Phones do not have to be on the same LAN as the a Switchvox server. They can sit on the desk at an employee's home or remote warehouse, connected via WAN internet connection. This makes VOIP phones far more flexible than traditonal phones in that they can be be placed *anywhere* in the world there is internet.
Even if the phone is configured and managed by the Switchvox, each phone requires some manual configuration changes in order to make this work.
Switchvox has a help article about this topic at: Help > The Admin Tool Suite > System Setup > Phone Setup > Making Phones Visible to Switchvox, but it does not contain all information required to make this work.
This article assumes that both the Switchvox and the remote phone are on local networks using NAT, and you want your VOIP traffic to traverse the public internet. These are NOT the instructions you need if you are using a VPN to connect the networks. An advantage of not sending VOIP over a VPN is that encryption overhead may add latency and affect quality, so you might want to avoid using VOIP over VPN.
Required Firewall Ports for Remote Phones
The following ports must be open in order for remote phones to communicate to the Switchvox. These need to be allowed on both the firewall used by the remote phone AND the firewall used by the Switchvox. These are in addition to any required for SIP or IAX trunking to a VOIP service provider (on the Switchvox side).
Protocol | TCP/UDP | Port(s) | Description |
---|---|---|---|
IAX | UDP | 4569 |
Signaling port needed for phones outside of your network. |
SIP | UDP | 5060 |
Signaling port needed for phones outside of your network. |
SIP_RTP | UDP | 10000-20000 | RTP audio ports needed for phones outside of your network. |
TCP | 80 | HTTP port for remote web voicemail access | |
TCP | 443 | HTTPS port for remote web admin access | |
TCP | 5222 & 843 | Ports for using the Switchboard remotely | |
TCP | 5269 | Port for remote XMPP (Jabber/chat) access |
Configuring the Switchvox For Remote Phones
Phones can be configured manually, but it is much easier to use the Switchvox Phone Setup utility. There are several settings on the Switchvox which affect remote phones.
Setting the Phone Line Server Address
VOIP phones have the ability to have each line associated with a server. This allows the phone to know the host to connect to in order to place a call. This can be set manually in the phone's web interface, but it is more convenient if the Switchvox managed this.
In Switchvox SMB 4.5, this can be set on the Switchvox from the Network Settings page.
- From the menubar, select "Machine Admin", then "Network Settings"lt;/li>
- Find the radio button labelled "Allow Nat Port Forwarding" and select Yes.
- In the field "External IP Address / Hostname", enter the WAN IP address or full qualified domain name of your Switchvox as it appears to the public internet, followed by "/pc". For example: "pbx.example.com/pc".
WARNING: This could cause problems with VOIP providers. For some reason it seems to cause problems with registration to some providers. Be sure to test inbound and outbound VOIP calls, if you use them. If it's broke, consider manually configuring the phone.
What This Does
At next reboot of the phone, the Switchvox will set the server address on the phone to:
- Line 1: the value you entered in the field "External IP Address / Hostname" on the Switchvox
- Line 2: the NAT IP address of the Switchvox
You can see this on the phone, if you want.
Login to the phone's web interface (see note)
Setting the Time Server of the Phones
In Switchvox SMB 4.5, the time server for remote phones can be set on the Switchvox from the Phone Configuration page.
- From the menubar, select "System Setup" then "Phone Setup"
- Click on "Show Advanced Options"
- Find "NTP Options" and in the field "Custom NTP Server", enter "pool.ntp.org"
- Click on the "Saved Advanced Options" button
The next time a phone is rebooted, it will set its time from the entered time server.
Configuring A Polycom Phone Talk To The Switchvox
If you want to perform the initial configuration of a phone offsite, be aware of the following requirements:
- You must have a VPN established between the remote location and the location where the Switchvox resides.
- You must enter the Switchvox's LAN IP address in Polycom phone settings as noted below, ie 192.168.1.100 . (You can change it back to a FQDN, ie. pbx.mydomain.com after the phone is fully setup.)
There are two ways to get to the settings edit screens on a Polycom phone.
