Hi Krystyna,
I just did something similar for a client with several remote offices. I changed the SIP Port for security reasons so that it is not the default of 5060.
The post below should be of use to you.
What phone models does your company use?
Keep in mind that this is a very disruptive change of settings, it will need to be done after hours because it will disrupt service for all users until all configurations are done and heres what it will involve:
- Changing the configuration of every single phone, manually (hopefully you can do this remotely, i was able to because our Cisco phones download their XML config files from the HQ TFTP server. I updated all files, then the phones downloaded them at their next scheduled resync time) It looks like this will be your biggest obstacle, updating every phone config file. Everything else is fairly straight forward
- If you have SIP trunks, you will need to call your provider and let them know to send SIP requests to the new port
- Port forwarding from Router to FreePBX (this is detailed in the post below)
- Changing FreePBX SIP settings (GUI only)
Another thing to keep in mind is that ANYTHING that connects to your pbx using SIP needs to be reconfigured with new port. The first thing you think of is your phones and your SIP trunks, but do you have other SIP devices like a VoiceGateway/ATA device with Fxs or fxo ports? Its config will need to be updated as well to connect to the freepbx on the new port
Spida,Thanks for the reply, that looks pretty solid. What is working for me right now is
Changed the SIP BindPort to a random port for example 40500Changed the SIP BindAddress to my local FreePBX server address, 10.1.1.5Updated all phone configs to register with proxy like so, 10.1.1.5:40500Port Forwarded 40500, TCP and UDP, to 10.1.1.5
I also set up SIP TCP on the port to save battery on remote softphone cellphone clients
Added tcpenable=yes to Asterisk SIP settingsAdded tcpbindaddress=10.1.1.5:40500amportal restartUpdated the remote extension settings in FreePBX to accept TCP only, and qualify:noUpdated softphone clients to register to for example sip.myHQpbx.com:40500 TCP
To make things a little more interesting, I also have a remote office
setup with another FreePBX server and its own SIP ITSP, lets call it
RemoteOffice1 and HQ.
RemoteOffice1 has a phone that registers line 1 to its own FreePBX, but then also registers line 2 to HQ’s FreePBX
(proxy: sip.myHQpbx.com:40500 UDP)
Then HQ phone has line 1 registered to its own pbx, and line 2 registered to sip.myRemoteOffice1pbx.com:40600
To make this work, I had to port forward RTP and SIP on both routers suchas
HQ Router forwards:
40500 TCP/UDP → 10.1.1.5
10000 - 20000 UDP → 10.1.1.5
RemoteOffice1 forwards
40600 TCP/UDP → 192.168.5.5
10000 - 20000 UDP → 192.168.5.5
Without the RTP forwards at both routers, I would get no way audio
when calling from one office that is registered to the other office.
I am happy with the security of this configuration so far, it was a
pain to figure out some of it, but everything is working great now.
I also should mention that I received a TON of support from other forum members, especially @dicko,
everyone here is super helpful and responsive. To make up for all the
time I drain from other members with my questions, I try to give back by
replying to posts that I can help others with.