3CX Phone System on a Raspberry Pi 4: AWS Chime Voice Connector Config (Part 2)

I’m going to start off by apologizing for this being REALLY late in coming. I never intended it to take so long. However, shortly after I made the original post, I ended up doing some major overhauls to my #HomeLab network. As a result and a few purchases later, I’m finally back up and running and able to provide a guide that I can verify works!

In Part 1, I walked through the my rationale for my new VoIP system, how to configure a Raspberry Pi as the host, and finally install and configure 3CX as the VoIP server. In this part, I’ll walk you through setting up AWS Chime Voice Connector as the SIP Trunk provider for our system.

There are a lot of SIP Trunk providers out there. You will have to find one that will work with your needs and budget. Each of them will have different features they support, rates to provide phone numbers, as well as the rates for making and receiving phone calls. As a #HomeLab, my choices were narrowed down fairly quickly. Reviewing the list of supported SIP Trunk providers on the 3CX website, AWS was one of only a few that support non-business entities. And even then, I had to request support from AWS in order for them to allow me to request phone numbers. Bottom line: Shop around in your local area for a solution that meets your needs. Ok, let’s get started with AWS Chime Voice Connector.

You will need an AWS account setup for this to work. Registration is free and you will receive some free credit for AWS services for the first year. Not a bad deal to experiment. This guide will largely follow the 3CX Support Document. Their guide is a good walk-through. This one just mirrors how I set mine up.

Amazon Chime Voice Connector

If you navigate to, you can click “Products” then “Business Applications” then “Amazon Chime Voice Connector” and see the following page:

Click on “Get started with Amazon Chime Voice Connector” to get started. You will be prompted to log in. Once you log into your account, you will see the “Getting started with Amazon Chime” page shown here:

Click on “Voice connectors” along the left-hand menu. This will take you to the list of Voice connectors which have been configured for your account.

When you click on the “Create new voice connector” button, you will get a pop-up that allows you to fill out the details for the new connector:

Fill in the name, select an AWS region (right now, they only support US East and US West), and ensure encryption is “Disabled”. Click “Create”. The first time I did this, I received this error:

This error happens because when you first create an Amazon Chime account, it is restricted by AWS. You will have to submit a Support Request using the option in the upper right hand corner. As mentioned in the error, select the “Voice Calling” category. I received the following email from AWS Support:

After answering their questions, they removed the restriction on my account. I’m not sure what their exact policies are, but I just specified that I was using this for a home telephone number replacement. Once the restriction was removed, I was able to provision phone numbers and setup the connector. When you go back through the steps listed above, it should create your new voice connector. Clicking on the connector will bring you to the configuration page as shown here:

The information shown on this tab is what you configured initially. There is more work to be done to integrate this with 3CX, but for now, let’s get a new phone number to use with our phone system. Click on the “Phone number management” link on the left-hand menu. Once there, select the “Orders” tab. Once there, you should see a “Provision phone numbers” button as shown here:

Click on this button. Select “Voice Connector” as the type of phone number to use:

Click “Next” and you will be brought to a page where you can choose the type “Local” or “Toll-free”, and then based on either a specific location or Area code, choose your new phone number.

In this example, I chose a local number from Pittsburgh, Pennsylvania. Amazon’s numbers are limited to US telephone numbers. Not all cities or states have available numbers. Choose one that works for you. When you find your number, choose “Provision.” IMPORTANT NOTE: Once you provision a telephone number, you start incurring charges on your account. When the order goes through (usually within a minute or less), the new phone number will show up in your “Inventory” under Phone number management. Let’s configure your connector to work with 3CX now. Navigate back to your Voice Connector and select the “Termination” tab. This is where you will configure outbound calling from 3CX. Select “Enabled” to start the processing.

