How do I setup FreePBX to connect outside my network?

First, long story short, I want to have VoIP phones as a side project between me and 3 friends. A free at home setup where we can call each other using extensions but not necessarily a full fledged phone number. I can’t seem to figure out how to accomplish this.

Ok, longer story.

I have a bunch of VoIP phones. Not for company use. Just for fun. I’ve never setup a VoIP service but I thought it would be neat to setup one on a home server and connect my phones. Kinda like an in home intercom where I can have a phone in each room and call the room.

Google recommended FreePBX. I setup a server and added 4 extensions. It works. I haven’t figured out fancy features but I can call the phones using their extension.

That’s great and accomplishes half of what I want. But I also want to give my friends a phone and have it be able to call my phone using its extension.

So I tried. I have a phone and I have it at my friend’s house but it won’t register with my network. I setup port forwarding so that ports 10,000 to 20,000 all forward to my server. I allowed the traffic through my firewall. I set the phone to use my home IP. And… nothing. It doesn’t register. Shows status 408.

I port forwarded all traffic on the above ports for my friends house to the phones IP. Still nothing.

I thought maybe the whole trunk thing was what I needed so I signed up for a free trial but that just confuses me to no end. Something tells me it’s only for outbound full fledged numbers and not extensions.

So I guess my question is, can I have a phone outside my network register as an extension on my network so we can call each other for free? And if so, how do I set it up? Do I need each house to have their own server running?

Imagine a business with multiple offices and the business wants everyone to be able to call each other via extension since they all are under the same company.l, just different locations. So Linda in office A can dial 1201 to speak to Larry in office B. How would that company setup FreePBX to allow that?

You need to forward port 5060, as well. You will, probably also have enable the NAT workarounds for symmetric rtp, force rport, and rewrite contact, as the friends are behind NAT, but their phones probably don’t know how to compensate for that.

Alternatively, use a VPN.

And how do I do any of that?

I’ll try also port forwarding 5060 to see if that works.

If I want my friends to also be able to have multiple phones how would I accomplish that? Obviously I can’t port forward ports to multiple phones in that case so I assume they’d need their own server with free pbx but how would their server know extension 100 is for my network and not theirs?

Once you start dealing with communication between different islands behind NAT, you really need quite a deep understanding of IP networking.

I don’t understand this. I think it is not that uncommon to have multiple phones in the same NAT island, although a VPN is likely to be a cleaner solution.

Provided the routers at the remote sites remember dynamic port mappings for a reasonable length of time, you only need static mappings at the PABX site. You may need to ensure that there are frequent qualify tests, or re-registrations, to reset the timers on the dynamic forwarding rules.

Actually, I think it is quite common to have the PABX in the cloud, in which case, if not using VPNs, up to the whole of an organisation’s extensions may be in the same NAT island.

To be a bit more specific in regards to @david55’s post: You should not need to port forward to phones. Only Asterisk needs to have ports forwarded, so it is able to receive traffic.

I am not a network guy. My friends and I use regular home routers and we are not network pros.

I don’t understand how to port forward to multiple devices with the same port numbers. Aka, how would the router know to port forward 5060 to multiple phones? I can’t add multiple IP addresses to the same forwarding rule.

Remember, this is me, a non network pro, simply wanting to setup a fun way to communicate with my friends while also learning how VoIP phones work. So I don’t know anything about in depth networking.

Does free pbx require I be a network pro to use? Am I just not going to be able to do this?

If I don’t port forward at my friend’s house, cause my network works fine, how would their phone be able to communicate? I was thinking maybe use the ipv6 address but not sure if that would work. Again, not a networking pro.

I just need a tutorial or walkthrough or something for how to connect a phone from a different network, like a state away, to my server so we can use extensions. If that’s not possible for a home user and requires commercial equipment I’m out of luck.

If you are talking about the routers at your friends’, chances are the phones aren’t using 5060, but rather a random, high, port number. However, if they are, their NAT router will construct a dynamic rule to map it to a free port number on the public address, and should remember that rule for some time.

There are tactics that might allow the phone to discover that mapping, and include the correct, external, address in the SIP protocol and the SDP.

Even if this doesn’t happen, Asterisk can be configured (I gave the option names, for chan_pjsip) to ignore the addresses sent in the request, and use the address that the request came from instead of what was in the Via and Contact headers. This does require that the phone sends some media, before it can receive any.