1) When the phone is first powered up, press the "Setup" soft key (do NOT wait until phone completely boots up!). This is fastest, as Polycom phones take several minutes to go through the bootup process. It is also safest, as in some situations the phone may have some default configuration file setup already from the factory which will cause any settings you enter to be lost on reboot.
2) Press Menu on your Polycom phone. Navigate to Settings --> Advanced. You will be prompted for a password. The default is "456", but this may have been changed by your administrator.
Then, from Admin Settings, navigate to Network Configuration --> Server Menu.
For most phones this means:
- 3. Settings
- 2. Advanced
- "456" {password} Hit the "Enter" soft key at the bottom
- 1. Admin Settings
- 1. Network Configuration
- Scroll down until you see:
- Server Menu...
- Choose the "Select" soft key
In the Server Menu, select "edit", then:
- Server Type: HTTP (use arrow keys on the side of the phone to choose)
- Server Address: [enter the NAT IP address of the switchvox] followed by "/pc". This must be a private internet address of the Switchvox and must be accessible over the VPN.
- For example, enter: 192.168.1.100/pc
- Use the "*" key for "."
- Use the "#" key for special characters, such as "/"
- WARNING: the phone configuration tool does not like a FQDN for initial setup (most likely a bug). You MUST specify the static, NAT IP address of the server and have the two networks connected via a VPN for initial configuration to work. If a VPN is not possible, considering doing initial setup on the same LAN as the Switchvox. AFTER the phone is setup, you can take down the VPN (if desired) and enter the FQDN, ie. pbx.example.com/pc and it works as expected.
- Select "Exit" and "Save Configuration and Reboot". The reboot process may take up to 30 minutes on older phones, if a firmware upgrade is required.
Note: Choose the 1/A/a soft key to change to (a/Ascii) mode or the "#" key on the 330 to change to URL mode. Also on the 330, once you make the change, press the left arrow twice and then choose "save and reboot."
If your phone does not download the new applications and firmware update, in the DHCP menu set Boot Server to Static, then reboot.
After you have made this change on the phone, you can configure and manage the phone via the Switchvox Phone Setup page.
Preparing the Phone To Be Used Remotely
Now that you have your phone working over the VPN, you need to change some phone settings so that you can use it without the VPN, from anywhere.
Follow the directions above to use the phone keypad to get to the "Server Address" menu.
- Server Address: [enter the FQDN of the switchvox] followed by "/pc". This must be a public internet address and required ports (see above) must be open on the firewall
- For example, enter: pbx.example.com/pc
Use a web browser to log into the phone's web interface. To login to the web interface of a Polycom phone, go to its LAN IP address in a web browser (this is displayed on the phone's screen while the phone boots). At the password challenge, for the user enter "Polycom". For the password, the default is "456", but this may have been changed by your administrator. Then click on the LINES tab. Under Line 1: Server 1: Change the NAT IP address you used (ie. 192.168.1.100) to the FQDN of the switchvox.
- Line 1: Server 1: Address: [enter the FQDN of the switchvox]. This must be a public internet address and required ports (see above) must be open on the firewall
- For example, enter: pbx.example.com
Additional Help
If you are still having problems, after the phone has completely rebooted, log into the phone via it's web interface. To login to the web interface of a Polycom phone, go to its LAN IP address in a web browser (this is displayed on the phone's screen while the phone boots). At the password challenge, for the user enter "Polycom". For the password, the default is "456", but this may have been changed by your administrator. Then click on the LINES tab. Under Lines 1:
- Display Name: (extension number), ie. 101
- Address: (extension number), ie. 101
- Authentication User ID: (extension number), ie. 101
- Authentication Password: (the password copied from Phone Setup for the Configured Phone, "Password"
- Label: (extension number), ie. 101
If the phone still won't dial out, check that:
- Extensions: Manage Extensions: Advanced Options, Phone Password matches the password in Phone Setup. This commonly happens if you are giving an existing extension a different phone (you would think Phone Setup would be smart enough to do this itself when configuring a phone for an existing extension).
- Machine Admin : Access Control, that the remote IP address is not being automatically blocked due to too many bad connection attempts.