LOL - Seinfeld reference ?

@Donahue said in Clients on the private side of a jump box:

I just think of another end point, when I hear you MSP guys talk about jump boxes, something inside the LAN, like any other end point.

That is always my definition. I use my workstation in the office as a jump box when I am out of the office. I can remote into it via screenconnect and then remote into everything else.

@scottalanmiller said in On-Premises soft PBX:

@Dashrender said in On-Premises soft PBX:

@wrx7m said in On-Premises soft PBX:

@JaredBusch said in On-Premises soft PBX:

@wrx7m said in On-Premises soft PBX:

@JaredBusch said in On-Premises soft PBX:

@wrx7m said in On-Premises soft PBX:

@JaredBusch said in On-Premises soft PBX:

@wrx7m said in On-Premises soft PBX:

@scottalanmiller said in On-Premises soft PBX:

@wrx7m said in On-Premises soft PBX:

If you are going to deploy freepbx, would you-

1. Do it on-prem, VPS or have it hosted (https://www.freepbx.org/store/hosted-freepbx/)?
2. If doing your own deployment, use the FreePBX Distro or do it all manually?

Not sure if you are asking for general opinions or something specific to a scenario listed somewhere above. But here we go...

1. This depends on the customer and their needs and their calling patterns. Nearly always on Vultr cloud because of cost, features, and performance. Only very rarely does on prem make sense for a phone system.

2. Distro

That is what I was looking for.

Watch my video from SpiceWorld. I had a question about hosted or not. The answer to it is it depends on where oyu need your survivability at.

As for your own. You NEVER install something manually unless you have a very specific knowledge goal.

In the case of FreePBX, what are you trying to gain by setting it up manually? Do you even have a clue what that requires if you do not use the Distro? I can tell you it involves compiling asterisk yourself.

Thanks. I will look for your video. I wasn't sure based on the differences between other products, i.e. turn key or virtual appliances, where it can be problematic. I did see that manual involves compiling Asterisk and was definitely not going to do that myself.

I linked it here someplace in the last few days.

IF oyu can't find it, let me know.

I did a quick search for spiceworld and didn't see it. If you find it, please post in this thread.

Here https://mangolassi.it/post/436655

Just finished it. Good stuff in there. I will be pursuing ditching my "traditional" provider in favor of sip next year.

I will also be considering ditching Shoretel. One major cost point is the desk phones. We have a lot of people that are more comfortable with having an actual desk phone. Do you (or anyone else) know if these ShoreTel phones would work with FreePBX?

• IP230G (uses MGCP)

• IP480G and IP485G

I don't know - but you can always test it.

Yeah, very easy to test. But I doubt any of us have tried using them, while that comes up from time to time, it is very rare that people want to move from Shoretel and keep their old phones. Both events are decently rare, combined even more rare. But just take one and see if it will connect somewhere and that will tell you.

If you need, we can help test quickly. It doesn't take much if you have an existing PBX to test against.

It might be an easier sell to say that we can use some of the existing phones, as we have about 85 of them.

We are kind of in a weird spot when it comes to telephony. We are paying just over $3K a year in ShoreTel maintenance. I am comfortable with ShoreTel, but ShoreTel Connect's current iteration (as of Feb 2018) is not fantastic. It has some bugs and is sluggish. It is like they rushed it out, even though it was a year old when we migrated from version 14. The icons for the client have ShoreTel and Mitel logos, depending on where you look for them. The older client was much faster and intuitive for the users, although it was very dated looking (Windows XP). The admin portal (director), was also redone, but has its own issues. For instance the UI is kind of annoying. Search buttons to activate the search feature are below the lists of device/users/ext, but the search boxes pop up above the lists. Makes no sense. Also, the bulk edit feature doesn't work for most things; it should, but it never shows you that it didn't make the changes. You only find out when it isn't working and go back to find that the change was only made to the first selected item.

Another irritating thing about ShoreTel, is that they don't want to you to install Windows updates on the server. They don't test Windows updates on anything but the latest version. With our VAR, we get one upgrade of ShoreTel a year. If we want an upgrade (free of labor charges), we have to either have an issue that is corrected by a shoretel update or wait a year. Obviously, I can't just let Windows stay unpatched for a year, so I update it.

Our contact center (15+ users) has been moved out to a hosted solution with Nice inContact cxOne and Spice. It is not working out very well in terms of the integration between the two of those solutions. It appears as though we are pioneering new products in both companies and are running into all sorts of uncharted issues, double speak from support and sales and unfinished feature sets. Surprisingly (#sarcasm), I was not involved until after they (my boss, the CFO, and the contact center manager) pulled the trigger. It is now getting to the point that they are considering pulling the plug on the whole thing.

I am out of the office until next Thursday. I may take you up on a quick test of an IP480G in the near future.

I think there are pros and cons to each.

Patching has degraded on both, so there isn't a clear distinction on one being more stable when it comes to patching.
There are definitely better/more modern features in 10, but some of the stuff that I use take more clicks to access than it used to. They are hiding things that average people don't use, but I wish there were a setting or mode that would allow me to pick to bring those now hidden features to the foreground.
Windows 10 is faster on the same hardware, in my experience.
Customizing it is kind of a pain for administrators. Using xml files for customizing the start menu, task bar, etc is not super reliable.
In 1703 (maybe later versions, too), when you have a laptop with its lid closed, the start menu doesn't scale and is super tiny and cut off in certain sections. Pretty much unusable.

