ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Using Vultr for FreePBX 13

    Scheduled Pinned Locked Moved MangoCon
    freepbx 13freepbx setupguidereal instructionshow tojareds guide to freepbx 13freepbxvultr
    37 Posts 8 Posters 11.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • u2communicationsU
      u2communications
      last edited by

      This has been super helpful! I started out with the CyberLynk hosting which was nice, but a lot costlier. It included some commercial modules but Vultr is cheaper enough to pay for them fairly quickly. I do have one annoying issue I haven't solved though. I set this up from my home office and I can reach the web gui from there, but can't get to it from my office network. For the life of me I can't find anyplace to allow/block access to the gui. Any ideas?

      JaredBuschJ 1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch @u2communications
        last edited by

        @u2communications said in Using Vultr for FreePBX 13:

        This has been super helpful! I started out with the CyberLynk hosting which was nice, but a lot costlier. It included some commercial modules but Vultr is cheaper enough to pay for them fairly quickly. I do have one annoying issue I haven't solved though. I set this up from my home office and I can reach the web gui from there, but can't get to it from my office network. For the life of me I can't find anyplace to allow/block access to the gui. Any ideas?

        In the FreePBX firewall.
        https://mangolassi.it/topic/12322/configure-the-freepbx-smart-firewall/2

        u2communicationsU 1 Reply Last reply Reply Quote 0
        • u2communicationsU
          u2communications @JaredBusch
          last edited by

          @jaredbusch, Awesome as usual Jared. Though mine looks very different - no zones button. I just went to the Networks tab and added my WAN subnet as Trusted (Excluded from Firewall) and I'm all set. I can't believe I didn't see that!

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @u2communications
            last edited by

            @u2communications said in Using Vultr for FreePBX 13:

            @jaredbusch, Awesome as usual Jared. Though mine looks very different - no zones button. I just went to the Networks tab and added my WAN subnet as Trusted (Excluded from Firewall) and I'm all set. I can't believe I didn't see that!

            The delayed load of the pictures probably caused the scroll to not be in the right place. Post 2 of that thread shows the current FreePBX 14 view.

            But it sounds like you found the right setting.

            1 Reply Last reply Reply Quote 0
            • P
              prabbide
              last edited by

              @JaredBusch Hi, Jared. I appreciate this information on Vultr. I've got a hosted freePBX system up and running on Vultr now. Have you had trouble with tftp in a hosted environment? For the life of me I can't get it working. Works on a local install. Does not work on a hosted install. I've checked too many things to list here, but was wondering if you (or anybody else) has gotten it to work in a hosted environment. If yes, then it's back to lab for me. Thanks.

              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @prabbide
                last edited by

                @prabbide said in Using Vultr for FreePBX 13:

                @JaredBusch Hi, Jared. I appreciate this information on Vultr. I've got a hosted freePBX system up and running on Vultr now. Have you had trouble with tftp in a hosted environment? For the life of me I can't get it working. Works on a local install. Does not work on a hosted install. I've checked too many things to list here, but was wondering if you (or anybody else) has gotten it to work in a hosted environment. If yes, then it's back to lab for me. Thanks.

                I would never use tftp over the internet. There is no security in it at all.

                That said, assuming your system is setup properly it will work just fine. It is simply a setting in your DHCP server to tell the phone where to go.

                You need to have the service open in the FreePBX firewall and make sure it is allowed out of your router.

                JaredBuschJ P 2 Replies Last reply Reply Quote 1
                • Emad RE
                  Emad R @JaredBusch
                  last edited by

                  @JaredBusch

                  LET FREEEEDOM RING BABY

                  1 Reply Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @JaredBusch
                    last edited by

                    @JaredBusch said in Using Vultr for FreePBX 13:

                    I would never use tftp over the internet. There is no security in it at all.

                    I was out at breakfast when I made the reply. Let me clarify.

                    Using tftp to pull configs over the internet have no possible method to encrypt the information in transit.

                    So if somewhere along the way, your traffic is sniffed (most likely is softphone on a mobile device on a public hotspot), the data inside the phone config files is 100% plain text. This is a super bad thing because these config files contain the SIP credentials for the device in question.

                    Once someone has your valid credentials, they have access to make calls on your dime.

                    Using http is no different. I recommend only using https on the public internet.

