This file describes Switchvox version 6.6. If you are using an earlier version, use SERVER-NETWORKING-6-0
Networking
Networking includes tools to manage the following:
IP Configuration
This tool lets you set the IP configuration for Switchvox. These settings are similar to settings you would set on any other computer on your network.
NOTE: Saving these changes requires a restart; all active calls will be dropped. We do not recommend making these changes during business hours.
Enter the following information to set the IP Configuration, then click Save IP Configuration.
Gateway Address. The IP address of the machine to which Switchvox sends outbound traffic. It is typically the address of your router.
DNS Addresses. Up to three DNS addresses. Switchvox uses these addresses to translate any host/domain names into IP addresses.
Allow NAT Port Forwarding. Select YES to allow NAT Port Forwarding to Switchvox. This option is useful if you need to handle calls going to and coming from an external network, and Switchvox is behind a router that performs NAT.
On your router, you must forward the ports in the table below to your Switchvox server. Also, in Machine Admin > Access Control, you must have a rule that allows the appropriate traffic for an external network. See Access Control for more information.
Ports to forward to your Switchvox Server
Protocol | TCP/UDP | Ports | Description |
|---|---|---|---|
IAX | UDP | 4569 | Signaling port needed for phones outside of your network |
SIP | UDP | 5060 | Signaling port needed for phones outside of your network |
SIP | UDP | 10000-10500 | RTP audio ports needed for phones outside of your network |
| TCP | 80 | HTTP porlt for remote web voicemail access |
| TCP | 443 | HTTPS port for remote web admin access |
| TCP | 5222 & 843 | Ports for using the Switchboard remotely |
| TCP | 5269 | Ports for remote XMPP (Jabber/chat) access |
External IP Address. The public IP Address of your router. If you are not sure what your public IP is, click Look Up External IP to automatically find it.
NOTE: SIP phones that are outside of your network must use this external IP for registration.
You cannot use this feature if your ISP does not give you a static external IP address. Check with your ISP to make sure that the public IP you enter here will not change. If you do not have a static public IP, you will only be able to use phones from within your local network.
eth0 Interface
Protocol. Select either DHCP or Static.
IP Address. Set when you installed the Switchvox software, and you do not normally need to change this information after installation.
Netmask. Set when you installed the Switchvox software, and you do not normally need to change this information after installation.
Advanced Options
It is unusual to change the Advanced Options, so they are hidden. If you find that you need to change an Advanced Option, click Show Advanced Options. You can enter information in the following fields:
Label.
Hostname. You can set a hostname for Switchvox (e.g., pbx.example.com) if you have a DNS setting. This may alleviate problems with delivering emails through particularly strict SMTP servers.
IMPORTANT: This option also sets the web server’s SSL key. This may help prevent warnings from your browser when logging into Switchvox. In most cases it is best to leave this option unchanged.
Jabber Hostname. You can set a hostname for the Jabber server in Switchvox (e.g., jabber. http://example.com ) if you have a DNS setting. This is important if you are peering Switchvoxes and want to use functions such as Presence or the Chat Panel.
IP ToS Audio and IP ToS Video. These options let you set the ToS or DSCP field in VOIP packets sent by Switchvox. This field can be used by firewalls and switches to distinguish specific types of traffic to apply QoS rules, such as favoring all voice traffic for better quality. Setting the ToS field isn’t a requirement for prioritizing VOIP traffic on your router, it’s just one way to identify VOIP traffic. If you’re not explicitly prioritizing this field in your network equipment, changing this option will have no effect on your VOIP quality.
For more information see the following resources:
RFC 2474 - "Definition of the Differentiated Services Field (DS field) in the IPv4 and IPv6 Headers", Nichols, K., et al, December 1998. IANA Assignments, DSCP registry, Differentiated Services Field Codepoints: http://www.iana.org/assignments/dscp-registry .
Additional Local Networks. Use this option to list any additional networks that are not separated from Switchvox by a NATing router. If there are any other local networks where phones are found, and where phones should connect to Switchvox using its Internal / Private IP, add that network to this list.
This option is only needed if:
Switchvox is behind a router that performs NAT.
You wish to use soft phones from outside your network.
