Configuring a Mikrotik router to work with 3CX Phone System

Mikrotik has long been manufacturing highly flexible and affordable routing devices under the common name Mikrotik Routerboard. Despite the extensive line of these devices, they are united by a single operating system - Mikrotik RouterOS. Setting up Mikrotik routers to work with the 3CX Phone System is not at all as complicated as it might seem at first glance. Consider the configuration using the example of a Wi-Fi router RB2011UiAS-2HnD-IN. This router is perfect for organizing Internet access for a small and medium-sized company.

Attention! Different Mikrotik models may have different presets. In particular, the models for the SMB segment are pre-installed in such a way as to ensure Internet access through the first port of the Eth1 router with minimal settings. We will take advantage of this.

Basic setup of a router to access the Internet

If you have a new router, download the Winbox utility and connect to the device at 192.168.88.1 with the username admin . After connecting, click the Quick Set menu button in the upper left corner . Here:

1. Router firmware update. You should start and continue from this after rebooting the device.
2. Wi-Fi settings of the router module (if your model has one).
3. Internet access settings. In this case, PPPoE access is used through the Ethernet1 port.
4. LAN and DHCP server settings. Attention! Configuring a DHCP server requires additional steps, described below.
5. Password to access the router management interface.

The settings are pretty obvious. After setting the parameters, click the Apply or OK button . .

DHCP server setup

Go to IP > DHCP Server > Options .

Here you need to create a new DHCP option 66 and set its value to an HTTP link to automatically configure your IP phones. This link must be copied from the Settings > Auto- Configure Phone section of the 3CX Management Console. In this case, the string must be taken in single quotes, for example, 'http://192.168.0.2/provisioning/hwz44ph6o9' . To complete the configuration, go to IP > DHCP Server > Networks and configure the DHCP server. In this example, the DNS server, the domain name, the time server, and the previously created DHCP option 66 are installed.

Disabling SIP ALG

In order for you not to have problems in the work of remote connections in 3CX Phone System, you should disable the built-in SIP Application Layer Gateway in the router. To do this, go to the IP > Firewall Service Ports section and disable the SIP ALG service by clicking the button with a red cross at the top.

Creating firewall and NAT rules

In order to implement Mikrotik Full Cone NAT in the router, or, in other words, publish the necessary ports of the 3CX Phone System server on the external interface, you need to create a set of firewall rules. All rules are created uniformly.

Go to IP > Firewall > NAT and click the plus button to add a new rule. In this example, rules are created for two SIP providers with IP addresses 62.64.127.43 and 69.167.178.6 . Also, rules for external HTTPS connections (port 443 — extension statuses, indication of the presence of 3CXPhone clients and remote server administration), and rules for 3CX Tunnel (port 5090 UDP and TCP) were created.

Rule for SIP Server

Parameters are set in the General and Action tabs . Here:

1. Rule Direction
2. The external address for which this rule is effective. In this case, this is the IP address of the SIP provider. Attention! It is recommended to allow external incoming SIP and RTP traffic only for the necessary IP addresses, and not for the entire Internet!
3. Protocol type
4. Service port that is published
5. The interface for which this rule is effective. In this case, this is the PPPoE interface for connecting the router to the Internet provider
6. The action that the rule executes
7. Local server address 3CX Phone System
8. Local port of the published service

Rules for 3CX Tunnel and HTTPS

Rules are configured similarly, but the source address is not specified. That is, the rule applies to any host on the Internet.

Optional: NTP time server setup

If you want the Mikrotik router to also be a time server for IP phones on your network, you must download and install the package that starts the NTP server in the router. The package archive for the current version of RouterOS can be downloaded here (only relevant for RouterOS 6.24 !). After downloading, unzip the archive and drag the ntp-6.24-mipsbe.npk file into the File List window , called by the Files side menu .

Attention! Upload the package file to the root of the file system. After that, reboot the router in the System > Reboot menu . After rebooting, enable the NTP server in System > NTP Server



. In the System > NTP Client menu, set the IP address of the preferred NTP server to the Internet to set the exact time on the router. It is also recommended to set the current time in the System > Clock menu . This completes the setup of the Mikrotik router to work with 3CX Phone System. Of course, Mikrotik routers have many other important settings that can be used on your network, but their consideration is beyond the scope of this article.