Correct Settings For Hosted FreePBX 13
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
@JaredBusch I'm trying to figure out then how my remote phone gets marked "internal", is that where it tagged when it authenticates through the adaptive firewall?
If your phone is on a remote network that is marked internal, then it never processes with the adaptive firewall it is already in a special category.
If you have a phone on a random network, not one defined explicitly in the network list described previously, contact your PBX and attempt to authenticate with SIP, the adaptive firewall will let it try. Assuming it registers, it is then marked by the adaptive firewall as a valid IP and services such as HTTPS provisioning will work. This is a bit of a chicken and egg scenario though. If the phone is not sent out provisioned, it has no way to register to then gain access to the provisioning server for future updates.
Is that what you are trying to figure out?
-
Honestly, after reading the freepbx wiki, your instructions make perfect sense, and I envy the clean setup you are running.
All remote client networks are set to "Internal" (mapping their wan ip to a dynamic FQDN)
Roaming phones coming through the responsive firewall apparently have access to "Internal" or "Other", whether or not that get applied a label I am not sure
The https provisioning is something I would much prefer over TFTP, and I see where my mix-up reading this from my mobile phone was...
I am assuming eth0 is marked as a External network?
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
I am assuming eth0 is marked as a External network?
Yes.
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
Roaming phones coming through the responsive firewall apparently have access to "Internal" or "Other", whether or not that get applied a label I am not sure
They are internal from what I understand.
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
Honestly, after reading the freepbx wiki, your instructions make perfect sense, and I envy the clean setup you are running.
I can be more complicated. but that does not help a new person learning or guides designed for that.
Once, not if btw, you get a clean working system and want to begin to complicate it to match your needed design, feel free to ask for those kind of details if needed. But in a general post like this that would not have helped.
-
So, last night I had everything up in about 20 mins after starting from scratch. I also learned not to skim and respond from my mobile browser.
I am very interested in learning how to provision via https without the endpoint manager if you are willing to share your setup!
Thanks for your help...
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
So, last night I had everything up in about 20 mins after starting from scratch. I also learned not to skim and respond from my mobile browser.
I am very interested in learning how to provision via https without the endpoint manager if you are willing to share your setup!
Thanks for your help...
Well eventually it will be posted here in detail. but i have not had time.
To provision, you simply need to make config files appropriately.
I use Yealink phones almost exclusively.
When a new phone is ordered i just leave it until a user needs it.
I have them plug it i and give me the IP address (can push the OK button to see).
I jump in it and assign the https provisioning URL and reboot the phone.
-
@bigbear i am on site today so not sure if I will have time to post a valid config example. But I can once I have a little time.
-
@JaredBusch said in Correct Settings For Hosted FreePBX 13:
@bigbear i am on site today so not sure if I will have time to post a valid config example. But I can once I have a little time.
Thanks. I was going to install the yealink provisioning configuration tool to generate some files later today. I had also been thinking about getting access to yealink's RPS, but not sure if it only works on new yealink phones you drop ship from vendors (versus existing yealinks in the feild)
If the latter it would be cool to have someone hold OK button down to reset to factory defaults, pickup provisioner URL from Yealink RPS and auto configure everything.
-
@bigbear The new firmware versions have a function in the phone settings that you can export a cfg file. that can get you started.
-
@JaredBusch ah sweet. Thanks!
Hate to be a pest, just had a couple more questions...
Was curious and wanted to ask about the extra zone entries in your screen shots above. the dns hosts for outbound1 and 2.letsencryptcom and mirror1.freepbx.org. Im guessing the freepbx.com ones are for software updates? Not sure if letsencrypt is for your SSL cert or a DNS mapping for trunk providers?
And I use IP auth for inbound calling, any need to define my IP for trunking?
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
@JaredBusch ah sweet. Thanks!
Hate to be a pest, just had a couple more questions...
Was curious and wanted to ask about the extra zone entries in your screen shots above. the dns hosts for outbound1 and 2.letsencryptcom and mirror1.freepbx.org. Im guessing the freepbx.com ones are for software updates? Not sure if letsencrypt is for your SSL cert or a DNS mapping for trunk providers?
Those entries were auto added when I used the built in SSL module to get a LE cert.
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
And I use IP auth for inbound calling, any need to define my IP for trunking?
I have not done IP auth with a PJSIP trunk only SIP, nor since the new firewall stuff was added. so just setup a SIP trunk like normal and if it fails, add the provider's IP in the firewall.