There is more than one network (such as a remote office VPN) connected to the local net.
Networks can be listed in either CIDR (e.g., 192.168.0.0/24) or netmask (e.g.,192.168.0.0/255.255.255) notation.
When you have finished entering/editing the IP Configuration options, click theSave IP Configurationbutton.
HTTP and Proxy
HTTPS and Proxy settings direct all outgoing HTTP and HTTPS traffic to a web proxy. In Release 6.6, these settings are expanded. Now you can enter an SSL Certificate from a 3rd-party Certificate Authority, or from your organization's own Certificate Authority. If you do not have an SSL Certificate, SSL is explicitly Managed by Switchvox. For details, see HTTPS and SSL Certificates.
NOTE: Saving these changes requires a restart; all active calls will be dropped. We do not recommend making these changes during business hours. If changes are made here related to SSL Certificates, you must save and verify the appropriate changes on each Peered Switchvox. Then on each peer, navigate to Setup > Peered Switchvoxes, open the peer, and click the icon Fetch Peer Certificates, then click Save Peered Switchvox.
General Settings (tab)
Proxy SettingsThe proxy settings direct all outgoing HTTP and HTTPS traffic to a web proxy.
Proxy Hostname or IP Address
Proxy Port
Proxy Username
Proxy Password
Retype Proxy Password
SSL Certificates
Switchvox Managed. Leave this set to YES, unless you have purchased an SSL Certificate from a trusted 3rd-party Certificate Authority, or your organization is acting as its own Certificate Authority. If you need to enter your own SSL Certificate information, set this to NO. For details about using SSL Certificates, see the knowledge base article HTTPS and SSL Certificates.
When you have completed entering/editing, click the Save HTTPS and Proxy button.
Certificate Authorities (tab)
When Managed by Switchvox is set to YES under the General Settings tab, Switchvox auto-generates a certificate for internal web traffic. This CA Certificate is available under the Certificate Authorities tab, at the top of the list. Click the download arrow button to download a copy for use with a client communicating with Switchvox via HTTPS.
Important
The certificate is verified with the Mozilla CA Certificate Store, and the Intermediate CA Certificate must link to either the Mozilla CA Certificate Store, or to your own Certificate Authority (provided in that tab on Switchvox's HTTPS and Proxy page). If Switchvox cannot verify the certificate you have, then there are several options:
Obtain a certificate that can be verified.
Set Managed by Switchvox to Yes under the General Settings tab until you can obtain a verified certificate.
If your Switchvox is fully isolated from the public Internet, you may consider turning off the Digium Phones' requirement for a secured SSL environment with a valid SSL certificate. For details, see Managing the Switchvox SSL Certificate and Digium Phones.
Internal Certificate Authorities
If your organization is its own Certificate Authority for its internal web services, you can enter that certificate underCA Cert . Switchvox will use that to facilitate communications with services such as an LDAP server.
You can enter both types of Certificate data. For example, you may have a 3rd-party certificate for your external web site, and a CA Cert for your internal directory services.
When you have completed entering/editing, click the SaveHTTPS and Proxybutton.
Access Control
The Access Control tool lets you manage which networks have access to Switchvox.
The Access Control Rules (tab) allows network access to Switchvox services based on IP address and Netmask. The default action is to deny access, so if you don’t allow a service for a network, then the network is denied access to that service.
The IP Blocking Options tab lets you set the number of attempts that trigger Switchvox to block an IP from accessing Switchvox at all. To search for and Unblock IP addresses, use Server > Blocked IPs.
Access Control Rules tab
The Local Network rule by default allows all traffic for all services. The All Networks rule allows traffic for various services depending on your Switchvox configuration. You can modify the services allowed for the Local Network and All Networks rules, but you cannot change the name or the network.
Create Access Control Rule
Click Create Access Control Rule.
Enter the basic information for the rule:
A unique Rule Name.
The Network that the rule applies to (the IP address and Netmask).
Check Never Block IPs to turn off automatic Blocking for this network. YES indicates that Switchvox should never automatically block this network. For example, Local Network is set to Never block IPs. For details about how Switchvox automatically blocks IP addresses, and how to change it, see Blocked IPs.
Allowed Services. For each service you want to allow this Network to access, indicate YES.
