Trixbox and secondary IP attached to main NIC

friday1970 · November 26, 2016, 7:39pm

So, my fellow network admin and I have painted ourselves into a little corner. Years ago, we’ve set up a trixbox (v2.8.0.4), and for the most part, it still runs great. The phones are all Polycom and Snom, and everything is perfect

But…

This network we manage for a client has grown. Business has picked up, so more phones and PCs have been added. Now, we’re running out of IPs on this class C network. The phones and PCs are all on the same subnet, and now we’re probably down to about 5 free addresses left. IP conflicts are starting to be a problem when the users there take it upon themselves to add equipment.
So, I’ve have drawn up in my head to create another subnet, a 10.10.10.x/24 network, and make this the phone only network. So far, all I’ve done is added a subinterface to trixbox, a eth0:1 entry. It’s pingable from any 10.10.10.x device. I’ve also started to create a 10.10.10.0 DHCP scope with mac reservations using the macs from the phones and will activate it once I think I have things figured out.

But I do have a few questions:
First:
How do the phones communicate with the server and then to the outside world? Do the phones relay voice through the server directly, and then the server sends sip packets through our SIP trunk? Or do the phones receive a token from the server and then the phones send packets through the SIP trunk itself with the server monitoring it all? The trixbox server will still retain it’s original IP address on the 10.18.157.x along with the new 10.10.10.1 secondary IP, as the provider’s sip trunk LAN port is 10.18.157.x… Also, is there any routing I would need to enable on the trixbox, and/or routing entries?

Second. I read elsewhere that for trixbox, I would add entries into the sip_general_custom.conf file, a bindport = 5060 entry and a bindaddr = 0.0.0.0 entry. But, would I need to comment out the #sip_general_custom.conf entry in sip.conf and then reboot? Also, sip.conf doesn’t have much in it, with no bindport or bindaddr entries. However, sip.conf.0 does contain bindport and bindaddr entres, showing both 5060 and 0.0.0.0. Does Trixbox currently use the sip.conf.0 as a running file, and would this mean it is already listening to any available IPs?

Sorry for so many questions for a first time poster. But, we want to have the legwork done and functioning before we commit to an after hours, probably all nighter of work, changing TFTP entries on every phone, checking, testing, etc.

bksales · November 26, 2016, 7:48pm

is this trixbox ce or trixbox pro?

friday1970 · November 26, 2016, 7:51pm

CE, the community edition.

dicko · November 26, 2016, 10:13pm

Your system is an abandoned project four years ago, so no direct support here, consider rebuilding on a more secure and modern system.

Asterisk is a Back2Back user agent , so all media generally goes through the server.

If your phones support vlan’s I suggest you add a vlan interface to your PBX box and use that for your phones and dhcp/lldp/provisioning by tftp or whatever , QOS and other advantages added.

cynjut · November 28, 2016, 3:11pm

In Asterisk, there are no phones. The devices on the desktop are terminals. Terminal with handsets, but terminals nonetheless.

Depending on your network architecture, using two different IP networks might be your only option. Remember that all of your devices (including the poor old Trixbox server) support variable length subnet masking, so adding another three blocks to your class “C” network (assuming a firewalled non-routable network) might also work.

VLAN might be an option, but if you are running out of IPs in your subnet, you are definitely going to have to do something. Note that VLANs will help your performance in the long run by reducing your collision domains and broadcast domain size.

Another bit of trivia - you can implement this scheme one phone at a time if you’d like. There’s no reason why your switch shouldn’t support a dozen different networks at the same time.

Yes - just be sure you have all of the right routing information. The default route for your traffic to the provider will still need to be on the 10.18.157.x network.

Since you are using non-routables to get to the provider, I’d recommend switching to 192.168.157.x for your phones. It’s a Class “C” non-routable and would be less likely to be confused with the original 10.x.x.x (which is, classically, a Class “A” non-routable).

You are already good to go then. The 0.0.0.0 isn’t a placeholder, it means “every address available”. Remember, you can test this “live” if you already have the subinterface defined and all of the routing rules set up. Throw a phone on the “new” network and try to connect. That will also let you know about any strange RTP errors that might pop up.

lgaetz · November 28, 2016, 3:23pm

Advice of a general nature, your system is completely unsupportable. Even those of us who actually used FreePBX 2.8, can barely recall system config details from that era, and the nature of your questions hint that you are not up to the task either**. You really need to put a plan in place to migrate to something current.

**edit, I expect this sounds a bit smug, but I am periodically put in a position where I have to try to restore an 8+ year old system that has zero maintenance or upgrades. It is not fun.

cynjut · November 28, 2016, 8:10pm

Lorne does bring up a very important point. There have probably been more than a thousand upgrades to the system (to include updates that make it so your system isn’t completely open to hackers). At the age of your system, it would be better to design a replacement - copy your extensions and trunk information (and any queues, etc. that you might have) and start looking into an upgrade to something a little less “so easy to hack script kiddies are doing it” broken.

friday1970 · November 28, 2016, 8:51pm

Thanks for all the answers, especially cynjut. Judging by your answer, I should be good to go. I might have to VLAN most of our switches, but that should be easy. I’ll test a few phones, and then if successful, convert the rest. The proposed subnet, a 10.10.10.x will still use a 24bit subnet mask.

Trust me, I’d love to upgrade this client’s system to Freepbx. Won’t happen. This is a temporary solution right now. So many people above me want to go to an NEC system for this client and for other clients in the future. I could go on, but I’ll stop short and say it’s not my choice. (as you can tell, not happy about this situation as I look to Freepbx systems as a way to save clients money, and a direct way to generate support revenue. Others apparently don’t want to).

cynjut · November 28, 2016, 10:10pm

I think Andrew @tm1000 might have some support information for you to take to your management on the financial advantage of spending little to nothing on software and then charging them as if you did…