-
And I just got asked to setup a new phone for a new hire.. config incoming for you shortly...
-
MAC.cfg (ie: 001565b8bac4.cfg)
#!version:1.0.0.1 ## the file header "#!version:1.0.0.1" can not be edited or deleted. ## network.dhcp_host_name = 5117 account.1.display_name = Main Conference Room account.1.auth_name = 5117 account.1.user_name = 5117 account.1.label = 5117 account.1.password = 123456 account.1.enable = 1 account.1.outbound_host = account.1.outbound_port = account.1.outbound_proxy_enable = 0 account.1.shared_line = 0 account.1.sip_server.1.address = pbx.domain.com account.1.sip_server.1.port = 5060 account.1.sip_server.2.address = account.1.sip_server.2.port = ###################################################################### # The 6 buttons on the left and right of the screen are linekey 1-15 # ###################################################################### ## Label is what the user sees #linekey.1.label = # Line is the line/ext that is used. This is generally always 1 for a basic setup #linekey.1.line = 1 ## Pickup Value works with BLF type keys. If a user pushes this button while it is ringing, ## it sends this before the value. Set it to ** for Asterisk to pickup the ringing call. #linekey.1.pickup_value = ## Type is 16 for BLF, 15 for a line/ext presence. See documentation for other values. #linekey.1.type = ## Value if the value for the type. For BLF this would be the extension being monitored. #linekey.1.value = ## Linekey/DSSKey # 1 linekey.1.label = linekey.1.line = 1 linekey.1.pickup_value = ** linekey.1.type = 0 linekey.1.value = linekey.1.xml_phonebook = %NULL% ## Linekey/DSSKey # 2 linekey.2.label = linekey.2.line = 1 linekey.2.pickup_value = ** linekey.2.type = 0 linekey.2.value = linekey.2.xml_phonebook = %NULL% ## Linekey/DSSKey # 3 linekey.3.label = linekey.3.line = 1 linekey.3.pickup_value = ** linekey.3.type = 0 linekey.3.value = linekey.3.xml_phonebook = %NULL% ## Linekey/DSSKey # 4 linekey.4.label = linekey.4.line = 1 linekey.4.pickup_value = ** linekey.4.type = 0 linekey.4.value = linekey.4.xml_phonebook = %NULL% ## Linekey/DSSKey # 11 linekey.11.label = %NULL% linekey.11.line = %NULL% linekey.11.pickup_value = %NULL% linekey.11.type = 0 linekey.11.value = %NULL% linekey.11.xml_phonebook = %NULL% ## Linekey/DSSKey # 12 linekey.12.label = %NULL% linekey.12.line = %NULL% linekey.12.pickup_value = %NULL% linekey.12.type = 0 linekey.12.value = %NULL% linekey.12.xml_phonebook = %NULL% ## Linekey/DSSKey # 13 linekey.13.label = %NULL% linekey.13.line = %NULL% linekey.13.pickup_value = %NULL% linekey.13.type = 0 linekey.13.value = %NULL% linekey.13.xml_phonebook = %NULL% programablekey.2.type = 22 programablekey.2.line = %NULL% programablekey.2.value = %NULL% programablekey.2.label = Shared # programablekey.2.extension = %NULL% programablekey.2.xml_phonebook = 0 programablekey.2.pickup_value = %NULL% local_time.manual_time_enable = 0 local_time.ntp_server1 = 10.202.1.11 local_time.ntp_server2 = 0.us.pool.ntp.org local_time.time_zone = -6 local_time.time_zone_name = United States-Central Time remote_phonebook.data.1.name = St Louis remote_phonebook.data.1.url = http://10.202.0.22/Phonebooks/stl.xml remote_phonebook.data.2.name = Quincy remote_phonebook.data.2.url = http://10.202.0.22/Phonebooks/quincy.xml remote_phonebook.data.3.name = Cape remote_phonebook.data.3.url = http://10.202.0.22/Phonebooks/cape.xml remote_phonebook.data.4.name = Jeff City remote_phonebook.data.4.url = http://10.202.0.22/Phonebooks/jeffcity.xml voice.echo_cancellation = 1 voice_mail.number.1 = *97 -
model.cfg (ie: y000000000029.cfg)
#!version:1.0.0.1 ####################################################################################### ## Autop Mode ## ####################################################################################### auto_provision.power_on = 1 ####################################################################################### ## Autop Weekly ## ####################################################################################### auto_provision.weekly.enable = 1 auto_provision.weekly.mask = 0123456 auto_provision.weekly.begin_time = 03:00 auto_provision.weekly.end_time = 03:59 auto_provision.server.url = https://pbx.domain.com:1443 ####################################################################################### ## Language Settings ## ####################################################################################### ##It configures the language of the phone user interface. ##Chinese_S and Chinese_T are only applicable to SIP-T19P, SIP-T21P and SIP-T46G IP phones. ##The default value is English. lang.gui = English ####################################################################################### ## Remote Phonebook(Except T20P Model) ## ####################################################################################### ##It enables