Registration from outside Lan

msalsido

Joined
Aug 5, 2010
Messages
4
Likes
0
Points
0
#1
I installed elastix 2.0

I Can :
* Create sip extension
* Inside Lan can comunicate all extensions
* Use DMZ for router
* From outside LAN can see the platform

I can't
* Can't validate registration in X-lite
Always got error 408 Request Timeout
- All settings as described in "elastix without fears"
- Also deactivate all QoS in Advance Setting

Any advice will be appreciated.

Mark
 

omid.mohajerani

Joined
Jul 10, 2009
Messages
18
Likes
0
Points
0

andyshawn

Joined
Apr 3, 2009
Messages
113
Likes
0
Points
0
#3
Good Article omid.

Hey Mark,

Is the elastix server assigned a public IP address? Is the server behind a firewall?
 

dingoland

Joined
Jan 16, 2008
Messages
220
Likes
0
Points
0
#4
Hi Mark,

You have to forward ports UDP 5060 and 10000-20000 to your elastix server in your router.
You have to enable nat=yes for the extension outside the LAN in your extension settings.
You have to permit your external extension IP to register by changing permit/allow IP addresses in extension settings.

Regards
 

msalsido

Joined
Aug 5, 2010
Messages
4
Likes
0
Points
0
#5
Tks for the advice now I'm reading material and looking how to do....


What do I have.

Internet > MODEM > ROUTER TPLINK 340G > ELASTIX

TPLINK 340G. Have set Elastix to be exposed to the public adress (DMZ)

I can access the elastix platform inside using local ip 192.168.1.20
from outside have created a host name to deal with the dynamic IP.

With DMZ supposed no need to open more ports... I'm in here....
 

dingoland

Joined
Jan 16, 2008
Messages
220
Likes
0
Points
0
#6
Hi,

No need to put Elastix in a DMZ, in your local LAN is better.
In your DMZ, open only the needed ports to your elastix else you can be hacked very quickly.
Install fail2ban to secure your installation.

For the external extension, in your DMZ, no difficulty if you read my last post about the settings in the FreePBX ;)

Regards
 

msalsido

Joined
Aug 5, 2010
Messages
4
Likes
0
Points
0
#7
I disable the DMZ to protect network.
Open ports for the Elastix machine
open 5060 and 10000-20000
Set NAT=yes

Still didn't know the right settings for permit/allow ...

LAN IP 192.168.0.120
PUBLIC IP - Dynamic using dyndns free to solve dynamic IP.

Regards
 

dingoland

Joined
Jan 16, 2008
Messages
220
Likes
0
Points
0
#8
The things you done are right !

For the permit/deny, enter the public ip of the remote extension in the permit field (the public ip address where the remote extension will connect from, not which of the elastix server. If not static, you can put a range of ip addresses by changing the subnet mask).

To test, you can let the permit/deny to 0.0.0.0 but anyone can connect if they know your extension credentials.

Regards
 

JCMilleniuM

Joined
Oct 7, 2010
Messages
10
Likes
0
Points
0
#9
Same problem in here!!

My scenario:

LAN (asterisk inside) ----- motorola wireless router ----- INTERNET ----- router w firewall ----- OFFICE LAN


  • Elastix Version 2
    NAPT is enabled on the motorola router
    I'm using DDNS on the motorola router since it has a DDNS client
    My asterisk box is on the DMZ of the motorola router
    nat=yes, hostextern=****.ath.cx, externip=***.ath.cx, localnet=192.168.0.0/255.255.255.0, qualify=yes, externrefresh=120 on the sip_general_custom.conf file

When I connect from inside the lan with just the ip it works like charm ex: 100@192.168.0.5
When I try to connect from inside the lan with the sip client using the host name it does not work ex: 100@***.ath.cx
It will not register from outside either.

How can i fix it :S

Thanks
 

dingoland

Joined
Jan 16, 2008
Messages
220
Likes
0
Points
0
#10
Hi,

Did you forwarded the rtp ports and voip port 5060 in your router from the outside to your elastix server ?

Regards
 

msalsido

Joined
Aug 5, 2010
Messages
4
Likes
0
Points
0
#11
Sorry, for my poor english.

JC, I'm still so newby, but have walked that way... With many internet providers you can't inside the lan network call the public ip. Don't know why, But I can't. Inisde the lan have to use the local ip, outside the lan use the public IP. To use extension from outside. In Elastix server, set each extension / configure the ip, should input the external ip from where you are going to use the extension.

What I'm still didn't find out is for example if using laptop and in the day move to 2 or more sites how to configure the Elastix to autorize any public IP where I try to connect.
 

trymes

Joined
Aug 19, 2009
Messages
228
Likes
0
Points
0
#12
A few notes: MilleniumX mentioned setting externip= to a hostname. It should be set to an IP Address.

Msalsido: The problem you describe with not being able to use the external hostname from the LAN is caused by your router, not your ISP.

Also, the basic idea is this:

1.) Ports 5060 and port range 10000-20000 need to be forwarded to your Elastix box.
2.) Asterisk NAT settings need to be configured properly so it will substitute the external IP Address in packets sent outside the LAN.
3.) Make sure that the extension in question is not set to deny connections from certain IPs.
4.) Set the Extension to nat=yes so that Asterisk knows to use NAT Translation for this extension.

Of course, this gets more complicated if you are not always behind NAT. If you are using a softphone on a laptop, your best solution might be a VPN connection to your network to circumvent the NAT. I normally use IPSec, which works quite well.

Tom
 

JCMilleniuM

Joined
Oct 7, 2010
Messages
10
Likes
0
Points
0
#13
My fault, I had elastix on DMZ instead of forwarding ports. Now works perfectly.
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,887
Members
17,565
Latest member
omarmenichetti
Top