Community discussions

MikroTik App
 
vinu
just joined
Topic Author
Posts: 14
Joined: Sun Mar 05, 2017 8:09 pm
Location: India

Problem with IPPBX Behind Mikrotik

Wed Oct 14, 2020 12:00 pm

Hi,
Iam new to the world of IPBX/SIP i have a client who currently wants to ipbx server in their premises with around 5 ip phones so the scenario is

public ip (Customer Mikrotik)---->Internal Lan (2 network 192.168.0.0/24 for their PC & 172.16.10.0/24 for IP PHONE NETWORK)

IP PBX SERVER IP: 172.16.10.100
Tested 3 phones and 1 soft client PC all connects fine internally and only problem is i cannot connect a soft phone / IP phone from outside network

IP -FireWALL-SERVICES enabled SIP refer screenshot
Dst address in firewall is my public ip
My connection type is ipv4 address with public ip /28
IP PBX IS MATRIX ETERNITY NE
NOTHING IN FIREWALL FILTER RULES
You do not have the required permissions to view the files attached to this post.
 
aesmith
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Wed Mar 27, 2019 6:43 pm

Re: Problem with IPPBX Behind Mikrotik

Wed Oct 14, 2020 12:51 pm

Tested 3 phones and 1 soft client PC all connects fine internally and only problem is i cannot connect a soft phone / IP phone from outside network
When you say you can't connect from outside the network, do you mean from elsewhere on the Internet? If so then we need to know how these remote phones are expected to register with your PBX, for example what settings do you configure? Then you need to make sure your firewall rules permit these connections inbound.
 
vinu
just joined
Topic Author
Posts: 14
Joined: Sun Mar 05, 2017 8:09 pm
Location: India

Re: Problem with IPPBX Behind Mikrotik

Wed Oct 14, 2020 1:38 pm

Tested 3 phones and 1 soft client PC all connects fine internally and only problem is i cannot connect a soft phone / IP phone from outside network
When you say you can't connect from outside the network, do you mean from elsewhere on the Internet? If so then we need to know how these remote phones are expected to register with your PBX, for example what settings do you configure? Then you need to make sure your firewall rules permit these connections inbound.
yes from outside public internet i cannot connect to my sip server behind mikrotik i don't know what it is being blocked .

does disabling firewall automatically accepts connections right? or should i create a inbound rule ?

i made necessary config on ipbx config side,my issue is i cannot make call to my sip extensions behind this mikrotik even the extension client(mobile sip app/pc app) is just registering inside my ipbx iam not receiving any calls but message sent is being delivered to extensions behind the mikrotik.

When i asked the ipbx support they checked and told i have to disable UDP & TCP flooding flag along with CPLD ,SIP FLAG AND NAT Policy FLAG (DONT know where that is )
 
aesmith
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Wed Mar 27, 2019 6:43 pm

Re: Problem with IPPBX Behind Mikrotik

Wed Oct 14, 2020 3:38 pm

Disabling the firewall doesn't sound a good idea. Without seeing your exact configuration or documentation for the phone system I suspect what you'll need is (1) Inbound NAT so that a designated public IP address routes to the internal IP address of your PBX. (2) Firewall rules to permit the ports and protocols required by your phone system.

For test purposes only you might consider permitting all traffic from just one test Internet address as source, and your PBX as destination.
 
vinu
just joined
Topic Author
Posts: 14
Joined: Sun Mar 05, 2017 8:09 pm
Location: India

Re: Problem with IPPBX Behind Mikrotik

Wed Oct 14, 2020 4:34 pm

Disabling the firewall doesn't sound a good idea. Without seeing your exact configuration or documentation for the phone system I suspect what you'll need is (1) Inbound NAT so that a designated public IP address routes to the internal IP address of your PBX. (2) Firewall rules to permit the ports and protocols required by your phone system.

For test purposes only you might consider permitting all traffic from just one test Internet address as source, and your PBX as destination.
Attached config please go through..
You do not have the required permissions to view the files attached to this post.
 
aesmith
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Wed Mar 27, 2019 6:43 pm

Re: Problem with IPPBX Behind Mikrotik

Thu Oct 15, 2020 10:24 am

To be honest I nothing springs out as blocking inbound registrations. In fact your firewall could be described as dangerously sparse. I wonder about all the static NATs though, whether these might be conflicting. I might be inclined to strip back all the NAT entries referring to your PBX except for the masquerade line.

However first let's talk about the phone system. You've said that internal phones register OK. What sort of PSTN connection do you have, and are you able to make inbound and outbound external calls? I suggest stripping down to the minimal NAT and firewall configuration to get this working in the first instance.

Assuming your PSTN connection is a SIP trunk, most ITSPs don't want a lot of NAT stuff at your end, they want your traffic to go though normal outbound NAT and their traffic comes into you as if it was replies to your connections. This applies to both SIP and RTP.

You haven't said what parameters you program into your remote phone to tell it to register with your PBX, or what protocols it uses.
 
vinu
just joined
Topic Author
Posts: 14
Joined: Sun Mar 05, 2017 8:09 pm
Location: India

Re: Problem with IPPBX Behind Mikrotik

Sat Oct 17, 2020 6:06 pm

To be honest I nothing springs out as blocking inbound registrations. In fact your firewall could be described as dangerously sparse. I wonder about all the static NATs though, whether these might be conflicting. I might be inclined to strip back all the NAT entries referring to your PBX except for the masquerade line.

However first let's talk about the phone system. You've said that internal phones register OK. What sort of PSTN connection do you have, and are you able to make inbound and outbound external calls? I suggest stripping down to the minimal NAT and firewall configuration to get this working in the first instance.

Assuming your PSTN connection is a SIP trunk, most ITSPs don't want a lot of NAT stuff at your end, they want your traffic to go though normal outbound NAT and their traffic comes into you as if it was replies to your connections. This applies to both SIP and RTP.

You haven't said what parameters you program into your remote phone to tell it to register with your PBX, or what protocols it uses.
Phones running in separate 172.XX.XX.XX/24 network and others are running in 192.168.0.0/24 network

my phone line is old copper SLT line its not a sip connection

i have a public ip and iam running the sip server inside the ipbx box, so that any ip phone can connect to my server as a extension.

my problem is from outside ip phone can register into my ipbx server inside successfully and from that extension ip phone i can send messages to the ip extension inside the ip extensions behind mikrotik..only issues is i cannot call from outside extensions to inside...

after digging deep into mikrotik the problem is mikrotik have SIP ALG enables by default and there it has issues and my ip phones are nat aware and mikrotik might be messing up again due to SIP ALG..

Again i ll check the IPBX config from top to bottom and if there is no issue i might be have to disable mikrotik SIP ALG and check it is working or not..

Will update once i get a solution :) the issue is with mikrotik not IPBX box up to my knowledge..

Thank u for ur time:)
 
aesmith
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Wed Mar 27, 2019 6:43 pm

Re: Problem with IPPBX Behind Mikrotik

Sat Oct 17, 2020 6:34 pm

Most IP telephony systems want SIP ALG disabled, so they can see the actual local addresses. Other methods normally deal with NAT traversal. When you say "can't call" does the callsetup fail, or connect with no audio?

Who is online

Users browsing this forum: tdw and 31 guests