                    Now, you can mitigate by only allowing known IP addresses through the firewall. By doing that, there is no way for someone to get to your data form everywhere around the world.

                    To be clear this, is only about keeping the configuration files secret because they contain sensitive information. SIP registration is a totally different issue. That process has no need for encryption. The SIP protocol negotiates a nonce witht he PBX when it begins the registration process for an extension. The device never sends the registration password in the clear.

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @JaredBusch
                      last edited by JaredBusch

                      @JaredBusch said in Using Vultr for FreePBX 13:

                      I recommend only using https on the public internet.

                      Now even tough I say that, there are potential problems with this on some devices.

                      /me glares at Yealink T4XG series devices

                      FreePBX's default Let's Encrypt certificate process on FreePBX 14 creates a Let's Encrypt certificate that Yealink T4XG series phones refuse to talk to. The exact same phone talking to FreePBX 13 with a LE cert generated by FreePBX works just fine.

                      So you have to decide to get some other certificate or use take the risk of using http for you device communication. I continue to hpe the Yealink will release a firmware update for this, but it is unlikely as that series of phones are no longer sold. They do not seem to consider them EoL yet, but they were replaced by the T4XS line.

                      1 Reply Last reply Reply Quote 0
                      • P
                        prabbide @JaredBusch
                        last edited by

                        @JaredBusch Yep. tftp is not optimal for security reasons. Nevertheless, it actually does not seem to work in a hosted freepbx environment and I can't figure out (yet) why. I've turned off the IPFW (yes, I know...this is a test box). I've set the xinet service tftp to verbose logging and tracked the activity. The tftp client successfully talks with the server, requests files, but eventually times out with no data transmitted). I've set my local firewall wide open for the IP address. I'm able to tftp locally from another known good remote tftp server. I've checked the freepbx forums (there are similar complaints about tftp, but those are not on a hosted server and tend to be user error). Was hoping you had run across this issue and made it work (even though it's not recommended). Thanks for your feedback.

                        DashrenderD 1 Reply Last reply Reply Quote 0
                        • Emad RE
                          Emad R @JaredBusch
                          last edited by

                          @JaredBusch

                          Hi,

                          Did you also notice that v14 is super slow compared to v13 ?

                          JaredBuschJ 1 Reply Last reply Reply Quote 0
                          • JaredBuschJ
                            JaredBusch @Emad R
                            last edited by

                            @Emad-R said in Using Vultr for FreePBX 13:

                            @JaredBusch

                            Hi,

                            Did you also notice that v14 is super slow compared to v13 ?

                            It assuredly is not. I use it daily. I do not use 13 daily any more, but when I did have active clients on both versions, I never had noticeably different speeds in the GUI.

                            scottalanmillerS 1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller @JaredBusch
                              last edited by

                              @JaredBusch said in Using Vultr for FreePBX 13:

                              @Emad-R said in Using Vultr for FreePBX 13:

                              @JaredBusch

                              Hi,

                              Did you also notice that v14 is super slow compared to v13 ?

                              It assuredly is not. I use it daily. I do not use 13 daily any more, but when I did have active clients on both versions, I never had noticeably different speeds in the GUI.

                              We still have one client that won't upgrade (they make lots of excuses) and we don't notice a difference either.

                              1 Reply Last reply Reply Quote 1
                              • DashrenderD
                                Dashrender @prabbide
                                last edited by

                                @prabbide said in Using Vultr for FreePBX 13:

                                @JaredBusch Yep. tftp is not optimal for security reasons. Nevertheless, it actually does not seem to work in a hosted freepbx environment and I can't figure out (yet) why. I've turned off the IPFW (yes, I know...this is a test box). I've set the xinet service tftp to verbose logging and tracked the activity. The tftp client successfully talks with the server, requests files, but eventually times out with no data transmitted). I've set my local firewall wide open for the IP address. I'm able to tftp locally from another known good remote tftp server. I've checked the freepbx forums (there are similar complaints about tftp, but those are not on a hosted server and tend to be user error). Was hoping you had run across this issue and made it work (even though it's not recommended). Thanks for your feedback.

                                You sure Vultr firewall isn't blocking TFTP?

