Question about using older Cisco & etc. phones as remote phones


(Hawk McDuck) #1

FreePBX 15.0.17.12 / Current Asterisk Version 16.15.1 / all modules up to date

I have recently configured a couple of Sangoma S500 phones as remote phones and am quite happy with the result. I do realize that Sangoma-branded phones will be far and away the easiest phones to configure as remote phones with FreePBX, but now I am curious about the experience others in the FreePBX community have with using other brands of phones.

Over the years i have collected a bunch of ancient VoIP phones, specifically Cisco 7911s, 7912s, 7960s, 7961s, 7945s, 7975s, 8961s, SPA303s, and SPA525Gs; Aastra 6753i’s; Avaya 9620s and 9650s; and Nortel 1535s. I have managed, with varying degrees of difficulty, to get each of these ancient phones to register with FreePBX.

So I’m wondering if others would be willing to share knowledge, experience, recommendations, frustrations, rants, etc., about configuring older IP phones as remote phones with FreePBX.


#2

SPA and Astra should work fine as remote phones. Don’t know about Avaya and Nortel.

The 8961 might work and is worth a try.

With 79xx you are out of luck, unless you can put a SIP ALG at the remote end to clean up the SIP.

If you can set up a site-to-site or site-to-PBX VPN, you should be able to use any phones at the remote site, including the 79xx.


(Hawk McDuck) #3

@Stewart1 Thanks for your reply.

With regards to using the Cisco SPA525G, there is a pertinent link here:

https://community.cisco.com/t5/voice-systems/create-vpn-connection-between-a-spa525g-ip-phone-and-a-rv042/td-p/3247549

Essentially, the link above boils down to:

The SPA525G2 supports VPN to the UC500 series. The RV042 router supports only IPSEC and PPTP VPN connection.

The work around you may be able to try is to set the alternate TFTP server of the phone to the WAN address of the RV042 then port forward all your SIP and RTP ports to the Asterisk box. The problem will remain that dynamic IP address.

Alternatively, you may set up a site to site VPN between both locations then register the phone through the VPN tunnel.


#4

Please describe your requirements in more detail. I took your question to mean “will these old phones work behind a NAT?” Now, you seem to be asking for remote provisioning, connection via VPN, dynamic IP and possibly compatibility with specific routers.

Is this for phones at a branch office? For working from home? Something else? What special security requirements do you have?


(Hawk McDuck) #5

@Stewart1 Thanks for your reply.

I am a retired telecom support engineer who’s been fooling with FreePBX for a few years now. I am a hobbyist, intrigued by this technology, whose main goal is to learn, inexpensively. I don’t intend to turn my FreePBX server into a business. I have a reasonably well-equipped home computer lab. As mentioned above, I have scrounged a varied assembly of old IP phones. My next goal is to get some of these old phones (as many as I can, purely out of curiosity) to connect via VPN as remote phones so they can be located remotely, say as part of a community network. At this point, I have managed to get a couple of Sangoma S500s, and–thanks to your helpful suggestion a couple of days ago–a Cisco SPA 303, to register as remote phones.

Here is my setup. I have two public IPs, say 11.22.72.15 (lab network) and 11.22.23.21 (home network). The idea is to split the two networks so I can “play” unrestricted on the lab network while leaving the home network untouched. Thus my wife can watch Netflix or TV, work on her laptop, etc., without being disturbed (i.e., preserving marital peace…).

There is a pfSense firewall fronting the lab network, and behind the firewall is a bunch of equipment including Windows PCs, older Mac Pros, iMacs, a Raspberry Pi or two, switches, an access point for WiFi, and God-knows-what-else. FreePBX is running on a Virtualbox VM on a Mac Pro 5,1. The FreePBX deployment includes Sysadmin Pro, Endpoint Manager, EPM for UCP, Extension Routing, and Conferences Pro commercial modules.

This setup makes it quite easy to move a phone from the lab network to the home (i.e., “remote”) network, by simply moving the Ethernet cable from the lab switch to the home switch a couple of inches away, and rebooting the phone.

I have no special security requirements.

I hope this wasn’t TMI (too much information), but I wanted to answer your questions as clearly as I could. Again, thanks to all you folks at Sangoma and elsewhere in the FreePBX community who take the time and effort to read and reply to questions on FreePBX.


(Hawk McDuck) #6

With regard to the Cisco SPA 303 phone, it’s relatively easy to get this phone to work remotely.

First, as a sanity check, get the three extensions to work locally, i.e., connected to the same network as FreePBX, and make sure you can call an inside extension, say 2001, and an outside number, say 514-123-4567, from the Cisco SPA 303.

[Note: this paragraph is optional, and not required to get the Cisco SPA 303 phone to work remotely.] In the commercial Endpoint Manager module, under the “Cisco” Brand, create a template called, say, cisco_spa303_external. Under “Destination Address”, choose “External”, under “Provision Server Protocol” choose “HTTP”, and under “Provision Server Address” choose “External”. The “Destination Address” and “Provision Server Address” should now read, say, “www.fqdn.com”. In module “Extension Mapping”, edit the first extension of the phone and change the template to cisco_spa303_external, choose “Save, Rebuild Config(s) and Update Device” and Apply.

Assuming the IP address of the remote location is, say, 11.22.23.21, connect the ethernet cable of the Cisco SPA 303 to the private network, say 192.168.1.0/24. Determine the IP address of the phone, and log in as an administrator to the phone GUI Configuration Utility on a browser at http://phone_address_IP/admin/advanced, for example http://192.168.1.101/admin/advanced.