These tactics are those that a low end provider would also use (high end providers would expect a PABX, but low end ones expect individual phones, but possibly more than one per customer site).

Any server run from behind NAT requires significant network expertise. NAT is a hack, and in your environment it is intended for users who are basically consumers, not ones providing a service. Operating a PABX is providing a service. The normal assumption, for consumer type users is that they will use an ITSP, typically directly using IP phones.

You are going to have similar problems with any IP telephony implementation. In fact, I believe some Cisco devices have even more problems with NAT, as they expect to be run on the business’ private network. Asterisk can cope, but you need to understand your networking environment.

If you want to avoid such problems, you need to fully on the internet - no NAT and all addresses public, but, as a domestic user, you will find it difficult, or impossible to find such a service.

IPV6 may also avoid this, as it has enough addresses to avoid the need for NAT, but I’m not sure that that is widely supported in consumer equipment and services.

I understand… I think…

I know what NAT is and yes, because I’m a home user I have one and so do my friends.

I understand NAT changes the source port and IP number on public network requests so it can route to internal devices, like my phone.

Being a newbie, that is the extent of my knowledge on the subject.

If I understand you though, I can tell my server to use the source connection to communicate instead of what my phone tells it, so that I could hookup multiple phones and not require any port forwarding on my friends end. If I understand correctly, my friends router sends my server a request saying it’s from 123.123.123.122:1020, for example, and my server says ok, instead of using port 5060 I’ll just communicate with the device using 1020. Then because my friends router knows 1020 is the phone it can direct the traffic to it without me creating a port forward rule.

But I’d need what was mentioned here : “You will, probably also have enable the NAT workarounds for symmetric rtp, force rport, and rewrite contact”.

Am I understanding correctly?

The options are listed on https://sangomakb.atlassian.net/wiki/spaces/PG/pages/22020636/Extensions+Module+-+PJSIP+Extension#RTP-Symmetric
and
https://sangomakb.atlassian.net/wiki/spaces/PG/pages/22020636/Extensions+Module+-+PJSIP+Extension#Rewrite-Contact

I think force rport may be locked at true, in FreePBX, but it might be controllable in later versions, and is settable for Asterisk.

So I checked my server settings and all the options you listed are already set to yes under the extension advanced options. It doesn’t work.

I forwarded the 5060 port on my home server and now the phone can register from my friends house without port forwarding at my friends place. But the phone can’t hear anything. For example, if I dial voicemail it says it dials but there’s no sound. Like it connects but can’t communicate

In Asterisk SIP Settings, check that External Address and Local Networks are correctly set. If you change these, after Submit and Apply Config you must restart Asterisk.

If that’s not your issue, at the Asterisk command prompt type
pjsip set logger on
make a failing call from a remote extension, paste the Asterisk log for the call at pastebin.com and post the link here.

Omg! Thank you! That was it. The local network was wrong in the settings. Don’t know how but it was.

I corrected it, restarted the server, and now the phone works. And I added a 2nd at my friends house and they can call between each other.

So to get phones to call between networks you have to go to the extension → advanced and scroll down to the :
RTP Symmetric
Rewrite Contact
Force rport

Make sure they are yes.

Port forward 5060 and 10,000 to 20,000 on the router that has the server

and setup the phones to point to the public ip of the server.

In the phones, just set the username, the password, the extension number and then the public ip for the register, proxy and outbound.

Then enjoy.

What’s your public IP address?

Hopefully you are able to restrict the SIP-port 5060 and media-ports 10000-20000 to the ip or CIDR-range of your friends router’s public ip. Otherwise you will have sooner or later 1000nds of hackers on port 5060 which are trying to find are functioning extension and password. All of them are just waiting for any unrestricted open sip port making calls on your cost.
If your home-router is able to forward external port 5060 to your freepbx port 5060, change it. E.g. let external port 60501 forward to freepbx port 5060, and reconfig to phones at your friends home to use 60501. Next step would be to use TLS instead of SIP (which need a cert on your freepbx) and srtp instead of rtp for media stream.

Can anyone explain this fixation on udp/5060 being a continued problem? of course it is , so amid assorted metaphors, why are you still banging your heads against that horse ?