ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Correct Settings For Hosted FreePBX 13

    Scheduled Pinned Locked Moved IT Discussion
    80 Posts 5 Posters 10.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bigbearB
      bigbear @scottalanmiller
      last edited by

      @scottalanmiller said in Correct Settings For Hosted FreePBX 13:

      @bigbear said in Correct Settings For Hosted FreePBX 13:

      @scottalanmiller said in Correct Settings For Hosted FreePBX 13:

      @bigbear said in Correct Settings For Hosted FreePBX 13:

      @scottalanmiller said in Correct Settings For Hosted FreePBX 13:

      @bigbear said in Correct Settings For Hosted FreePBX 13:

      @scottalanmiller without turning off anything what's he lowest vultr you'd use?

      Not sure, we always tune our systems 🙂

      By tuning you mean? Removing unwanted modules? Changing pagefile and CPU mgmt in Linux?

      Not CPU, but we remove unused services, reduce the responsiveness of Apache, etc.

      Stuff not easily scripted/automated?

      We are starting to do that stuff to standardize it. Pretty much everything is automatable on Linux 🙂

      Where I'm heading with this is to write a php interface for provisioning using the acme packet and vultr api's, not sure yet about freepbx api's maybe salt my way to ops automation. Totally replace our in house system.

      It's not my primary job around here, I'm a radiohead...

      1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch @bigbear
        last edited by JaredBusch

        @bigbear said in Correct Settings For Hosted FreePBX 13:

        Is it expected that you convert a chan_sip extension in the GUI by clicking to change to pjsip driver? Or would I have to re-provision the phones?

        You can easily switch this without reprovisioning the phones. I have done it more than once.

        What would be really helpful in the guide is to see how you manually place the config files to provisions phones and if there are any relative firewall changes that need to be made...

        You mean my guide? That is coming, but basically you put them in /tftpboot like any other default tftp setup.

        Assuming you have not messed up the firewall more, they work once you enable the right network settings.I use the 'Internal' or 'Other' setting for that.

        bigbearB 1 Reply Last reply Reply Quote 0
        • bigbearB
          bigbear @JaredBusch
          last edited by

          @JaredBusch I'm gonna retry all this from scratch tonight. Maybe use a $10 vm. Not doing any "tuning" though.

          I was thinking with pjsip on 5060 should in be trunking down to 5160 and chan_sip from my soft switch?

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch
            last edited by

            I use HTTPS provisioning in the Yealink phones, but you could use TFTP also.

            HTTPS provisioning is on port 1443 by default.
            0_1489112315444_upload-ee2f0ff7-eaf8-4f9f-be9c-705353af6161

            So in your phone you would setup https://pbx.domain.com:1433 as the config URL.

            auto_provision.server.url = https://pbx.domain.com:1443
            firmware.url = https://pbx.domain.com:1443/T42-29.81.0.20.rom
            

            0_1489111844883_upload-5c29a12a-28c0-4dba-9dc4-9a3fd1991247
            0_1489111873134_upload-62e0748e-e5b6-40de-a024-20420d7e71cc

            0_1489112157234_upload-eeda6387-4672-461e-9de7-f93e03e1edb1

            1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @bigbear
              last edited by

              @bigbear said in Correct Settings For Hosted FreePBX 13:

              @JaredBusch I'm gonna retry all this from scratch tonight. Maybe use a $10 vm. Not doing any "tuning" though.

              I was thinking with pjsip on 5060 should in be trunking down to 5160 and chan_sip from my soft switch?

              outbound trunks still use chan_sip out to the other end's port 5060 like you are familiar.

              I feel you are overcomplicating this entire thing.

              bigbearB 1 Reply Last reply Reply Quote 0
              • bigbearB
                bigbear @JaredBusch
                last edited by

                @JaredBusch said in Correct Settings For Hosted FreePBX 13:

                @bigbear said in Correct Settings For Hosted FreePBX 13:

                @JaredBusch I'm gonna retry all this from scratch tonight. Maybe use a $10 vm. Not doing any "tuning" though.