or disables the phone to perform a remote phone book search when receiving an incoming call. ##0-Disabled,1-Enabled. ##The default value is 0. features.remote_phonebook.enable= 1 ##It configures the interval (in seconds) for the phone to update the data of the remote phone book from the remote phone book server. ##The default value is 21600.Integer from 3600 to 2592000. features.remote_phonebook.flash_time = 21600 ####################################################################################### ## Features DND ## ####################################################################################### features.dnd.on_code = *78 features.dnd.off_code = *79 ####################################################################################### ## Features BLF ## ####################################################################################### ##It configures BLF LED mode and provides four kinds of definition for the BLF/BLF list key LED status. ##For more information, refer to BLF LED Mode on page 218. ##The default value is 0. features.blf_led_mode = 0 ##It enables or disables the phone to deal with the Version header in the BLF NOTIFY message sent by the server. ##0-Disabled,1-Enabled. ##The default value is 0.It takes effect after a reboot. features.blf_list_version = 0 ##Visual BLF Pickup Alert ##0 is off. features.pickup.blf_visual_enable = 0 ####################################################################################### ## Features Intercom ## ####################################################################################### features.intercom.allow = 1 features.intercom.mute = 0 features.intercom.tone = 1 features.intercom.barge = 0 ####################################################################################### ## Phone Settings ## ####################################################################################### phone_setting.inter_digit_time = 10 phone_setting.ring_type = Resource:Ring1.wav call_waiting.tone = 0 ####################################################################################### ## Power Led Settings ## ####################################################################################### phone_setting.common_power_led_enable = 0 phone_setting.mail_power_led_flash_enable = 1 phone_setting.ring_power_led_flash_enable = 1 phone_setting.emergency.number = 911 phone_setting.missed_call_power_led_flash.enable = 0 ##It configures the phone to go out or reduce intensity of the backlight on the LCD screen after a period of inactivity. ##0-Off,1-Low. ##The default value is 1. phone_setting.inactive_backlight_level = 1 ####################################################################################### ## Phone Setting Display ## ####################################################################################### ###Except T20P/T19P/T21P Models ##It configures the backlight time (in seconds).0, 1, 15, 30, 60, 120, 300, 600 or 1800. phone_setting.backlight_time = 1800 ####################################################################################### ## Phone Setting BLF ## ####################################################################################### ###It enables or disables the phone to automatically configure the BLF list keys in order. ###0-Disabled,1-Enabled. ###The default value is 1. phone_setting.auto_blf_list_enable = 1 ###Only T26P/T28P/T46G Models support the parameter ###It configures the order of BLF list keys assigned automatically. ###0-Line Keys->Memory Keys->Extension Keys ###1-Extension Keys->Memory Keys->Line Keys ###Memory keys are not applicable to SIP-T46G IP phones. ###The default value is 0. phone_setting.blf_list_sequence_type = 0 ####################################################################################### ## Security ## ####################################################################################### ###Define the login username and password of the user, var and administrator. ###If you change the username of the administrator from "admin" to "admin1", your new administrator's username should be configured as: security.user_name.admin = admin1. ###If you change the password of the administrator from "admin" to "admin1pwd", your new administrator's password should be configured as: security.user_password = admin1:admin1pwd. ###The following examples change the user's username to "user23" and the user's password to "user23pwd". ###security.user_name.user = user23 ###security.user_password = user23:user23pwd ###The following examples change the var's username to "var55" and the var's password to "var55pwd". ###security.user_name.var = var55 ###security.user_password = var55:var55pwd security.user_name.user = user security.user_name.admin = admin security.user_name.var = var security.user_password = admin:admin security.user_password = user:user security.user_password = var:var ####################################################################################### ## User Mode ## ####################################################################################### ###It enables or disables the 3-level permissions (admin, user, var). ###0-Disabled,1-Enabled. ###The default value is 0.It takes effect after a reboot. security.var_enable = 1 ####################################################################################### ## Programable Key ## ####################################################################################### ###T20P X ranges from 1 to 9 ###T28P/T26P X ranges from 1 to 14 ###T41P/T42G/T19P/T21P X ranges from 1 to 11 ###T46G/T22P X ranges from 1 to 13 #programablekey.x.type--Customize the programmable key type. #The valid types are: #0-NA 2-Forward 5-DND 7-Call Return 8-SMS 9-Directed Pickup 13-Speed Dial #22-XML Group 23-Group Pickup 27-XML Browser 28-History 30-Menu 31-Switch Account 32-New SMS #33-Status 34-Hot Desking 38-LDAP 40-Prefix 41-Zero Touch 43-Local Directory 44-Network Directory 45-Local Group #46-Network Group 47-XML Directory 50-Keypad Lock 51-Switch Account Up 52-Switch Account Down 55-Meet-Me Conference 61-Directory #40-Prefix (Not support T20) #22-XML Group (Not support T20) #31-Switch Account (Not support T19/T41/T42/T46) #38-LDAP (Not support T19/T20) #46-Network Group (Not support T20) #8-SMS (Not support T41/T42/T20) #32-New SMS (Not support T41/T42/T20) #47-XML Directory (Not support T20) #44-Network Directory (Not support T20) #41-Zero Touch (Not support T41/T42/T46) #34-Hot Desking (Only support T19/T46 #51-Switch Account Up (Only support T41/T42/T46) #52-Switch Account Down (Only support T41/T42/T46) ###programablekey.X.type = ###programablekey.X.line = ###programablekey.X.value = ###programablekey.X.xml_phonebook = ###programablekey.X.history_type = ###programablekey.X.label = ###programablekey.X.pickup_value = ###It configures the key feature for the programmable key X. #programablekey.1.type = ###It configures the desired line to apply the programmable key feature. #programablekey.1.line = ###It configures the value of the programmable key feature. ###For example, when configuring the key feature to be Speed Dial, it configures the number. ###The default value is blank. #programablekey.1.value = ###It configures the desired local group/XML group/network group for the programmable key. ###It only applies to the Local Group, XML Group and Network Group features. ###XML Group and Network Group features are not applicable to SIP-T20P IP phones. #programablekey.1.xml_phonebook = ###It configures the history type of programmable key. ###0-Local History,1-Network History. ###The default value is 0. #programablekey.1.history_type = ###It configures the label displayed on the LCD screen for each soft key. ###The default value is blank. #programablekey.1.label = ###It configures conference ID followed by the # sign for Meet-Me conference feature. ###It only applies to Meet-Me conference feature. ###The default value is blank. #programablekey.1.pickup_value = programablekey.1.type = 45 programablekey.1.line = %NULL% programablekey.1.value = %NULL% programablekey.1.label = Local # programablekey.1.extension = %NULL% programablekey.1.xml_phonebook = 0 programablekey.1.pickup_value = %NULL% ####################################################################################### ## Line Key ## ####################################################################################### linekey.14.label = %NULL% linekey.14.line = 1 linekey.14.pickup_value = %NULL% linekey.14.type = 15 linekey.14.value = %NULL% linekey.14.xml_phonebook = %NULL% linekey.15.label = %NULL% linekey.15.line = 1 linekey.15.pickup_value = %NULL% linekey.15.type = 15 linekey.15.value = %NULL% linekey.15.xml_phonebook = %NULL% ####################################################################################### ## Configure the access URL of firmware ## ####################################################################################### ###It configures the access URL of the firmware file. ###The default value is blank.It takes effect after a reboot. firmware.url = https://pbx.domain.com:1443/T42-29.81.0.20.rom -
passwords obviously redacted/defaulted in example.
-
@JaredBusch Awesome thanks!
Does this nag screen ever go away? I already added a trusted zone via dyndns for where I am accessing it from, obviously its working. I just put the DNS name instead of the WAN ip its mapped to as you have done.
-
@bigbear No it does not because it does not check that the dyndns entry matches. I guess that should be filed as a bug or enhancement.
-
btw I add this line to the cfg files,
network.dhcp_host_name = 5117, specifically so I can open a browser on network and simply go to http://5117.domain.local or whatever their AD domain is to check a phone.Saves so much time.
