ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Correct Settings For Hosted FreePBX 13

    Scheduled Pinned Locked Moved IT Discussion
    80 Posts 5 Posters 10.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by

      this is completely wrong. You never want anything trusted except maybe one IP for access. Putting something in trusted defeats the purpose of the firewall.

      That second line, you trusted the entire /24 that your office is on (the 70.60.148.0/24)? That is crazy, do you own the entire /24?

      Why would you put in the unroutable class subnets as trusted when this is a hosted solution and everything will be connecting over the WAN IP and showing their public IP?

      Then you put in your entire IPv6 subnets?

      0_1489096773544_upload-0ef4e55d-c8a6-4cd9-b081-d6b689ce9ffc

      bigbearB 1 Reply Last reply Reply Quote 0
      • bigbearB
        bigbear @JaredBusch
        last edited by

        @JaredBusch said in Correct Settings For Hosted FreePBX 13:

        @bigbear here is the index to my guide if that helps.
        https://mangolassi.it/topic/11805/freepbx-13-setup-guide

        0_1489096914096_Screenshot (18)_LI.jpg

        Im gonna check DHCP but we dont use it typically. Will report back. However its fresh user accounts that arent duplicated from the old install.

        1 Reply Last reply Reply Quote 0
        • bigbearB
          bigbear @JaredBusch
          last edited by

          @JaredBusch said in Correct Settings For Hosted FreePBX 13:

          this is completely wrong. You never want anything trusted except maybe one IP for access. Putting something in trusted defeats the purpose of the firewall.

          That second line, you trusted the entire /24 that your office is on (the 70.60.148.0/24)? That is crazy, do you own the entire /24?

          Why would you put in the unroutable class subnets as trusted when this is a hosted solution and everything will be connecting over the WAN IP and showing their public IP?

          Then you put in your entire IPv6 subnets?

          0_1489096773544_upload-0ef4e55d-c8a6-4cd9-b081-d6b689ce9ffc

          LOL - I didnt enter any of those, but none of it looks right to me. I am just trying to do things the "freepbx responsive firewall way". However none of these would be blocking me so I thought I would circle back to it later.

          1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch
            last edited by

            extensions use PJSIP by default in FreePBX 13

            so in the asterisk command line (asterisk -rvvvvvv)

            use pjsip show endpoints

            core show help pjsip will list all the commands.

            bigbearB 1 Reply Last reply Reply Quote 0
            • bigbearB
              bigbear @JaredBusch
              last edited by

              @JaredBusch said in Correct Settings For Hosted FreePBX 13:

              @bigbear said in Correct Settings For Hosted FreePBX 13:

              @JaredBusch said in Correct Settings For Hosted FreePBX 13:

              @bigbear said in Correct Settings For Hosted FreePBX 13:

              I have configured everything as best as I can figure based on what I think the developers are intending to manipulate ipchains. My remote yealink thinks its registered, but it shows offline in reports - asterisk info - peers.

              Start here
              https://mangolassi.it/topic/12322/configure-the-freepbx-smart-firewall

              Since this is not a new install, goto this screen and click the button to rerun the wizard.

              0_1489096410581_upload-29ba66bf-5291-4ed2-a980-3a976ef1f7e0

              Actually this is a new install, but I will definitely re-run the wizard. Hooking up another phone now as I disabled the firewall and realized the phone still doesnt show up under peers, although it says its registered and my line buttons are green...

              $5 says your local DHCP server is sending TFTP info and you are registering to your current system.

              No special DHCP options or TFTP boot servers, actually the Linksys router is serving up DHCP now. A change someone else here must have made.

              The yealink thinks its registered to the freepbx install I just spun up. Also why cant I login to admin GUI from anywhere but my office? I think I see why, but the freepbx instructions say "surely you want to trust the responsive firewall" and not to touch those options.

              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @bigbear
                last edited by JaredBusch

                @bigbear said in Correct Settings For Hosted FreePBX 13:

                @JaredBusch said in Correct Settings For Hosted FreePBX 13:

                @bigbear said in Correct Settings For Hosted FreePBX 13:

                @JaredBusch said in Correct Settings For Hosted FreePBX 13:

                @bigbear said in Correct Settings For Hosted FreePBX 13:

                I have configured everything as best as I can figure based on what I think the developers are intending to manipulate ipchains. My remote yealink thinks its registered, but it shows offline in reports - asterisk info - peers.

                Start here
                https://mangolassi.it/topic/12322/configure-the-freepbx-smart-firewall

                Since this is not a new install, goto this screen and click the button to rerun the wizard.

                0_1489096410581_upload-29ba66bf-5291-4ed2-a980-3a976ef1f7e0

                Actually this is a new install, but I will definitely re-run the wizard. Hooking up another phone now as I disabled the firewall and realized the phone still doesnt show up under peers, although it says its registered and my line buttons are green...

