@Pete-S : I've increased the default timeout from 10 120 to 300 900.
We'll see if a) the connection remains stable b) if battery usage decreases.
I don't want to disable encryption as FreePBX automatically generates the client config and I don't want to have to custom edit each.
Unless this can be configured strictly on the server side like keepalive?
Yeah, unfortunately we're seeing at LEAST a 50% chance of being locked out during network connection change or IP address renewal.
@scottalanmiller : Replying to a 5 year old message? Grave digger!
@Dashrender said in Alternatives to OpenVPN for VoiP on cell phone...:
I have totally had an issue roaming around and the responsive firewall constantly locked me out as well.
Exactly. To which the only "resolution" that worked for us at the time was OpenVPN but it's taking a massive toll on the batteries of the phones 
@scottalanmiller : If they're using their mobile phones it means that they're out of the office travelling or on-site at a client and, likely, not connected to WiFi.
When using the responsive firewall, it was during network status changes where there would be a high likelihood that the device would get locked out (e.g. when transitioning WiFi -> LTE)
I thought I was pretty clear in my OP but I suppose some clarification is in order: This is strictly so that we can connect Android phones to our FreePBX instance. I'm not at all concerned about encrypting / securing voice, just the successful registration of the Zoiper client.
OpenVPN was the only consistent way of getting mobile devices to keep their registration as we can whitelist the VPN ip subnet.
As mentioned, turning on the responsive firewall and using that instead of OpenVPN did not work out well as the IP addresses of the cell phones changes regularly and the firewall would randomly lock users out during re-registration. Perhaps there are some changes that we can make to either the client or FreePBX that will prevent this?
EDIT: When I said "AND SECURE", I was speaking of ensuring that FreePBX itself was kept as secure from "rogue users" as possible while fulfilling our requirement of allowing our mobile devices to register with the service.
We use Android phones here along with Zoiper to tie into our FreePBX instance for when we're out of the office/on-site.
Each device uses the OpenVPN client to connect to FreePBX but we've been experiencing massive battery drain issues using that client for months (today OpenVPN was responsible for 73% of my battery usage).
Is there an alternate AND SECURE way for users to connect back in to FreePBX using their cell phones aside from using OpenVPN?
I had tried using the responsive firewall but got locked out frequently.
Also tried dyndns apps for android but they sucked as much battery as OpenVPN and, often times, we'd be banned via the firewall before dyndns updated.
Any suggestions would be greatly appreciated.
Thanks!
@JaredBusch : Awesome! Glad to hear it worked for you...
@JaredBusch said in Invoke-WebRequest sometimes fails to connect to https:
The request was aborted: Could not create SSL/TLS secure channel.
Could this be a TLS issue? Perhaps the version of PowerShell on one computer is using TLS1 and the others are using TLS1.2?
Your site appears to support 1.2 and 1.3 only so perhaps the following added to your PS script before the WebRequest will work:
[Net.ServicePointManager]::SecurityProtocol = "tls12"
@bnrstnr said in In home surveillance camera:
@DustinB3403 said in In home surveillance camera:
@dbeato said in In home surveillance camera:
@wrx7m said in In home surveillance camera:
Is anyone using the ubiquiti unifi video software?
I am and I also have Wyze.
What cameras are you using with the Ubiquiti nvr?
Does the ubiquiti unifi only work with ubiquiti cameras
Stolen from their forum:
the UniFi Video software (UFV) only works with Ubiquiti cameras and that the UniFi Video Cameras (UVC) only work with UniFi Video software. Ubiquiti is on record as stating that there is no intention for UFV to support other brands of camera.The Unifi Video software can stream an RTSP feed of each camera, but the cameras have to connect to Unifi Video first.
Just a note on this in case it's missed. All of the G3 camera's, when setting them up, provide the option for "standalone" (your own RTSP server) or "UniFi Video" (their software/hardware) in the later firmware.
I have a few G3-Flex going to BlueIris without issue and no UFV in the chain.
I'm fairly certain that network map doesn't belong on a resume.........
@scottalanmiller said in [Solved] All computers cannot access 1 specific site:
@manxam Well that worked out then
I did. We're not ones for forcing tech on clients but there's a limit to client risks that we're willing to live with.
This particular client deals with a LOT of sensitive data and it always bothered me that they had a known vulnerable router in place that we had to admin with a 5 year old version of Firefox.
@scottalanmiller : As far as I can determine, it was "broken". I didn't go down the route of performing a factory reset as the device was older and I was looking for an excuse to replace it with an ER4 anyways.
Customer wasn't willing previously despite the fact that the unit was old enough that I had to run Firefox 30 (2014) to admin it and that specific model/firmware was listed as having several vulnerabilities.
Doing a bit of a deep dive I found NO reason that it was denying access to this one specific site and a reset may have "fixed it", but I didn't relish going through the painful steps of setting it back up again.
ER4 was cheap enough that, with this problem plus the aforementioned admin issues and vulnerabilities, the customer was willing to upgrade.
Essentially it was a blessing in disguise.
Tangentially, why is it that the Orgs with the most amount of spare cash are the least likely to part with it?
And.. it was the SonicWall
So very strange that it only appeared to affect this one site with nothing in place to block it via IP nor DNS.
Thanks for your suggestions guys!
@Reid-Cooper, unfortunately I had no one to spare today so they'll be going in tomorrow.
Really curious to see if it's the SW or the ISP.
If the former there's a simple solution: rip and replace time!
If the latter, that'll be a fun chat with the cable company...
@travisdh1 : I'd have to agree with you on that one. I really dislike having to create address objects, service objects, etc and then assigning those to the specific NAT and Firewall groups.
Just clunky to change something (like a port forward) for something that should take 2 seconds.
@travisdh1 : Very good point. Router reboot changes nothing. I'll send someone on site to connect to the modem directly and see if it's an ISP issue or that terrible SonicWall.
Thanks!
@manxam : Strange, the sonicwall does have a diagnostics feature where one can ping an address.
The host in question does allow ICMP as tested locally in our offices but the sonicwall timeouts when pinging it.
Guess it's time to reboot the firewall and, if that fails, contact the ISP?
I have one site where users cannot reach a particular site.
DNS on all computers and server can correctly lookup the IP for said domain name.
Attempts at using telnet to connect to the address with either 80 or 443 timeout but work without issue in our office.
I have connected to another client who uses the same ISP to ensure it wasn't ISP related but they can reach it
All of the computers have AV on them though the hyper-v host does not. It, too, can not reach the website.
The firewall is an old Sonicwall with no filtering enabled at all and no blocks preventing reaching the resolved IP.
Any suggestions on what to check next? I'm a little baffled...
Thanks!
@Ylian said in Comparing MeshCentral 2 to ScreenConnect:
@manxam Yes, the old Meshv1 had 2 files. With MeshCentral v2 we got the policy file added inside the Windows executable without breaking the authenticode signature. So, just the one exe now.
Thanks @Ylian.