You have to make identical changes to each of the three Ext (extension) menus, Ext 1, Ext 2, and Ext 3, in the phone GUI Configuration Utility. In the “Proxy and Registration” section, in the “Outbound Proxy” field, add the IP address of the FreePBX server, for example 11.22.15.72. Just below that field, change the “Use Outbound Proxy” field to “yes”.

Reboot the phone and it should register and come up as a remote phone.


(Hawk McDuck) #7

The procedure to get the Cisco SPA 525G and the Cisco/Linksys SPA 922 working as remote phones with chan_sip extensions is identical to the procedure outlined above for the Cisco SPA 303, except that the 525G has five extensions, and the 922 has only one. In each extension, assuming the FreePBX server is at 192.168.1.100, the legacy chan_sip “Bind Port” is 5060, and the public address of the FreePBX server is www.fqdn.com, change the “Proxy” field to 192.168.1.100:5060, the “Outbound Proxy” field to www.fqdn.com:5060 and set the “Use Outbound Proxy” field to “yes”.

Similarly, the procedure to get the Cisco SPA 525G and the Cisco/Linksys SPA 922 working as remote phones with chan_pjsip extensions, assuming the chan_pjsip “Port to Listen On” field is 5061 and the public address of the FreePBX server is www.fqdn.com, change the “Outbound Proxy” field to www.fqdn.com:5061 and set the “Use Outbound Proxy” field to “yes”.


(Hawk McDuck) #8

The procedure to register a Yealink SIP T-22P with three lines as a remote phone follows:

Assume the fully qualified domain name of the FreePBX server is www.fqdn.com and the private IP of the FreePBX server is 192.168.1.100. In the FreePBX GUI Settings==>SIP Settings, assume the legacy chan_sip “Bind Port” field is 5060, and the chan_pjsip “Port to Listen On” field is 5061. Also assume extensions 111, 112, and 113 are chan_sip extensions, and extensions 211, 212, and 213 are chan_pjsip extensions.

To set up the T-22P as a remote phone with the chan_sip extensions, determine the private IP address of the T-22P on the remote network (assume it’s 192.168.0.101) and in a browser bring up the admin GUI at 192.168.0.101. In the Account Menu==>Register for each of the 3 accounts configure the fields as follows:

Line Active: Enabled
Label: Line 1 ext. 111
Display Name: Ext. 111 Joe
Register Name: 111
User Name: 111
Password: [extension 111 secret in FreePBX GUI]
Enable Outbound Proxy Server: Enabled
Outbound Proxy Server: www.fqdn.com Port: 5060
Transport: UDP
NAT: Disabled
STUN Server: [blank]
SIP Server 1
Server Host: www.fqdn.com Port 5060
Server Expires: [default]
Server Retry Counts: [default]
SIP Server 2
Server Host: 192.168.1.100 Port 5060
Server Expires: [default]
Server Retry Counts: [default]

In Account Menu==>Advanced, for each of the three accounts leave the defaults, including the fields:

Local SIP Port: 5060
RPort: Disabled

To set up the T-22P as a remote phone with the chan_pjsip extensions, for each of the 3 accounts you only need to change the extensions and the ports from 5060 to 5061 (except in the Account Menu==>Advanced). In detail, configure the fields as follows:

Line Active: Enable
Label: Line 1 ext. 211
Display Name: Ext. 211 Joe
Register Name: 211
User Name: 211
Password: [extension 211 secret in FreePBX GUI]
Enable Outbound Proxy Server: Enabled
Outbound Proxy Server: www.fqdn.com Port: 5061
Transport: UDP
NAT: Disabled
STUN Server: [blank]
SIP Server 1
Server Host: www.fqdn.com Port 5061
Server Expires: [default]
Server Retry Counts: [default]
SIP Server 2
Server Host: 192.168.1.100 Port 5061
Server Expires: [default]
Server Retry Counts: [default]

In Account Menu==>Advanced, for each of the three accounts leave the defaults, including the fields:

Local SIP Port: 5060
RPort: Disabled

After clicking on “Confirm”, all three extensions should show as registered.


(Hawk McDuck) #9

FreePBX 15.0.17.24 / Current Asterisk Version: 16.15.1 / all modules up to date

The procedure I used to register a Yealink SIP T-22P with three chan_pjsip extensions as a remote phone over VPN basically follows the FreePBX wiki titled How To Set up VPN on Yealink Phone:

https://wiki.freepbx.org/display/FDT/[How-to]+Set+up+VPN+on+Yealink+Phone

Assume the chan_pjsip port and extensions, etc., are as above. Create the vpn.cfg tar file as described in the wiki, and upload it in the Yealink SIP T-22P GUI under Network==>Advanced==>VPN and select “Confirm”. For each of the three accounts, enter the fields as follows:

Line Active: Enabled
Label: 211
Display Name: Joe
Register Name: 211
User Name: 211
Password: [extension 211 secret in FreePBX GUI]
Enable Outbound Proxy Server: Enabled
Outbound Proxy Server: www.fqdn.com Port: 5061
Transport: UDP
NAT: Disabled
STUN Server: [blank]
SIP Server 1
Server Host: 10.8.0.1 Port 5061
Server Expires: [default]
Server Retry Counts: [default]
SIP Server 2
Server Host: 192.168.1.100 Port 5061
Server Expires: [default]
Server Retry Counts: [default]

After clicking on “Confirm”, all three extensions should show as registered.

Account Status

Account1 211@10.8.0.1 : Registered
Account2 212@10.8.0.1 : Registered
Account3 213@10.8.0.1 : Registered