3CX SIP Proxy Tunnel & SIP Proxy Tunnel Manager

You can download the stand-alone SIP Proxy Tunnel (including the manager) here: Download 3CX SIP Proxy Tunnel & SIP Proxy Tunnel Manager

Features

Simply put, the SIP Proxy Tunnel can combine all SIP (signaling) and RTP (media) VoIP Packets from one location (typically a remote office) and deliver them to and from another location (typically the PBX Server) using a custom TCP protocol.

This simple concept allows us to exploit the SIP Proxy Tunnel to overcome difficult situations, or to simplify a network scenario.

The SIP Proxy Tunnel can be used for the following reasons:

• Resolve issues of NAT Traversal at both the remote and the PBX location
• Simplify Firewall configuration at both the remote and the PBX location
• Overcome difficulties with ISPs that block VoIP Traffic based on port numbers
• Allows VoIP-over-WiFi in some restricted locations, such as Hotel rooms
• “Fixes” Firewalls that cannot handle VoIP traffic correctly or which are very difficult or problematic to configure correctly, such as:
  • Microsoft ISA Server
  • SonicWall

Typical Scenario

The above diagram shows a typical scenario for implementing the SIP Proxy Tunnel in a remote location. To take advantage of this configuration, we need to configure all the SIP Phones in the remote LAN (192.168.0.x) to communicate with the PBX Server (10.0.0.181) using the SIP Proxy Tunnel on 192.168.0.2.

Pre-Requisites

• 3CX PhoneSystem installed in the Office LAN
  
• Port Forwarding to the 3CX PhoneSystem machine for incoming tunnel connections
  
  
  • Configure the NAT device in the Office LAN to forward all packets to TCP:5090 to the PBX Server machine.
    
• The Public IP Address of the internet connection in the Office LAN. This must be a Static IP Address.
  
• The Private IP Address of the 3CX PhoneSystem machine in the Office LAN. This must be a Static IP Address.
  
• The Private IP Address of the machine in the remote LAN where we will be installing the SIP Proxy Tunnel application.
  
• The Tunnel Password configured on the 3CX Phone System machine.

Assumptions

For the purpose of this setup we shall assume the following:

• Public IP address of the 3CX Server site: 213.165.190.51
• Internal IP address of the 3CX Server : 10.0.0.181
• IP address of your remote PC that will act as proxy: 192.168.0.2
• IP address of the hard phone that will use the proxy: 192.168.0.3
• Tunnel Password: abc

Configuring the 3CX Phone System on the main office

1. From the 3CX Phone System web interface access the “Settings > Network” node and click on the “Tunnel” tab.
   
2. Enter a password for the tunnel (default is “abc”).
   
3. Select the Internet-facing NIC IP Address from the dropdown list.
   
4. Enter the Tunnel listening port – you can leave the default port number ‘5090’ unless you have a need to change this – if this is changed, port forwarding rules on the Office router will need to updated.

Configuring the 3CX SIP Proxy Manager

At the remote site choose a PC that has internet access and install the 3CX SIP Proxy Manager. This is a simple application that will install the 3CX Tunnel Service and start it.

1. On the machine which will be running the tunnel to the 3CX PhoneSystem, install the SIP Proxy Manager.
   
2. Launch the SIP Proxy Manager.
   
   
   
   
3. In the “SIP Listener IP address” field choose the IP Address on the SIP Proxy Tunnel machine which has internet access (in this example: 192.168.0.2).
   
4. Leave the “SIP Listener Port” as default on 5080 – unless you have a need to change this.
   
5. In the “Server Public IP address” field enter the public IP Address of the Office LAN (in this example: 213.165.190.51).
   
6. Leave the “Server Tunnel Port” at the default value “5090”, unless you have changed your 3CX Phone System Tunnel Port while configuring the 3CX Phone System side.
   
7. In the “Server Tunnel Password” to the same password used while configuring the 3CX Phone System side (in this example: “abc”)
   
8. Click on the “Save Settings” button to commit your settings to the configuration file.
   
9. Select the “File > Tunnel Proxy > Stop Tunnel” menu option to stop the Tunnel Service.
   
10. Select the “File > Tunnel Proxy > Start Tunnel” menu option to start the Tunnel Service with the new settings.

Configuring a Grandstream GXP series SIP phone to connect via the Tunnel

1. Login to the web interface of the phone using a web browser. E.g. http://192.168.0.3
   
2. Click on the “Account 1” tab.
   
3. In the “SIP Server” field, enter the IP Address of the 3CX Phone Server (in this example: 10.0.0.181).
   
4. In the “Outbound Proxy” field, enter the Listening IP Address and Port of the SIP Proxy Tunnnel Machine in the following
   format:<ip_address>:<port> (in this example: 192.168.0.2:5080)
   
5. In the “SIP User ID”, “Authenticat.e ID”, “Authenticate Password”, and “Name” fields, enter the Extension Number, Authentication ID, Authentication Password, and the user’s First and Last Name configured for the with the required information relative to the extension number.
   
6. In the “Register Expiration” enter the re-registration interval – it the inter-site connection is subject to stability issues, it is recommended to reduce this value accordingly. A good reference starting point is 15 minutes.
   
   
   
   
7. Click on the “Apply” button at the bottom of the page to save the settings.
   
8. Click on the “Reboot” button to allow the phone to register with the new settings.