Buch1 > Functions, Uses, Concepts > VoIP > Configuring Remote Extensions
Configuring Remote Extensions
In order to operate a VoIP phone as a remote extension, it must either be connected to the network via a VPN tunnel or the phone and the PBX must establish the connection via a publicly accessible STUN server on the Internet and a DynDNS service as described in the following.
* Caution: Each port forwarding ares a security risk.
You should use as few forwarding configurations as possible.
* Important: As a protection measure against the access by third parties, regularly check the call data recording of your PBX and the LOGs of your NAT router for inconsistencies.
* Important: For security reasons, the connection of remote extensions by means of a VPN tunnel should be preferred.
* Important: Note that when using a remote extension, emergency calls can only be traced backed to the location of the PBX (localisation). Localisation is necessary if the caller is no longer able to give his name and address. Therefore, for emergency calls from a remote extension, a mobile phone or a phone connected to the local VoIP or public switched network is required.
* Note: In order to avoid that emergency calls are made from a remote extension, the prevention of emergency calls can be enabled under Subscriber (scr.) > Properties > Exchange line settings. When the subscriber tries to dial an emergency number, he will hear the announcement “This phone does not allow emergency calls. Please use an alternative.“
Requirements:
Portforwarding configured on router
Configure the PBX as follows if at least one remote extension is not coupled over a VPN tunnel:
* Caution: The generation of user passwords and step 4 to 6 are essential protection measures against the access by third parties
1.Configure a VoIP channel as an internal VoIP channel for each remote extension planned.
2.Create the internal numbers for the external private branch exchanges (a maximum of two VoIP subscribers is recommended).
3.If required, change the automatically generated PINs and passwords.
* Note: The user passwords are needed to authenticate the VoIP phones when they are registered with the PBX.
4.In dependence on the phone tariffs, restrict the exchange line authorisation for remote extensions (e.g. National). At times of the day when phone calls are usually not made, e.g. in the night or outside of business hours, it is possible to restrict the exchange line authorisation to a minimum (under Subscriber (scr.) > Properties > Exchange line settings).
5.Configure a call restrictor (e.g. for added value services or mobile radiocommunications networks – 0900, 0180, 01…) and assign it to the remote extensions (under Subscriber (scr.) > Properties > Exchange line settings).
6.Enable data encryption (see SIPS and SRTP).
7.Configure the STUN server for connecting external VoIP subscribers.
8.Configure the size of the jitter buffer for the remote extensions.
9.Configure the remote extensions. To do this, you need the following information:
The external IP address or URL of the PBX (as registrar and domain)
The internal number of the VoIP subscribers (as MSN or user name)
The user password of the VoIP
STUN server (the same as in Step 6)
Size of the jitter buffer (the same as in Step 7)
* Note: If the Internet connection on the PBX does not have a permanent IP address, an account with a provider for dynamic DNS is also required (e.g., dyndns.org). Enter the associated URL in the VoIP phone as registrar and domain (e.g., pbx.dyndns.org).
10.Check whether the VoIP subscriber was successfully registered on the PBX (page Monitoring > Status internal subscriber).
11.If necessary, enable DiffServ in order to increase VoIP call quality (Quality of Service (QoS)).