port range 10000-20000 need to be forwarded to your Elastix box.
    2.) Asterisk NAT settings need to be configured properly so it will substitute the external IP Address in packets sent outside the LAN.
    3.) Make sure that the extension in question is not set to deny connections from certain IPs.
    4.) Set the Extension to nat=yes so that Asterisk knows to use NAT Translation for this extension.

    Of course, this gets more complicated if you are not always behind NAT. If you are using a softphone on a laptop, your best solution might be a VPN connection to your network to circumvent the NAT. I normally use IPSec, which works quite well.

    Tom
     
  12. JCMilleniuM

    Joined:
    Oct 7, 2010
    Messages:
    10
    Likes Received:
    0
    My fault, I had elastix on DMZ instead of forwarding ports. Now works perfectly.
     

Share This Page