                I was thinking with pjsip on 5060 should in be trunking down to 5160 and chan_sip from my soft switch?

                outbound trunks still use chan_sip out to the other end's port 5060 like you are familiar.

                I feel you are overcomplicating this entire thing.

                I mean, if your tftp is "internal" how do the remote phones access it? Lol. Just doesn't follow any firewall lingo I've ever used...

                JaredBuschJ 2 Replies Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @bigbear
                  last edited by

                  @bigbear said in Correct Settings For Hosted FreePBX 13:

                  @JaredBusch said in Correct Settings For Hosted FreePBX 13:

                  @bigbear said in Correct Settings For Hosted FreePBX 13:

                  @JaredBusch I'm gonna retry all this from scratch tonight. Maybe use a $10 vm. Not doing any "tuning" though.

                  I was thinking with pjsip on 5060 should in be trunking down to 5160 and chan_sip from my soft switch?

                  outbound trunks still use chan_sip out to the other end's port 5060 like you are familiar.

                  I feel you are overcomplicating this entire thing.

                  I mean, if your tftp is "internal" how do the remote phones access it? Lol. Just doesn't follow any firewall lingo I've ever used...

                  You really have no idea what you are doing here. Maybe you should leave this to your PBX team, have you thought about that?

                  If you are going to continue, read the definitions, but realize, they are simply labels to be friendly.
                  0_1489113139439_upload-98fe5749-a1fd-43d2-8b49-e23af4d29a42

                  So if you make a network or IP internal like I did above, then that network can access anything marked internal on the service map pages.

                  By default, many things are set to internal already on those pages.
                  By default, almost nothing is set to other, it is good to use for home office workers with a dyndns entry for their IP.

                  You get the idea now?

                  bigbearB 1 Reply Last reply Reply Quote 0
                  • bigbearB
                    bigbear @JaredBusch
                    last edited by

                    @JaredBusch what internal network is there when it's hosted???

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @bigbear
                      last edited by

                      @bigbear said in Correct Settings For Hosted FreePBX 13:

                      @JaredBusch said in Correct Settings For Hosted FreePBX 13:

                      @bigbear said in Correct Settings For Hosted FreePBX 13:

                      @JaredBusch I'm gonna retry all this from scratch tonight. Maybe use a $10 vm. Not doing any "tuning" though.

                      I was thinking with pjsip on 5060 should in be trunking down to 5160 and chan_sip from my soft switch?

                      outbound trunks still use chan_sip out to the other end's port 5060 like you are familiar.

                      I feel you are overcomplicating this entire thing.

                      I mean, if your tftp is "internal" how do the remote phones access it? Lol. Just doesn't follow any firewall lingo I've ever used...

                      You set your DHCP server to tell devices to look to your PBX for TFPT, or you preset all phones with the provisioning URL before sending them out.

                      1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @bigbear
                        last edited by

                        @bigbear said in Correct Settings For Hosted FreePBX 13:

                        @JaredBusch what internal network is there when it's hosted???

                        You obviously failed to read what I just just wrote.

                        I clearly stated that you need to understand that they are just labels to be friendly.

                        bigbearB 1 Reply Last reply Reply Quote 0
                        • bigbearB
                          bigbear @JaredBusch
                          last edited by

                          @JaredBusch your tftp is marked internal zone. Unless you have an onprem pbx it's not accessible from your local network.

                          You do know I'm only talking about hosted right?

                          I understand what they are doing here.

                          JaredBuschJ 1 Reply Last reply Reply Quote 0
                          • JaredBuschJ
                            JaredBusch @bigbear
                            last edited by

                            @bigbear said in Correct Settings For Hosted FreePBX 13:

                            @JaredBusch your tftp is marked internal zone. Unless you have an onprem pbx it's not accessible from your local network.

                            You do know I'm only talking about hosted right?

                            I understand what they are doing here.

                            You do not understand.

                            Internal has nothing to do with where it is.

                            It is a label. Nothing more.

                            Any network you apply the Internal label to will have access to any service also marked Internal.

                            Those screen shots are from a system hosted on Vultr and those redacted sites are 3 different locations across Illinois and Missouri.