Web Admin Portal. The Switchvox Admin Tool Suite.
Web User Portal. The Switchvox User Tool Suite (for extension owners).
Admin API. API calls to Admin tools.
User API. API calls to User tools.
Printing. Printing to Switchvox, including printing files to be faxed.
IMAP. The Switchvox IMAP server for voicemail and faxes.
XMPP Server (Jabber). XMPP chat server traffic.
SIP. SIP traffic.
NTP. NTP traffic (Network Time Protocol).
SNMP. SNMP traffic. If you want to monitor Switchvox using SNMP, make sure this service is checked. For information about the OIDs that Switchvox publishes, see How do I use SNMP?.
Click Save Rule when ready; or Cancel to cancel.
IP Blocking Options
Blocked IPs
Switchvox automatically blocks an IP if it is attempting to log in or register a phone with a bad username and password. This is based on the assumption that if someone is trying to reach Switchvox without valid login information, that person probably does not have a legitimate reason to reach Switchvox.
To change the number of attempts allowed before automatic blocking, use the IP Blocking Options button on Server > Access Control.
To unblock an IP address or netmask, click Unblock on that item.
To find an IP address that has been blocked, use the Search field. You can enter an IP address, an extension number, or an administrator's login.
Note: If you have physical access to the Switchvox server, you can use the Basic Server Function Unblock Local IPs to remove the blocks for local IP addresses. (See also: Basic Server Functions.)
Manage Physical Access to the Server
If you have an appliance with an LCD Panel, you can disable other access to the appliance. You can also clear the password on the LCD Panel, in case you have forgotten it.
Basic Server Functions
There are several functions that can or must be done at the Switchvox server; those functions are listed here. Use the LCD Panel on your Appliance if there is one, or connect a keyboard and monitor to the Appliance.
Phone Networks
Phone Networks determine how a Digium Phone should behave, depending on the IP address and netmask of the Phone as it sits on the network. If the Phone cannot get on the network because it is trying in vain to use the wrong Phone Networks information, use the Phone's Select Network option to select the Phone Network that matches the network you want the phone to use.
If you want your Switchvox Softphones to reach Switchvox at its internal network address while the phones are on your internal network, modify the Softphone Networks item. Otherwise, this item can be ignored.
IMPORTANT: for a remote phone (a phone that is not on the same network as Switchvox), make sure that you have an Access Control Rule in place (see“Create an Access Control Rule”), and that your router is forwarding the appropriate ports to Switchvox.
The Phone Network screen lists all phone networks with their respective information. Three actions are available for each entry: display Details, Modify, and Delete. When creating a Phone Network, enter the following information, and click the Save Phone Network button when finished. This lists the network on the Phone Network screen. Modify options are the same as the Create options.
Create Phone Network
General Settings. Normally a phone just uses port 5060 for all of these activities and for handling calls. However, if set to YES, the phone uses those ports as indicated. This is useful because those protocols are better suited for those activities. That's why the default phone network. Internal is set to YES.
Name. A unique name for this network.
Network. The IP address and Netmask of the network where Digium Phones could be located.
This should be the IP address that the phone obtains and uses to identify itself on this network. For example, this might be a subnet in your office, or the IP address of a phone at an employee's home. (This is not a remote employee's external IP address, which you would use in an Access Control Rule.)
Direct Port Access. Set this to YES if the phone, while on this network, has access to these ports on Switchvox: Port 80, for getting phone firmware. (If a remote phone cannot reach your Switchvox to get phone firmware, the phone will get the firmware from Digium's servers). Port 443, for getting additional files and accessing Switchvox's API.
Normally a phone just uses port 5060 for all of these activities, and for handling calls. But, if this is set to YES, the phone uses those ports as indicated. This is useful because those protocols are better suited for those activities. That's why the default phone network Internal is set to YES.
NTP Server. By default, Digium Phones use NTP to retrieve time settings. Unless you have a particular reason, do not change these settings.
Advanced Settings
To enter advanced settings, click the Advanced Settings button. This displays the following options:
Primary Host (PBX)
Alternate Host
Virtual LAN Settings
Quality of Service Settings
Miscellaneous Settings
Affected Version(s)
6.6.0.1