                $5 says your local DHCP server is sending TFTP info and you are registering to your current system.

                No special DHCP options or TFTP boot servers, actually the Linksys router is serving up DHCP now. A change someone else here must have made.

                The yealink thinks its registered to the freepbx install I just spun up. Also why cant I login to admin GUI from anywhere but my office? I think I see why, but the freepbx instructions say "surely you want to trust the responsive firewall" and not to touch those options.

                You can log in from anywhere if you setup the firewall to allow it. By default it does not over HTTP.

                Use HTTPS and it should work from anywhere.

                1 Reply Last reply Reply Quote 0
                • bigbearB
                  bigbear @JaredBusch
                  last edited by

                  @JaredBusch said in Correct Settings For Hosted FreePBX 13:

                  extensions use PJSIP by default in FreePBX 13

                  so in the asterisk command line (asterisk -rvvvvvv)

                  use pjsip show endpoints

                  core show help pjsip will list all the commands.

                  I am using freepbx 12 chan_sip for 30+ phones here on freepbx 12 hosted by cyberlynk.

                  My test freepbx 13 I am registering with pjsip.

                  BUT, both installs are using port 5060 (12 for chan_sip, 13 for pjsip).

                  Not sure how NAT coning works on the linksys, maybe an issue?

                  bigbearB JaredBuschJ 2 Replies Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch
                    last edited by

                    These are not default settings.. just blow it up and follow my guide.

                    0_1489097574872_upload-ed1abaed-17f5-44c5-a06b-295676e815ef

                    1 Reply Last reply Reply Quote 0
                    • bigbearB
                      bigbear @bigbear
                      last edited by

                      @bigbear said in Correct Settings For Hosted FreePBX 13:

                      @JaredBusch said in Correct Settings For Hosted FreePBX 13:

                      extensions use PJSIP by default in FreePBX 13

                      so in the asterisk command line (asterisk -rvvvvvv)

                      use pjsip show endpoints

                      core show help pjsip will list all the commands.

                      I am using freepbx 12 chan_sip for 30+ phones here on freepbx 12 hosted by cyberlynk.

                      My test freepbx 13 I am registering with pjsip.

                      BUT, both installs are using port 5060 (12 for chan_sip, 13 for pjsip).

                      Not sure how NAT coning works on the linksys, maybe an issue?

                      Okay and actually now I hooked up another Yealink and it registered up just fine.

                      On the first extension I had started as chan_sip and moved to pjsip -- maybe that was the whole issue.

                      Re-enabling firewall. Will see how it works. Hope you add a firewall guide to your guide...

                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @bigbear
                        last edited by

                        @bigbear said in Correct Settings For Hosted FreePBX 13:

                        Not sure how NAT coning works on the linksys, maybe an issue?

                        Poorly. Is your current system in house or external also?

                        1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @bigbear
                          last edited by

                          @bigbear said in Correct Settings For Hosted FreePBX 13:

                          @bigbear said in Correct Settings For Hosted FreePBX 13:

                          @JaredBusch said in Correct Settings For Hosted FreePBX 13:

                          extensions use PJSIP by default in FreePBX 13

                          so in the asterisk command line (asterisk -rvvvvvv)

                          use pjsip show endpoints

                          core show help pjsip will list all the commands.

                          I am using freepbx 12 chan_sip for 30+ phones here on freepbx 12 hosted by cyberlynk.

                          My test freepbx 13 I am registering with pjsip.

                          BUT, both installs are using port 5060 (12 for chan_sip, 13 for pjsip).

                          Not sure how NAT coning works on the linksys, maybe an issue?

                          Okay and actually now I hooked up another Yealink and it registered up just fine.

                          On the first extension I had started as chan_sip and moved to pjsip -- maybe that was the whole issue.

                          Re-enabling firewall. Will see how it works. Hope you add a firewall guide to your guide...

                          I linked to the firewall page already. You need more details?

                          bigbearB 1 Reply Last reply Reply Quote 0
                          • bigbearB
                            bigbear @JaredBusch
                            last edited by

                            @JaredBusch said in Correct Settings For Hosted FreePBX 13:

                            @bigbear said in Correct Settings For Hosted FreePBX 13:

                            @bigbear said in Correct Settings For Hosted FreePBX 13:

                            @JaredBusch said in Correct Settings For Hosted FreePBX 13:

                            extensions use PJSIP by default in FreePBX 13

                            so in the asterisk command line (asterisk -rvvvvvv)

                            use pjsip show endpoints

                            core show help pjsip will list all the commands.

