Howto13r3:Step-by-Step Media Relay connection for third party phone

From innovaphone wiki
Jump to navigation Jump to search

If you have difficulty understanding the written language, we recommend to use for translation. If installed, you can also use the translation function of your browser by right-clicking.

This article defines the recommended configuration to connect third party phones also via network boundaries. The configuration ensures media connectivity and compatibility to WebRTC without relying on ICE and DTLS on the phone.



A common problem is that third-party SIP phones do not support ICE or DTLS protocols. As a result audio connections across NAT boundaries are often a challenge. To solve this problem, you can enable Media Relay, but the Media Relay endpoint address must be a public IP address so that the external SIP phone can send its audio to this address.

Furthermore, WebRTC endpoints require ICE and DTLS to establish an audio connection. Since not all SIP phones support these features, enabling Media Relay for these 3rd party phones solves this issue.


  • Send Audio traffic across NAT boundaries without using the ICE mechanism.


  • The firmware has to be at least 13r3
  • innovaphone PBX
  • 3rd party SIP phone
  • TURN Server
  • External endpoints must be connected via the innovaphone Reverse Proxy

Things to know before you begin

  • The public IP address of the network (External IP of the Firewall or NAT Router)
  • You must have access to the firewall or NAT router to be able to configure port forwardings
  • You could route the RTP directly to the PBX, without using a TURN server. This is not recommended as it would allow attacks on your PBX.


In this scenario, we are going to configure the above picture to allow an external third party SIP device to send its audio to an internal destination. This Wiki article does not explain how to register a SIP phone to an innovaphone PBX via a reverse proxy. If you need help to accomplish this, please read the instructions in our Advanced Training Part 2 materials.

Please register your SIP device to your PBX via the reverse proxy.

Configuration on the User Object

Please set the option Media Relay on the hardware ID of the user object on which your SIP device is registered. Do not set the Media Relay option globally in the PBX (PBX/Config/General)! This option is no longer required as you can enable Media Relay for each hardware ID individually.


Configuration of the PBX

Under PBX/Config/General of your Advanced UI you will find a configuration option called Media Relay Endpoints. Leave the Firewall public IP configuration empty, as this option is only necessary if you would route the traffic directly to the PBX. As mentioned above, this is not recommended. Instead, use a TURN server that you would use for your myApps client anyway.

To enable the use of a TURN server you must to activate the checkbox right next to the Media Relay Endpoints configuration. This option allows the PBX to send the TURN server IP address as the "connection address" in the SDP for all devices that are registered via the reverse proxy and use Media Relay. (see first step)


In order to send the correct (public) IP address, you need to configure the option TURN Public Address in your TURN server settings(IP4/NAT/General).


Configuration-check of the Reverse Proxy (RP)

Although this step-by-step article is focussing on relaying the voice correctly for external SIP-phones, there is one extra config-check which must be considered for a good and lasting RTP-stream.

In the Advanced UI of the Reverse Proxy (RP) you can/must configure the Public NAT router address under Services/Reverse-Proxy. Here you can configure the Public/External IP address of the Reverse Proxy if the Reverse Proxy is not acting/configured as NAT Router. This config-field is used to adjust/change the 'Record-Route'-Headers in the SIP-signalling towards the external SIP-device, so the external SIP-device can send back its SIP-answers.

RP-Public nat router address.png

RTP Range Configuration

If you want to restrict connections to a specific port range, you can create an RTP port range on your TURN server. Keep in mind that this range will be used for every call from any device that is using this TURN server. This applies to both internal and external devices, so you should not restrict the number of ports too much. The RTP port range is configured on IP4/General/Settings of your TURN server. Set the First UDP-RTP Port and then the Number of Ports.


Firewall Configuration

You need to create port forwardings on your firewall. A port forwarding for your RTP/UDP ports must be configured towards the TURN server. E.g If you configured a RTP port Range 16384 to 32767, a port forwarding for those exact ports have to be configured on your firewall.


Please call any extension number in your PBX. You should be able to hear and talk to the other party on the call.

Known issues

Calling a Voicemail has no audio, while calling a conference there is no audio after the PIN is dialed.

Known Limitations

Currently Video relay it's not supported with this setup, only Audio relay.

Related Articles