Page 1 of 2

Allworx Reach Help

Posted: Mon Oct 23, 2017 4:53 pm
by mikeh21
Afternoon,

We recently got a new Allworx unit that supports the reach app. So we setup the free license that comes with out device and we really like it. With that said I've come into some problems with the app. The app works outside my current work network so users at home should be good to go. However in office the people who dont have lines or phones at their desk have no way of using the app. When on the wifi the app connects/registers. I can dial out and in, however no one can hear me from the app side. I can hear them perfectly fine. So it sounds like its a nat or port setting but I dont know for sure.

Its driving me crazy because I allow lan to lan all traffic nothing blocked internally meaning my data, phone, and wifi lan can all communicate with no issues. However since audio is only blocked from my end it makes me think its a port setting but I cannot for the life of me figure it out.

Anything you guys think I can try on my end? Using a sonicwall nsa 2600.

Re: Allworx Reach Help

Posted: Wed Nov 01, 2017 1:33 pm
by Allworx6xCT
On your Reach app, do you have the office wifi url added on the server config setting?

Re: Allworx Reach Help

Posted: Mon Nov 06, 2017 7:20 am
by sp90378
being OWA, sounds like something may be missing static route wise. From the WiFi network, try logging into the Allworx and then go to events log and see what IP it shows you connected from, as often even with no route from the data to voice network, if different subnets, it may leave the WAN interface of the firewall but may still be able to route to the PBX, depending on the local setuo. If you see the login was from the private IP of the machine then you are OK there but if its a public IP then that tells me there is no static route from the data to the voice network.
Another easy way to test is just to see what IP Allworx is showing the Reach device on, if its showing a public or private IP. Again, if its showing a public then that tells me network routing is not correct.

I would also check for SIP helper/ALG type settings in the Sonicwall and try disabling/enabling them as well.

Re: Allworx Reach Help

Posted: Wed Dec 13, 2017 6:35 am
by sp90378
This is 100% correct as of latest 7.6 (I believe but could be wrong) and higher. Prior to that, the external IP field under network config would only work of the default gateway is out the LAN and its in LAN Host mode, however at least as of 7.7 and higher, that field will work in anymore, however a reboot is usually needed after putting in the IP (even know it does not say it needs a reboot). When that field is used, the Allworx will change the source IP to be whatever is put in the external IP field under network config. So lets say your default gateway is 192.168.2.1 and you have a route for 192.168.3.0/24 with a gateway of 192.168.2.1, while you may think you do not need a route because its your default gateway, you indeed still need the router if using that external IP field.

Now if you are using say Eth 2 on the Allworx to go/be on your data network, meaning it has an IP directly on your data network that the PC's/Phones are on, then a route should not be needed, nor should your firewall be involved at that point. I do recommend against that though and recommend using static routes so that the data can be more strictly controlled and so the PBX does not get all the broadcast/multi-cast traffic, etc. that may be occurring on the data network.
pchizzo wrote: Tue Dec 12, 2017 12:46 am I had same exact problem, and it was driving me crazy too. After reading this thread I stumbled onto an explanation and solution. This is all about 10 minutes ago, so I haven't done extensive testing or used packet sniffer to confirm, but as soon as I made the change it started working and I'm moving on to other issues...

In the Allworx server Network>Configuration section, it asks for a Gateway (local LAN side) and an External IP Address, and it explains that it encodes the external address into the data as the source address in order to handle situation when a 3rd party NAT device is in the mix. But what I believe is happening is that by encoding that external address, when you're talking from Server (LAN1) to Reach (LAN2 one hop away) that encoding is causing the reply traffic from the Reach to try to go to the external address rather than the Reach address. That would explain one-way audio in the direction you described.

The solution I found is to go to the Allworx server Network>Static Routes section, and create a static route for destination LAN2 from LAN1 via the LAN1 default gateway, but leave the field in the static route for External IP blank [you still need the External IP in the Network>Configuration screen or you'll break your external calling]. So when the Allworx sends to LAN2 it uses this static route instead and does NOT appear to encode an external IP address into the stream as the source address.

Again, I haven't sniffed all this out, but the explanation and fix seem to make sense, and it's working for me now. I hope this helps!


[ Allworx 6x v8.0.10.7 in LAN Host Mode behind a Ubiquiti EdgeRouter Pro ]

Re: Allworx Reach Help

Posted: Thu May 31, 2018 12:26 pm
by radthomas
So I am having the opposite problem. We recently upgraded to a newer 48x box and it came with one Reach license. I have installed the Reach app on my iPhone SE and registered everything through the Allworx box. The app will connect and work fine when I am onsite (on wireless), but once I am on cell or wireless service offsite, I get a connection error.

I'm assuming our Firebox router is the issue. I recently solved the issue of not being able to access the Allworx admin web interface (our WAN is also mapped to our Windows server). However, the Reach app and remote handsets are still not able to connect. Any suggestions on what other router or Allworx settings I need to be looking at to get these to work?

Thank you!