@Dashrender said in On-Premises soft PBX:

$3k gets you around 25 phones, so your ROI would be around 3 years. Not to mention any possibility of savings by moving to more common SIP trunk provider (Don't recall who you are using today).

You can build a sample PBX in Vultr for $5/m, get a system running using softphones as samples to show management along with a SIP trunk paying only the per min cost of any test calls, and $1/m for the DID.

We are not using SIP, atm, we are using a PRI. The last invoice I saw (several months ago), was for about $1700. I think we can save quite a bit by moving to SIP. I just have to do the math, like JB says.

@travisdh1 said in Load balancer inside firewall or not...:

@wrx7m said in Load balancer inside firewall or not...:

@travisdh1 said in Load balancer inside firewall or not...:

@wrx7m said in Load balancer inside firewall or not...:

Wasn't pfsense in production, I guess I would say, "frowned upon"?

Yes it is.

If you wanted to run a VM as your firewall, is there something that would be recommended?

VyOS

Oh yeah. I remember that now. Thanks.

Is anyone using the ubiquiti unifi video software?

I think that I will also experience some of this stuff when I finally leave my current job. I don't have enough time in the day to do everything I need to be doing. Documentation has definitely suffered. But, they could have solved this problem by not placing the Jr IT admin position on hold, forcing me to continue on by myself.

@guyinpv said in Finally leaving my job, and it's just as annoying as I thought it would be:

And all I wanted to do was open up a conversation so they could start looking for a replacement. I wasn't expecting a circus.

I feel no obligations here, except to be honorable to my own words. I'd love to walk out tomorrow except that I did actually promise I would help the next person get situated.

When I first hired on, the previous person took emails from me for over 3 months as I sorted everything out.

All I wanted to do was offer training to the next IT person. Instead it became a cluster of training everybody here in the office who isn't IT, and writing user manuals for every website I have a password for. And writing down a layperson procedure book for every task I ever performed. And writing friggin mind maps to show how every service interconnects with every other service.

The only thing I feel obligation to is my own word that I wouldn't leave them high and dry. There are other people here that depend on their jobs for income, I just wanted a replacement in my seat to keep things going. And I certainly do NOT want 20 daily phone calls because I walked out and everybody has to call me to fix every little thing. I just wanted a replacement.

I thought you said that they weren't looking to replace you. If they think that they are going to have random people following walk-throughs to replace you, you have no further obligation.

BTW... This topic has gone way off the rails.

This server is managed by our web development consultants, so I told them what I had tried and that I was now out of ideas on how to connect. Suggested maybe they can revert to the old syntax, sans @domain.com for the user name.

@dafyre said in PowerShell - FTP Upload Script No Longer Working:

@wrx7m said in PowerShell - FTP Upload Script No Longer Working:

This server is managed by our web development consultants, so I told them what I had tried and that I was now out of ideas on how to connect. Suggested maybe they can revert to the old syntax, sans @domain.com for the user name.

It doesn't just affect ProFTPd... It also affects the FileZilla server as well.

Thanks for testing that out for me. I appreciate knowing that I am not crazy.

@dafyre said in The Myth of RDP Insecurity:

Seems like RDPGuard is probably the best bet for that. If you want to prevent exposing port 3389 to the internet, then set up an RD Gateway (It can be run on any of the servers in your RDS setup). You can restrict what servers users have access to, so that johnny whose password is Wants2play! can only access his desktop, or a single server that he should have access to.

I use an RDGateway and RDPGuard

@JaredBusch said in The Myth of RDP Insecurity:

This was mentioned in another thread once, but I feel it needs to be here also.

https://github.com/glasnt/wail2ban

I am going to see if this will work for my PRTG server.

It looks like logstash is using an option that no longer exists in java, "UseParNewGC"
https://bugs.openjdk.java.net/browse/JDK-8151084

Argh.

OK. I found I could run

yum install java-1.8.0-openjdk

to install version 8. After that, I was able to install logstash successfully.

I found this the other day (and almost lost it; had to search my chrome history)
https://sessionbox.io/plans/auto-renewal

It is a Chrome extension that allows you to specify a different proxy for each session. Might be easier to manage this than 4+ separate shortcuts for 25+ users.

@Romo I wonder what the CPU utilization is for the morning transfers.

https://nomad.menu/products/

I saw someone posted a link to Nomad in SW when I Googled binding Macs to AD domain.

Anyone use it or hear anything about it, good or bad?

I am setting up a Squid proxy server on Fedora 29 (via Vultr). The goal is to allow access only from a certain range of IP addresses (our corporate office WAN IP range).

My first question involves the ACLs. In the squid.conf file, it has numerous default ACL entries for "localnet". As this is not going to be used locally, I want to make sure that I don't have to somehow specify/designate another type of source for external/public ranges somewhere else. Also, if I comment out all the internal network lines for private IPs, will it cause any issues?

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8             # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10          # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12          # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16         # RFC 1918 local private network (LAN)
acl localnet src fc00::/7               # RFC 4193 local private network range
acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines