Howto14r2:Step-by-Step innovaphone Services over Reverse proxy with offline PBX installation

From innovaphone wiki
Jump to navigation Jump to search

If you have difficulty understanding the written language, we recommend to use https://deepl.com for translation.If installed, you can also use the translation function of your browser by right-clicking.

This article provides detailed step-by-step instructions for situations where your PBX is offline due to security measures, but you still need to access essential services like Push, Store, and Provisioning. By following these steps, you can ensure that your network remains secure while continuing to use these services without direct internet access to the PBX.

In this article, the various networking devices mentioned are all by us, innovaphone. However, it is not necessary to use only our devices. In fact, we advise against it if you have a large system with a high traffic load, as our devices are not designed to handle massive amounts of data. In small or lab environments, however, there should be no issues. Under General Configuration you can find a written general Configuration.

Applies To

  • PBX Versions 14r2 and greater

Problem Details

The situation is that the PBX cannot be directly connected to the Internet for security reasons. The problem that arises is that our services, which require an Internet connection, such as Push, Store, and Provisioning, cannot be used. This article will provide you with a comprehensive, step-by-step guide on how to configure your setup so you can still utilize these services while maintaining the security of your PBX system.

System Requirements

  • PBX
  • innovaphone Reverse Proxy
  • Admin Access to the PBX Systems
  • IP Addresses of the PBX Systems

General Configuration

To resolve the issue of your PBX being offline and unable to reach online services, one solution is to route the connection through a reverse proxy. The general steps to achieve this are as follows:

  • On a DNS server (preferably one that's already in use and distributed via DHCP to other devices), create entries for push. -, store. -, and config.innovaphone.com. These entries should point to your reverse proxy.
  • This ensures that any time these domains are requested, the traffic is routed through your reverse proxy.
  • On your reverse proxy, configure the appropriate entries (like below) so that the traffic can be routed to the Internet, resolving the connectivity issue.
  • Keep in mind that the Reverse Proxy has to use a different DNS-Server in order to route the Requests, otherwise you would build a loop and not go to the Internet

Applying to Push Services

PBX

Enter a local DNS entry in the PBX under "Services -> DNS -> Hosts-> under "New Resource Record" and select "A" from the drop-down menu.

  • "Name": push.innovaphone.com
  • "IP addresse:" Ip addresse of the Reverse Proxy

then press OK

ese_dns_push2.png/

Reverse Proxy

In the reverse-Proxy are two entry to make

  • 1. Under DNS Suffix on "new"
    • ID: 1
    • Suffix: .innovaphone.com

ese_03.png/

  • 2. Under Hosts on "new"
    • 1.Name: push.innovaphone.com
    • 2."http://<host> -> out:" @push#1
    • 3."http://<host> -> TLS:" 443

ese_rp_push.png/

Applying to Provisioning service

Since the Provisioning service is called through the Devices's, Your AP-Platform will need to be able to resolve "config.innovaphone.com". You'll also have to configure the DNS Server of your AP-Platform so that it uses your local PBX as a DNS Server. One way to apply it, that the DNS server is the PBX, is to make the entry in your DHCP server

ese_server_config.png/

The Ports 443 and 80 have to be configured in the RP's Host entry, depending on your network you may have to configure your Firewall.

PBX

1. Another local DNS entry in the PBX under "Services -> DNS -> Hosts-> under "New Resource Record" and select "A" from the drop-down menu.

  • "Name": config.innovaphone.com
  • "IP addresse:" Ip addresse of the Reverse Proxy

then press OK

ese_dns_provi2.png/

Reverse Proxy

In the reverse-Proxy are two entries to make, if a Suffix entry is already configured you can just use the same entry, and skip this part.

1. Under DNS Suffix on "new"

  • ID: 1
  • Suffix: .innovaphone.com

ese_03.png/

2. Another Reverse Proxy entry, for Provisioning.

ese_rp_provi.png/

Applying to Store service

PBX

The Problem with Store service is that "store.innovaphone.com" is called by the AP-Platform, so it doesn't natively use the local entries.

To fix this, check the "Enable DNS-Server" box, add the "store.innovaphone.com" PBX Local-DNS entry and hit "OK".

ese_dns_store2.png/

You'll also have to configure the IP entry of your AP-Platform so that it uses your local PBX as a DNS Server.

One way to apply it, that the DNS server is the PBX, is to make the entry in your DHCP server

ese_server_config.png/

Reverse Proxy

In the reverse-Proxy there are two entries to make, if a Suffix entry is already configured you can just use the same entry, and skip another Suffix entry.

1. Under DNS Suffix on "new"

  • ID: 1
  • Suffix: .innovaphone.com

ese_03.png/

2. Another RP entry pointing to store.innovaphone.com

ese_store_rp.png/

Troubleshooting

Services don't connect

  • Ensure that the IP address of the RP is also reachable locally in the local PBX. You can check this under "Maintenance -> Diagnostics -> Ping -> Ping." If the entered IP address is not reachable, the Services will not work.
  • Ensure that the Host entry is correctly recorded.
    • Check if the first "." is specified in the suffix
    • And ensure that there are no dots in @push#1

Trouble with Provisioning

One issue that may occur is if a code is generated, but the provisioning does not work after entering it on the phone. This could be due to the port configurations, the Devices gets the codes from config.innovaphone.com over :443, and the Phones send them back over :80, so be sure that in the RP's Host entry of "config.innovaphone.com" the ports are not missing and configured correctly.

Also, make sure the Phones are able to resolve "config.innovaphone.com" to a Reverse Proxy that can route out to the internet.

Verification

Push

To test if push is working, log into a user account via mobile phone and completely close MyApps. To completely close MyApps, open the burger menu on your home screen and hit "Exit." Now, call the logged-in user and see if the call gets pushed through. If so, the push now works over your reverse proxy.

Store

To test the Store service, open your AP Manager and go to the App Store button on the upper-corner of the right-hand side, Check if you are able to open the app store and try downloading and running any new APP

Provisioning

To check Provisioning Try adding a hard-phone to your PBX

Retrieved from "https://wiki.innovaphone.com/index.php?title=Howto14r2:Step-by-Step_innovaphone_Services_over_Reverse_proxy_with_offline_PBX_installation&oldid=78012"