                            I am using freepbx 12 chan_sip for 30+ phones here on freepbx 12 hosted by cyberlynk.

                            My test freepbx 13 I am registering with pjsip.

                            BUT, both installs are using port 5060 (12 for chan_sip, 13 for pjsip).

                            Not sure how NAT coning works on the linksys, maybe an issue?

                            Okay and actually now I hooked up another Yealink and it registered up just fine.

                            On the first extension I had started as chan_sip and moved to pjsip -- maybe that was the whole issue.

                            Re-enabling firewall. Will see how it works. Hope you add a firewall guide to your guide...

                            I linked to the firewall page already. You need more details?

                            That was the guide I followed while doing this. I will just start over though. I am a hardcore pfsense guy so using this auto-firewall business goes against everything in me!

                            We use the crappy linksys here because many of our customers have the crappy linksys setup. We are a wireless ISP and transitioning to do more voice. Kind of a long story.

                            Anyway I have a smart ass developer two doors down who has been giving me crap for two days about not being able to get this up, and who wants to continue with our freeswitch setup we've developed in house. I think its turned into bloatware and I am planning to exit all our customers from that to freepbx hosted, possibly now on vultr.

                            Ive never been a freepbx person until it was mentioned to me a year ago or so by Scott on SW. And just in the last month I decided I need to learn it inside and out so I can make the transition.

                            Really appreciate your help. Will let you know the net of following the firewall wizard. I am guess switching from chan_sip to pjsip using the GUI for my first test extension needed some addition changes.

                            1 Reply Last reply Reply Quote 0
                            • bigbearB
                              bigbear
                              last edited by

                              I gotta say also, the freepbx gui lead me to believe all the resources provided were maxed on my other hosted freepbx instances. I can't believe you can get by with so little.

                              Also, is it expected that you should hard code all your wan IP's in where you want to access the admin GUI with the responsive firewall?

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @bigbear
                                last edited by

                                @bigbear said in Correct Settings For Hosted FreePBX 13:

                                I gotta say also, the freepbx gui lead me to believe all the resources provided were maxed on my other hosted freepbx instances. I can't believe you can get by with so little.

                                Standard misreading of Linux RAM data. Use the free command on the CLI and you'll normally see that the RAM is essentially unused. A lightly used FreePBX system could be around 180MB while making calls.

                                bigbearB 1 Reply Last reply Reply Quote 0
                                • bigbearB
                                  bigbear @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Correct Settings For Hosted FreePBX 13:

                                  @bigbear said in Correct Settings For Hosted FreePBX 13:

                                  I gotta say also, the freepbx gui lead me to believe all the resources provided were maxed on my other hosted freepbx instances. I can't believe you can get by with so little.

                                  Standard misreading of Linux RAM data. Use the free command on the CLI and you'll normally see that the RAM is essentially unused. A lightly used FreePBX system could be around 180MB while making calls.

                                  Just crazy what's possible. I'll be the last guy laughing around this office!

                                  We have incredible low voice network overhead for local origination because we have our own interconnects and later 5 switches in Cinci Bell closets. Part of that was because of the dslams we had around town prior to going wifi. We average .0025 on voice costs. The platform overhead has always destroyed our profits. Seems almost too good to be true.

                                  1 Reply Last reply Reply Quote 1
                                  • bigbearB
                                    bigbear
                                    last edited by

                                    Is it expected that you convert a chan_sip extension in the GUI by clicking to change to pjsip driver? Or would I have to re-provision the phones?

                                    What would be really helpful in the guide is to see how you manually place the config files to provisions phones and if there are any relative firewall changes that need to be made...

                                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller
                                      last edited by

                                      You can tune the systems down pretty low. And if you are willing to shut off services when not doing configuration, you can get down insanely low.

                                      bigbearB 1 Reply Last reply Reply Quote 0
                                      • bigbearB
                                        bigbear @scottalanmiller
                                        last edited by

                                        @scottalanmiller without turning off anything what's he lowest vultr you'd use?

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @bigbear
                                          last edited by

                                          @bigbear said in Correct Settings For Hosted FreePBX 13:

                                          @scottalanmiller without turning off anything what's he lowest vultr you'd use?

                                          Not sure, we always tune our systems 🙂

                                          bigbearB 1 Reply Last reply Reply Quote 0
                                          • bigbearB
                                            bigbear @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in Correct Settings For Hosted FreePBX 13:

                                            @bigbear said in Correct Settings For Hosted FreePBX 13:

                                            @scottalanmiller without turning off anything what's he lowest vultr you'd use?

                                            Not sure, we always tune our systems 🙂

                                            By tuning you mean? Removing unwanted modules? Changing pagefile and CPU mgmt in Linux?

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 3 / 4
                                            • First post
                                              Last post