Re: Allworx Reach Help

Posted: Fri Jun 01, 2018 6:20 am
by sp90378
How does the Allworx have access to internet? Does it have a public IP directly on its WAN interface or does it sit behind a firewall, using a private IP for its WAN IP?
radthomas wrote: Thu May 31, 2018 12:26 pm So I am having the opposite problem. We recently upgraded to a newer 48x box and it came with one Reach license. I have installed the Reach app on my iPhone SE and registered everything through the Allworx box. The app will connect and work fine when I am onsite (on wireless), but once I am on cell or wireless service offsite, I get a connection error.

I'm assuming our Firebox router is the issue. I recently solved the issue of not being able to access the Allworx admin web interface (our WAN is also mapped to our Windows server). However, the Reach app and remote handsets are still not able to connect. Any suggestions on what other router or Allworx settings I need to be looking at to get these to work?

Thank you!

Re: Allworx Reach Help

Posted: Fri Jun 22, 2018 12:36 pm
by sp90378
wshrader wrote: Fri Jun 22, 2018 11:07 am ports for Allworx:

2088 UDP BLF
5060 UDP SIP
8081 TCP remote stations
15000-15511 UDP RTP
16384-16393 UDP RTP
To add, you will want both TCP and UDP 5060 as remote phones will use one and reach the other. So both are needed for everything to work. You can also let through UDP 123 if you want the phones to pull time from the Allworx, or you could set the phones to use another time server on the internet.

Re: Allworx Reach Help

Posted: Tue Jun 26, 2018 11:31 am
by radthomas
Thank you for the suggestions. I believe I have all of the ports set correctly. (2088 UDP, 5060 UDP, 5060 TCP, 8081 TCP, 15000-15511 UDP, 16384-16393 UDP).

I think my problem lies in sp90378's question. (Or maybe this was only asked to know which ports I needed in the protocol.)
How does the Allworx have access to internet? Does it have a public IP directly on its WAN interface or does it sit behind a firewall, using a private IP for its WAN IP?
I wish I could answer your question, sp90378. I'm the accountant here who has become the defacto IT person since I am the only one who knows how to Google issues and fix them occasionally. Is there another way you can ask your question or somewhere I can look for the answer? I do have to setup firewall policies in our WatchGuard Firebox router for me to access the system admin from offsite. So I feel I am missing one setting in that policy for it to connect with the handsets and Reach offsite.

Side question about the Reach app: it has you use the LAN IP as the server address. How does that connect when offsite? Wouldn't you need the WAN in there?

Re: Allworx Reach Help

Posted: Tue Jun 26, 2018 1:17 pm
by sp90378
radthomas wrote: Tue Jun 26, 2018 11:31 am Thank you for the suggestions. I believe I have all of the ports set correctly. (2088 UDP, 5060 UDP, 5060 TCP, 8081 TCP, 15000-15511 UDP, 16384-16393 UDP).

I think my problem lies in sp90378's question. (Or maybe this was only asked to know which ports I needed in the protocol.)
How does the Allworx have access to internet? Does it have a public IP directly on its WAN interface or does it sit behind a firewall, using a private IP for its WAN IP?
I wish I could answer your question, sp90378. I'm the accountant here who has become the defacto IT person since I am the only one who knows how to Google issues and fix them occasionally. Is there another way you can ask your question or somewhere I can look for the answer? I do have to setup firewall policies in our WatchGuard Firebox router for me to access the system admin from offsite. So I feel I am missing one setting in that policy for it to connect with the handsets and Reach offsite.

Side question about the Reach app: it has you use the LAN IP as the server address. How does that connect when offsite? Wouldn't you need the WAN in there?

In Reach, that is correct. You would want to put in the WAN. That is the easy way to tell how it gets out to the internet as well. Does the Allworx have a WAN IP in its network config? Is it a private IP or a public IP? And then what is the default gateway under network config as well, as with that info you can then tell if it is going through your firewall to get out to the internet.

Re: Allworx Reach Help

Posted: Tue Jun 26, 2018 2:15 pm
by radthomas
sp90378 wrote: Tue Jun 26, 2018 1:17 pmIn Reach, that is correct. You would want to put in the WAN. That is the easy way to tell how it gets out to the internet as well. Does the Allworx have a WAN IP in its network config? Is it a private IP or a public IP? And then what is the default gateway under network config as well, as with that info you can then tell if it is going through your firewall to get out to the internet.
The Allworx does have a WAN IP in its network config. The WAN is showing as a Public IP. The default gateway is 255.255.255.0/24. (One thing I just noticed is that the WAN is marked as DHCP. Should I change to static and assign the Allworx LAN IP? We do also have the issue of sharing that WAN IP with our server's external access as well. So maybe that will not work, and could be some of our issue here.)

I had figured out a way to access the admin website (adding :5060 on the end of the WAN) by having our firebox firewall policies point to the LAN IP of the phone system admin access (with :8080 appended as usual). However, I could not get the Reach app to connect until I deleted the :8080 off the LAN IP the Firebox directed the WAN:5060 for the Admin website. By deleting the :8080 I can now connect on the Reach, but not the Admin website.

I have no idea what settings will allow us access with the Reach/handsets, Allworx admin site and our server. Thanks so much for your help!