Reference11r1:Concept Using PBX services from public internet: Difference between revisions
Jump to navigation
Jump to search
Line 6: | Line 6: | ||
==Overview== | ==Overview== | ||
This article illustrates the requirements for using the following services of the innovaphone PBX from the public internet: | This article illustrates the requirements for using the following services of the innovaphone PBX from the public internet without VPN: | ||
* Phone registration and telephony | * Phone registration and telephony | ||
* myPBX web application including WebRTC softwarephone | * myPBX web application including WebRTC softwarephone |
Revision as of 15:58, 13 November 2014
Applies To
This information applies to
- all innovaphone devices from V11
Overview
This article illustrates the requirements for using the following services of the innovaphone PBX from the public internet without VPN:
- Phone registration and telephony
- myPBX web application including WebRTC softwarephone
- myPBX call list from the innovaphone Reporting (optional)
In the following the term phone means hardware phone, softwarephone or myPBX for Android.
NAT port forwardings
In order to make the PBX services available from public internet, the following port forwardings are needed on the NAT router.
- TCP/1300 on the PBX
- This port is used by phones to register using H323/TLS. The public port must be TCP/1300 as well.
- TCP/443 on the PBX
- This port is used by the myPBX web application and the WebRTC softwarephone to communicate with the PBX.
- TCP/443 on the innovaphone Reporting (optional)
- This port is uesd by the myPBX web application to get the call list from the innovaphone Reporting.
Please mind that forwarding the HTTPS ports of the PBX and the innovaphone Reporting also exposes the adminstration interface.
STUN
VoIP endpoints (e.g. phones and interfaces) need a STUN server in order to do NAT traversal using ICE. Therefore make sure that a STUN server is configured on all phones and gateways.
- If your installation uses an innovaphone box as the only NAT router, you can use the box as the STUN server. Enable STUN and configure the public address or the DNS name of the box as the STUN server on all devices.
- Otherwise configure a STUN server that is located in the public internet on all devices.
Certificates
Please make sure the following conditions are given:
- The phones trust the certificate of the PBX
- The phone certificates contain the device ID that is used for registration
- The PBX trusts the CA of the certificates of the phones
- The web browsers trust the certificate of the PBX
- The web browsers trust the certificate of the innovaphone Reporting (optional)