Skip to main content

Ports Used by the Vodia Phone System

When deploying the Vodia PBX with cloud service providers like AWS, Azure , Google Cloud or Digital Ocean it often becomes necessary to set the firewall up for the PBX. Port forward the following ports in your cloud firewall environment in order for your remote uses to connect and register SIP desktop phone as well as eliminating one way audio. The numbers in the table are the default. They can be changed from the PBX web interface. You can also check with netstat what ports are open on the PBX. If you want to use only use the Vodia apps from outide of the LAN, you need to open only he HTTPS and the RTP ports. For the apps to work, HTTPS does not have to be on the standard port 443.

ProtocolPortDescriptionCommentsRequired For
UDP and TCP5060SIPUsed for SIP signaling internal and external for remote users.VoIP phones, SIP Trunks
TCP5061SIPSUsed for secure SIP signaling internal and external for remote usersVoIP phones
TCP80HTTPPort used for web site access and LetsEncrypt robot. For LetsEncrypt to work, this port number must be 80 and cannot be changed.LetsEncrypt Robot
TCP443HTTPSPort used for web page access from users and appsApps and User Login
TCP2345,2346LDAPPorts are used by many VoIP phones for looking up address book entriesVoIP phones
UDP49152-65535RTPChoose a large range of RTP ports to avoid possible conflicts and reduce the risk of outside traffic hitting the portsVoIP phones and Apps

Most ports can be changed to random port numbers. This reduces the exposure to scanners. Because in most cases VoIP phones are provisioned automatically, ports 5060 and 5061 can be on random ports. The LDAP ports are by default on non-standard ports. Port 80 needs to be on the standard port to have the LetsEncrypt certicicate service work properly. Port 443 can also run on a non-standard port, the system will automatically redirect from port 80 to the right port. However when users are supposed to log in, it is recommended to keep the standard port 443 so that the URL does not contain a port number.

Telling the PBX what address to use

For servers that don't have a public IP address on their local network interface (e.g. EC2) the PBX needs to know what IP address to present to the SIP devices. In admin mode, navigate to Settings → SIP → Settings and set the IP routing list .

  • If you are using the URL for polling the public IP address, you can use the keyword "public" which will be replaced with the actual public IP address. The PBX will automatically determine the public IP address.
  • If you want always to present a specific public IP address, you can just put the IP address there, for example "".
  • If you want to send packets to devices in the private network, you can use the keyword "private". For example "private public" would check if the destination is a private IP address and the server has a private IP address in that subnet, then it would use the private IP address. Otherwise it would use the public IP address.

Using the SIP IP replacement list is usually not necessary and creates unneeded complexity and problems. If the public IP address keeps changing, the PBX can download the address from a public IP address API (e.g. If the address does not change, the address polling is not neccessary. The system will automatically learn its public IP address from the Vodia license server during startup.