Blog History

January 3, 2019

IAX2 trunks, FreePBX/Asterisk server connections

To start out, up to this point our remote office has just 4 Sangoma phones with a native VPN connection to the main office PBX. However, with a possible future 3rd office, as well as a potential client's more complicated topology needing more robust solution that a bunch of small VPN connections eating up bandwidth, I decided to do some testing.

Enter IAX2 trunking, the newer version of Inter-Asterisk eXchange protocol. Used for VoIP just like SIP, but noticeably different. There is a large debate which protocol, SIP or IAX, is the better protocol. Here's what I gathered.

Main benefits:
  • One port for signaling and media, whereas SIP requires one port plus the RTP port range of 10k-20k for the actual media.
  • Simple PBX to PBX communication. I assume this can be done with SIP, but appears most use IAX2.
  • No NAT traversal, although I've never had any issues with SIP to be honest.
  • Apparently saves bandwidth since all traffic flows over one connection, rather than all the header bandwidth lost for multiple SIP/RTP connections.
  • IAX signaling packets are smaller than SIP
  • (More in this article)
Downsides:
  • Not as ubiquitous among carriers, lack of development compared to PJSIP.
  • Not as obvious to troubleshoot as SIP peering.
  • Allegedly cannot handle large amounts of calls (100+)
  • Every 10 minutes I would get a "TOO LAGGED" error, then it would immediately go away. Not sure what that was about, and I haven't bothered to troubleshoot. (see picture at end)
There are two ways to use IAX2 when connecting multiple PBXs:
  1. IAX2 from remote to main PBX, which has the external call access (i.e. SIP trunks)
  2. IAX2 between PBXs and both have either SIP, IAX2, or POTS for external calls
The second I messed with just out of curiosity. For my remote office I only had a VM running FreePBX that was not registered with SipStation, and I didn't intend for it to be registered since this was just testing. I was able to use the username and password from the register string to establish a SIP peer with my provider, but couldn't get calls to complete. I only spent a few minutes on this as I was just mainly curious. I'm sure if I spent some more time I could get it to work. Probably just needed to adjust my outbound routes. But if would be cool to have for too large offices that had there own WAN and SIP trunking for external calls, but then IAX2 trunked together for inter office calls.

The first one is the option I went with for such a small office setup. To start, here's the guide I used from FreePBX.org. 

Trunk config for the main office:

Trunk Name: System2
PEER details:
username=System1
secret=password
host=<remoteoffice ip address>
type=friend
context=from-internal
qualify=yes
qualifyfreqok=25000
transfer=no
trunk=yes
forceencryption=yes
encryption=yes
auth=md5
allow=alaw&ulaw

Outbound route dial patterns for main office SIP trunk:

()          | [ 1NXXNXXXXXX /]
(1)         | [ NXXNXXXXXX  /]
(1areacode) | [ NXXXXXX     /]

Outbound route dial patterns for main office IAX2 trunk to remote office:
(enables any two digit number starting with 5 [50-59 remote office extensions] to route out this trunk)

()          | [ 5X         /]

Trunk config for the remote office:

Trunk Name: System1
PEER details:
username=System2
secret=password
host=<mainoffice ip address>
type=friend
context=from-internal
qualify=yes
qualifyfreqok=25000
transfer=no
trunk=yes
forceencryption=yes
encryption=yes
auth=md5
allow=alaw&ulaw

Outbound route dial patterns for remote office IAX2 trunk to main office:

()          | [ 1NXXNXXXXXX /]
(1)         | [ NXXNXXXXXX  /]
(1areacode) | [ NXXXXXX     /]
()          | [ 1XX         /]

(last line above enables any three digit number starting with 1 [100-199 main office extensions] to route out this trunk)

Then make sure to forward UDP port 4569 and restrict it to the other PBX IP. From reading the forums, I heard quite a few say you don't need to open the port. But that makes no sense to me. Basic networking will tell you that in order to reach a service inside a firewall, the port has to be pointing to the server that is listening. Would be interested to hear more about this UDP packet that automagically opens holes in firewalls.

Anyways, that's it. Both offices could call each other, and both offices could ring my mobile.

(Left) Remote office phone VPN'd up to the main office PBXact
(Right) Remote office phone that is registered to the local FreePBX VM
that is then IAX2 trunked to the main office.

FYI, under "host" will be your public IP




Didn't have time to figure why this would happen every 10 minutes



Here's some links that helped me out:

No comments:

Post a Comment