                                JaredBuschJ 1 Reply Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch @Dashrender
                                  last edited by

                                  @Dashrender said in Using Vultr for FreePBX 13:

                                  @prabbide said in Using Vultr for FreePBX 13:

                                  @JaredBusch Yep. tftp is not optimal for security reasons. Nevertheless, it actually does not seem to work in a hosted freepbx environment and I can't figure out (yet) why. I've turned off the IPFW (yes, I know...this is a test box). I've set the xinet service tftp to verbose logging and tracked the activity. The tftp client successfully talks with the server, requests files, but eventually times out with no data transmitted). I've set my local firewall wide open for the IP address. I'm able to tftp locally from another known good remote tftp server. I've checked the freepbx forums (there are similar complaints about tftp, but those are not on a hosted server and tend to be user error). Was hoping you had run across this issue and made it work (even though it's not recommended). Thanks for your feedback.

                                  You sure Vultr firewall isn't blocking TFTP?

                                  Vultr doesn't have a firewall unless you make one.
                                  I mean it is possible they could. Let me test.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @JaredBusch
                                    last edited by

                                    @JaredBusch said in Using Vultr for FreePBX 13:

                                    @Dashrender said in Using Vultr for FreePBX 13:

                                    @prabbide said in Using Vultr for FreePBX 13:

                                    @JaredBusch Yep. tftp is not optimal for security reasons. Nevertheless, it actually does not seem to work in a hosted freepbx environment and I can't figure out (yet) why. I've turned off the IPFW (yes, I know...this is a test box). I've set the xinet service tftp to verbose logging and tracked the activity. The tftp client successfully talks with the server, requests files, but eventually times out with no data transmitted). I've set my local firewall wide open for the IP address. I'm able to tftp locally from another known good remote tftp server. I've checked the freepbx forums (there are similar complaints about tftp, but those are not on a hosted server and tend to be user error). Was hoping you had run across this issue and made it work (even though it's not recommended). Thanks for your feedback.

                                    You sure Vultr firewall isn't blocking TFTP?

                                    Vultr doesn't have a firewall unless you make one.
                                    I mean it is possible they could. Let me test.

                                    Lots of people put one in by default and don't even think about it.

                                    1 Reply Last reply Reply Quote 0
                                    • JaredBuschJ
                                      JaredBusch
                                      last edited by

                                      My setup with FreePBX 14 on Vultr.

                                      1. There is no firewall on Vultr blocking anything.
                                      2. My home network is marked trusted in the FreePBX responsive firewall.
                                      3. The tftp protocal is allowed in the FreePBX firewall to local connections.

                                      I can connect to from my desktop with tftp but I cannot download anything.
                                      690a6734-0e8c-48f8-b0a9-bede9d66fac1-image.png

                                      DashrenderD P 2 Replies Last reply Reply Quote 1
                                      • DashrenderD
                                        Dashrender @JaredBusch
                                        last edited by

                                        @JaredBusch said in Using Vultr for FreePBX 13:

                                        My setup with FreePBX 14 on Vultr.

                                        1. There is no firewall on Vultr blocking anything.
                                        2. My home network is marked trusted in the FreePBX responsive firewall.
                                        3. The tftp protocal is allowed in the FreePBX firewall to local connections.

                                        I can connect to from my desktop with tftp but I cannot download anything.
                                        690a6734-0e8c-48f8-b0a9-bede9d66fac1-image.png

                                        right - so why not?

                                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                                        • JaredBuschJ
                                          JaredBusch @Dashrender
                                          last edited by

                                          @Dashrender said in Using Vultr for FreePBX 13:

                                          @JaredBusch said in Using Vultr for FreePBX 13:

                                          My setup with FreePBX 14 on Vultr.

                                          1. There is no firewall on Vultr blocking anything.
                                          2. My home network is marked trusted in the FreePBX responsive firewall.
                                          3. The tftp protocal is allowed in the FreePBX firewall to local connections.

                                          I can connect to from my desktop with tftp but I cannot download anything.
                                          690a6734-0e8c-48f8-b0a9-bede9d66fac1-image.png

                                          right - so why not?

                                          Don't know and don't honestly care. As I said before. Don't use TFTP on the public internet.

                                          1 Reply Last reply Reply Quote 1
                                          • scottalanmillerS
                                            scottalanmiller
                                            last edited by

                                            I wonder if TFTP default bindings are LAN only.

                                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post