                            bigbearB 1 Reply Last reply Reply Quote 0
                            • bigbearB
                              bigbear @JaredBusch
                              last edited by gjacobse

                              @JaredBusch I'm trying to figure out then how my remote phone gets marked "internal", is that where it tagged when it authenticates through the adaptive firewall?

                              Still, telling me to f*** off and go to my pbx team is a little harsh.

                              I'll find some reading on the firewall and stop asking questions? Can't imagine why people get so defensive... i feel like openbts and vsat is infinitely more complicated than this. There's just no documentation, freeswitch has infinitely better docs available.

                              JaredBuschJ 4 Replies Last reply Reply Quote 0
                              • JaredBuschJ
                                JaredBusch @bigbear
                                last edited by gjacobse

                                @bigbear said in Correct Settings For Hosted FreePBX 13:

                                Still, telling me to f*** off and go to my pbx team is a little harsh.

                                Trust me, I did not tell you to f*** off. I have no qualms telling someone on here to f*** off. Just ask the mods.

                                I told you to think about your proposition. Meaning to think about the cost/benefit to the business for trying to do something out of band.

                                1 Reply Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch @bigbear
                                  last edited by JaredBusch

                                  @bigbear said in Correct Settings For Hosted FreePBX 13:

                                  @JaredBusch I'm trying to figure out then how my remote phone gets marked "internal", is that where it tagged when it authenticates through the adaptive firewall?

                                  I already told you how it gets marked internal. I even made a screenshot.

                                  That is what I have been trying to tell you. There is nothing else here. you are making it too complicated.

                                  1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @bigbear
                                    last edited by JaredBusch

                                    @bigbear said in Correct Settings For Hosted FreePBX 13:

                                    There's just no documentation, freeswitch has infinitely better docs available.

                                    I never looked for any docs, so I am not sure what exists. The on screen instructions were plenty clear enough to enable me to understand this.

                                    1 Reply Last reply Reply Quote 0
                                    • JaredBuschJ
                                      JaredBusch @bigbear
                                      last edited by JaredBusch

                                      @bigbear said in Correct Settings For Hosted FreePBX 13:

                                      @JaredBusch I'm trying to figure out then how my remote phone gets marked "internal", is that where it tagged when it authenticates through the adaptive firewall?

                                      If your phone is on a remote network that is marked internal, then it never processes with the adaptive firewall it is already in a special category.

                                      If you have a phone on a random network, not one defined explicitly in the network list described previously, contact your PBX and attempt to authenticate with SIP, the adaptive firewall will let it try. Assuming it registers, it is then marked by the adaptive firewall as a valid IP and services such as HTTPS provisioning will work. This is a bit of a chicken and egg scenario though. If the phone is not sent out provisioned, it has no way to register to then gain access to the provisioning server for future updates.

                                      Is that what you are trying to figure out?

                                      1 Reply Last reply Reply Quote 0
                                      • bigbearB
                                        bigbear
                                        last edited by bigbear

                                        Honestly, after reading the freepbx wiki, your instructions make perfect sense, and I envy the clean setup you are running.

                                        All remote client networks are set to "Internal" (mapping their wan ip to a dynamic FQDN)

                                        Roaming phones coming through the responsive firewall apparently have access to "Internal" or "Other", whether or not that get applied a label I am not sure

                                        The https provisioning is something I would much prefer over TFTP, and I see where my mix-up reading this from my mobile phone was...

                                        I am assuming eth0 is marked as a External network?

                                        JaredBuschJ 3 Replies Last reply Reply Quote 0
                                        • JaredBuschJ
                                          JaredBusch @bigbear
                                          last edited by

                                          @bigbear said in Correct Settings For Hosted FreePBX 13:

                                          I am assuming eth0 is marked as a External network?

                                          Yes.

                                          1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch @bigbear
                                            last edited by

                                            @bigbear said in Correct Settings For Hosted FreePBX 13:

                                            Roaming phones coming through the responsive firewall apparently have access to "Internal" or "Other", whether or not that get applied a label I am not sure

                                            They are internal from what I understand.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 1 / 4
                                            • First post
                                              Last post