The two key areas to remember and configure at this point is the “Outbound host name” that will be copied into 3CX and the “Allowed hosts list”. It’s important to restrict use of your new phone number to only your system–you wouldn’t want someone else running up your phone bill, right? Click on “New” under “Allowed hosts list” and add your external IP address:

Leave the subnet mask set to 32 to ensure only your IP address is authorized and not another system in your ISP’s network. You will also have to make sure you update this if your external IP ever changes. Once you click “Add”, scroll down to the Credentials section. You will want to add this as another security measure. 3CX will use this when making an outgoing call through Amazon:

Click “Save” at the bottom of the page to save these settings. Click on “Origination” to configure the voice connector to make calls to your 3CX server. Select “Enabled” for Origination status and create a new “Inbound Route” with the FQDN for your 3CX server. This can be found by logging into the 3CX Management Console and looking at the “Information” block as shown here:

The default port is 5060 and the default protocol is TCP. However, these will depend on what you chose when you setup 3CX. I just added a priority of 1 and a weight of 5 to my entry since it will be the only one I have. These values have more meaning if there is another inbound route to be used. Click “Save” to save these settings. Finally, navigate to the “Phone numbers” tab and assign the telephone number you provisioned earlier to this connector:

Click the “Assign” from Inventory and choose the number you selected. If you did not provision a number previously, go back and do that now. Once done, that is it for the configuration within AWS.

3CX SIP Trunk Configuration

Let’s go to your 3CX Management Console and complete the configuration. Click on “SIP Trunks” as shown here:

Click on “Add SIP Trunk”. You will be given a dialog to complete as shown here:

Select “US” for country and “Amazon Chime Voice Connector” for the provider. For the “Main Trunk No”, enter the telephone number you provisioned earlier in E164 format (e.g., +15554526543). Click Ok. You will now see the details of the SIP Trunk to configure.

Using the “Outbound Host Name” you wrote down from the AWS Chime configuration page, enter this as the “Registrar/Server/Gateway Hostname or IP”. Scroll down a little bit to the “Authentication” section:

Make sure you select “Do not require – IP Based” as the “Type of Authentication”. Now, enter the username and password you created on the AWS Chime configuration previously. Make sure this is a strong password as this user will be used to make calls through the Voice Connector and start billable actions!

That is all you have to do to configure the SIP Trunk at this point. Scroll to the top of the page and click “OK” to save your settings. Next you need to create the Inbound and Outbound Rules for your 3CX system.

3CX provides instructions on creating Inbound Rules here: Inbound Rules are required so that whenever someone calls your new Amazon Chime number, the 3CX server will know how to route the call. So, as the name implies, these are for “Inbound” calls to you.

Configuring the Inbound Rule for your main trunk number is very simple. On the left hand navigation menu, click on “Inbound Rules”. You will see the following page:

Click on “Add DID Rule”. Give the rule a name so you can keep track of it. With only a single number, this can be very simple as shown here:

If your instance will have many possible extensions and numbers to call, then these rules should have more appropriate names. Once you’ve named the rule, you need to decide which extension should be the called user:

In my case, I have the same extension being used for during and outside of office hours since it’s for my personal use. Scroll to the top and click “OK” to save the Inbound Rule.

Next, click on the “Outbound Rules” navigation menu item to bring up that configuration setting. 3CX provides the following documentation on this process: These Outbound Rules are required for your 3CX users to make calls to others outside of your system. If you don’t want your users calling any external numbers, you can leave this section blank. BUT that does seem a bit silly given you’re spending money now for a fancy new telephone number from AWS…anyways.

Click on “Add” to create a new Outbound Rule for your setup. On the screen, give the rule a name you can remember:

Next, you will need to specify a condition to match this rule against. In the example here, I want this rule to be applied whenever someone in my “Family” extension group makes a call. I also have a “Testers” extension group. This rule would not work for them (mostly because I don’t want to have them run up my phone bill…).

Finally, provide the “Route” or “Action” the call will take when this rule is run. As shown in this example, the call will route to the “Amazon Chime Voice Connector” SIP Trunk. It also will “Prepend” a “+1” for calls so users don’t have to add that when they dial. Finally, you have to specify the “Outbound Caller ID”. It is VERY IMPORTANT to have this number match one of the SIP Trunk numbers from AWS and it must be in E164 format.

Scroll to the top and click “OK” to save the Outbound Rule.

With that change made, as long as your firewall is allowing the correct ports and protocols, you should be able to both make and receive calls using your new Telephone Switch on a Pi!

I hope this is helpful. The 3CX documentation is pretty good, but I always appreciate seeing concrete examples for things. I will be writing up a guide to configuring my new firewall to work with 3CX. However, it is working at this point and I’m really stoked!