Telos Z/IP ONE - Managing Connections
This document applies to the Telos Z/IP ONE and the use of "port forwarding" to aid in making connections.
The Z/IP ONE, with its Agile Connection Technology™, offers the best experience with point-to-point codec calls over the Internet. As the world of Internet Protocol (IP) replaces the traditional Public Switched Telephone Network (PSTN), we've developed the Z/IP ONE as a solution. One of the benefits of using the public Internet versus the PSTN is the amount of control you, the user, have over the connection to the rest of the world. With IP technology, every device connects to all other devices all the time and the data is filtered based on IP address (and a few other things). The main player in this role your router.
A router (or firewall) is a separate device that may have a modem and an Ethernet switch built-in. Its job is to interface a private network with the public Internet and route data from the public Internet to the appropriate locations on the private network. With a router, you can house one or more Z/IP ONEs on a private network and manage their connections to the Public Internet on a single public-facing IP address using port forwarding.
The ZIP Directory Server
In most installations, absolutely no adjustments to the router are necessary. The Z/IP ONE, along with the ZIP directory server, works with the router to make connections without your help. Here's how it works:
Every 10 seconds or so, the Z/IP will send a message to the directory server. This message will go out carrying your router's public-facing IP address and a random, high port number to respond on. When the ZIP Server sees the message, it will respond and the ZIP indicator on the Z/IP ONE's front panel status window will light up.
In the most simple of terms, a server assisted call works just like a ‘411’ directory assistance call:
"Information, how can I direct your call?"
"Hi Operator, I want to call WXYZ_ZIP@public."
"Thank you, that's at this address 188.8.131.52:21011. Would you like me to connect you?"
The operator (directory server) hands the connection off and the Z/IPs will be directly connected. The server steps entirely out of the picture and moves on to its next task.
Server Relay Calls
In situations when the connection hand-off is unsuccessful, the server will allow a route for the audio through it's already established connection with the Z/IP ONE. When this happens, a message to this effect will display on the front panel of the Z/IP ONE. Connection status in the web UI will also reflect this condition by indicating that it's connected to the other side "thru server"
This is a failsafe, and it has its problems like bandwidth limiting which reduces audio quality and increased latency. This problem is usually the result of a firewall or router getting in the way and rejecting the connection hand-off. This is when an adjustment or some configuration at the router is needed.
First, you will want to find out which firewall (local or remote) is the one rejecting the connection hand-off. You can try to call other Z/IPs, including ZephyrIP10@public (the Telos Z/IP Test line), and if you only get the message when you call certain Z/IPs, the firewalling is at the far end. If you get it every time, the firewalling could be local. The Z/IP ONE has a configurable UDP port that can be used to manage this with the help of a port forward.
Each Z/IP ONE behind the router should have a different listen port assigned to it. We recommend a port in the 21000 or so range to keep the Z/IP away from other network traffic. This port is specified in the STREAMING page of the Z/IP's GUI or in the front panel SETUP / ZIP SERVER menu.
In this example, we are using port 21011 for this Z/IP ONE. If we had another Z/IP ONE on this network, we would give it a different port, like 21012, etc.
Once you configure the Listen port and save the changes, you will need to set up a UDP port forward for port 21011 in the router. In this example, we are using a Linksys router made by Cisco and the Z/IP ONE we just configured has it's streaming interface set to a private static IP address of 192.168.1.102:
When the listen port is specified and forwarded in this manner, the Z/IP Server will be able to hand the connection off without negotiation, and it can be much more reliable.
A bonus to this is the ability to connect to this Z/IP ONE without the help of the directory server. The server's main task is to keep track of which Z/IP is using which IP address on which port. If the public IP is dynamic and changes, the server will be aware and will make adjustments to its records. If we already know this information and if the public IP address is static, the server doesn't need to be involved at all! You can enter this information directly into the call setup and dial the unit directly.
Dialing a Z/IP ONE directly
Once the public IP address for the router is made static by the ISP and once the Z/IP ONE's listen port is specified and forwarded at the router, you can dial this Z/IP ONE dialed directly using the router's public-facing IP address and this port.
To dial this Z/IP ONE, use the MANUAL tab on the web GUI connection page and select “TSCP Direct” for PROTOCOL and enter the information.
You can also use the front panel and strip the GROUP NAME and enter the IP and port in this manner:
Obviously, this will be a challenge if the unit you are calling is on an Internet connection with a dynamic IP. The IP address will be a moving target, which is why the name-based directory server is handy.
With no port forward and a listen port of 0 (default) the Z/IP relies on the open communication that it has with the server instead of the router for completing the call. So the server is critical in these cases.
Other management is possible with firewalls and routers like VPN (Virtual Private Network), which creates a "tunnel" over the public IP address to another router. This has benefits like the restriction of general traffic from the interface but is slightly beyond the scope of this discussion. More information about setting up a VPN will be provided with the setup information that comes with your particular router or firewall.
The Z/IP you are trying to reach is not answering
This is a message you may see from time to time, and it has a double meaning. The first one is the most obvious: the Z/IP ONE at the far end is not set up to auto-answer, and it is not answering the call.
The second, not-so-obvious situation is if the request got rejected by the router at the other side, and the messaging never made it to the Z/IP ONE. See the "Deep Thoughts" comment above. One of the networks may have a restriction for 3rd party connections.
The Z/IP ONE trying to make the call doesn't know the difference between these two states. With confidence, however, we can say that it's either number one or number two. Number two indicates the need to create a port forward for the TSCP listen port. In this case, see the following section regarding Firewall Considerations, or re-read this article from the top.
Firewall Considerations with TSCP calls
Just in case a port forward alone isn't enough, there is one more thing to consider here.
When using the directory server to make TSCP calls, the request to connect will originate at the directory server (3rd party connection) and not from within the local network. Some firewalls block this activity, which will cause the "The Z/IP you are trying to reach is not answering" message to appear.
If you know what the public IP address and port is of the Z/IP you are trying call, you may find that dialing the Z/IP manually (TSCP-Direct / TSCPD) is successful. This is because the request originated at the Z/IP ONE this time and not the server.
Making exceptions in the firewall to allow connections from the server will help with this. At the time of this writing, here are the IP addresses of the directory servers your Z/IP ONE may use:
If the System Info section of your Z/IP ONE's Status page is showing a different IP address for Z/IP Server than the ones shown here, please reboot your Z/IP ONE.
Let us know how we can help
If you have further questions on this topic or have ideas about how we can improve this document, please contact us.