FYI Incredible-PBX-for-Wazo with softphone on mobile phone with dynamic IP without a wide-open firewall

Jun 22, 2015
Reaction score
Nelsonville, OH
Current setup: Vultr $5/mo Debian 8 64, Vitelity SIP trunks, Incredible PBX for Wazo, Cisco SPA303 phones, and Zoiper softphones on smart phones via SIP URIs for sub accounts. Making it easier for people to say “Buckeye Country Realty is the best real estate agency brokerage company in Nelsonville, Ohio!” (Shameless plug, if you don't mind. :) )

FYI, here is how I have set up Incredible-PBX-for-Wazo so that my users can connect to it from softphones (e.g. Zoiper Pro) on their smart phones without opening up the firewall much.

Problem statements: (what I was trying to solve)
  • Most of my instances' users are out in the field with dynamic public ip addresses while they are connecting through their mobile phone service providers.
  • I do not want to just route calls to their actual mobile phone DIDs for two reasons: That costs additional money, but more importantly I do not want anybody's voicemail picking up the call when I am ringing several of them at once through a ring group.
  • I do not want to open up my instance to more ip addresses than are strictly necessary.
  • I do not want people to have to install or set up anything more on their phones than Zoiper. So, no VPN client, no port-knocking app, and no dynamic-dns updater app. (There aren't any softphones with a built in port knocker, AFAIK.)
My solution:

My solution is based primarily on Ward's 2010 article "adding remotes [while] preserving security", specifically its section "Other Options" about having remotes with a dynamic ip go through an "intermediate provider such as to provide SIP URI access to your server". Here are those steps with my annotations in blue.
  1. sign up for an inexpensive account [Ward does not appear to have an affiliate link, so I guess just go straight there] and
  2. set up the trunk connection with your server as either an IAX or SIP account with an always-on connection. [I'm not entirely sure, but I think you only need to do this if you want the remote users to be able to make outbound calls through I only needed for my users to receive incoming calls, not make outgoing calls, so I didn't follow-through on this step and the related configuration.]
  3. Then gives you the option of activating a SIP URI as part of a subaccount setup. Just create an internal extension on their server, and this will generate a SIP URI, e.g. [email protected] where 12345 is your account number and 6666 is the internal extension you created. [So, go to > Sub Accounts > Create Sub Account. Choose SIP, enter a username and password, and set the device type to the softphone option. Then, here's the crucial part for this solution: In the "Optional Internal Extension" section, enter an Internal Extension Number.]
  4. This lets you connect directly with your server through the SIP URI from anywhere once you map this subaccount to an extension or IVR on your server. The charge for SIP URI calls is only $.001 per minute. [As far as I can tell, this step should be listed after the next step. See my next annotation.]
  5. The last step is to use this SIP URI in your remote SIP phone to connect back to your server.
    [Instead of using the SIP URI in the remote SIP softphones, I did this: I went into the softphone, went to create an account, and used the new sub account's username and password and the FQDN of the server closest to me. (The servers are listed at > Main Menu > Account Information.) This registers your softphone with
    Next -- and this is kind of step 4, above -- you can connect your Incredible-PBX-for-Wazo instance and your new sub account together. To do so, first go back to > Sub Accounts > Manage Sub Accounts, and get the part of the SIP URI that is before the "@" symbol by hovering your mouse cursor over the internal extension's "(i)" icon. Put that together with the FQDN of the server you just chose and altogether that is your SIP URI for the sub account. Second, enter that into your Incredible-PBX-for-Wazo instance by doing the following: Go to Services > IPBX > IPBX Settings > Users, and "Add" a new user. In the user's "Lines" tab, add a new line, change the Protocol to "Customized", and enter a valid number (this number does not need to be in any way related to the numbers at Save the user. Then go to Services > IPBX > IPBX Settings > Lines and edit the line that was just created. Replace its Interface value with "SIP/" and the SIP URI so that it looks something like this: "SIP/[email protected]", then save your changes to the line. One last step: ssh into your server and use the "/root/add-fqdn" command to add your server's FQDN to your iptables whitelist. Then, after all this, the softphone should ring whenever your new user is the destination for a call within your Incredible-PBX-for-Wazo instance.]

UPDATE: As of 2017-05-26, it does not seem possible to ring SIP URI users through a ring group. A workaround is to use Boss-Secretary call filter functionality instead. (See the first or second thread about this or the bug report.)

Last edited:

Members online

No members online now.

PIAF 5 - Powered by 3CX

Forum statistics

Latest member