Reference13r3:Concept Third Party Phones

From innovaphone wiki
Revision as of 16:36, 27 October 2022 by Gd (talk | contribs)
Jump to navigation Jump to search

innovaphone phones use ICE and DTLS for direct media compatibility with WebRTC. This way media can be exchanged directly between the phones and a Browser, which offloads the PBX from media forwarding. Many third party phones do not support ICE or DTLS, for this reason a configuration which includes media relay in the PBX for these phones is recommended. The configuration for third party softphones consists of the following components:

  • Media Relay set for the device
  • Optionally a TURN Server within the private network
  • Port forwarding from the NAT-Router to the internal TURN Server or to the PBX

Phones within the same Network as the PBX

For phones within the same network as the PBX, it is sufficient to configure Media Relay at the device settings for the phones. This way normal media negotiation happens between the Phone and the PBX and the RTP data is exchanged between phone and PBX. The PBX forwards the RTP data to the other endpoint. This elimnates media negotiation compatibilty issues of theses phones with any other endpoint within the system.

On the other hand it create additional CPU load on the PBX for the forwarding. Esspecially decryption and encryption of the forwarded RTP data creates some load. This is needed, because WebRTC endpoints or innovaphone phones use DTLS for encryption, which is in this case terminated within the PBX.

Phones from outside the PBX network

For phones from outside the PBX network several issues have to be addressed: Registration to the PBX NAT traversal and security.

Registration

To forward the registration from the outside network to the PBX is done by the innovaphone reverse proxy. Just port forwarding from the firewall or the NAT router is not good enough, because the information that the registration is forwarded from outside is needed for the media mechanisms. SIP TCP or TLS has to be used for the registration, because UDP is not supported by the innovaphone reverse proxy.

To save public IP addresses, the reverse proxy can be placed within the PBX network. In this case port forwarding to the reverse proxy has to be configured on the firewall or NAT router. The port forwarding is needed for SIP(S), HTTP(S), H323(s) and LDAP(s).

On the PBX the reverse proxy or the reverse proxies must be configured, so that the PBX knows, that the registration is received from the outside and can adjust the media negotiation accordingly. If TLS authentication shall be used, the certificate names of the reverse proxies need to be configured as well. The reverse proxy checks that the certificate matches with the registration name and the PBX checks the certificate of the reverse proxy.

Retrieved from "https://wiki.innovaphone.com/index.php?title=Reference13r3:Concept_Third_Party_Phones&oldid=63950"