Correct Settings For Hosted FreePBX 13

JaredBusch

@bigbear said in Correct Settings For Hosted FreePBX 13:

@JaredBusch your tftp is marked internal zone. Unless you have an onprem pbx it's not accessible from your local network.

You do know I'm only talking about hosted right?

I understand what they are doing here.

You do not understand.

Internal has nothing to do with where it is.

It is a label. Nothing more.

Any network you apply the Internal label to will have access to any service also marked Internal.

Those screen shots are from a system hosted on Vultr and those redacted sites are 3 different locations across Illinois and Missouri.

bigbear

@JaredBusch I'm trying to figure out then how my remote phone gets marked "internal", is that where it tagged when it authenticates through the adaptive firewall?

Still, telling me to f*** off and go to my pbx team is a little harsh.

I'll find some reading on the firewall and stop asking questions? Can't imagine why people get so defensive... i feel like openbts and vsat is infinitely more complicated than this. There's just no documentation, freeswitch has infinitely better docs available.

JaredBusch

@bigbear said in Correct Settings For Hosted FreePBX 13:

Still, telling me to f*** off and go to my pbx team is a little harsh.

Trust me, I did not tell you to f*** off. I have no qualms telling someone on here to f*** off. Just ask the mods.

I told you to think about your proposition. Meaning to think about the cost/benefit to the business for trying to do something out of band.

JaredBusch

@bigbear said in Correct Settings For Hosted FreePBX 13:

@JaredBusch I'm trying to figure out then how my remote phone gets marked "internal", is that where it tagged when it authenticates through the adaptive firewall?

I already told you how it gets marked internal. I even made a screenshot.

That is what I have been trying to tell you. There is nothing else here. you are making it too complicated.

JaredBusch

@bigbear said in Correct Settings For Hosted FreePBX 13:

There's just no documentation, freeswitch has infinitely better docs available.

I never looked for any docs, so I am not sure what exists. The on screen instructions were plenty clear enough to enable me to understand this.

JaredBusch

@bigbear said in Correct Settings For Hosted FreePBX 13:

@JaredBusch I'm trying to figure out then how my remote phone gets marked "internal", is that where it tagged when it authenticates through the adaptive firewall?

If your phone is on a remote network that is marked internal, then it never processes with the adaptive firewall it is already in a special category.

If you have a phone on a random network, not one defined explicitly in the network list described previously, contact your PBX and attempt to authenticate with SIP, the adaptive firewall will let it try. Assuming it registers, it is then marked by the adaptive firewall as a valid IP and services such as HTTPS provisioning will work. This is a bit of a chicken and egg scenario though. If the phone is not sent out provisioned, it has no way to register to then gain access to the provisioning server for future updates.

Is that what you are trying to figure out?

bigbear

Honestly, after reading the freepbx wiki, your instructions make perfect sense, and I envy the clean setup you are running.

All remote client networks are set to "Internal" (mapping their wan ip to a dynamic FQDN)

Roaming phones coming through the responsive firewall apparently have access to "Internal" or "Other", whether or not that get applied a label I am not sure

The https provisioning is something I would much prefer over TFTP, and I see where my mix-up reading this from my mobile phone was...

I am assuming eth0 is marked as a External network?

JaredBusch

@bigbear said in Correct Settings For Hosted FreePBX 13:

I am assuming eth0 is marked as a External network?

Yes.

JaredBusch

@bigbear said in Correct Settings For Hosted FreePBX 13:

Roaming phones coming through the responsive firewall apparently have access to "Internal" or "Other", whether or not that get applied a label I am not sure

They are internal from what I understand.

JaredBusch

@bigbear said in Correct Settings For Hosted FreePBX 13:

Honestly, after reading the freepbx wiki, your instructions make perfect sense, and I envy the clean setup you are running.

I can be more complicated. but that does not help a new person learning or guides designed for that.

Once, not if btw, you get a clean working system and want to begin to complicate it to match your needed design, feel free to ask for those kind of details if needed. But in a general post like this that would not have helped.

bigbear

So, last night I had everything up in about 20 mins after starting from scratch. I also learned not to skim and respond from my mobile browser.

I am very interested in learning how to provision via https without the endpoint manager if you are willing to share your setup!

Thanks for your help...

JaredBusch

@bigbear said in Correct Settings For Hosted FreePBX 13:

So, last night I had everything up in about 20 mins after starting from scratch. I also learned not to skim and respond from my mobile browser.

I am very interested in learning how to provision via https without the endpoint manager if you are willing to share your setup!

Thanks for your help...

Well eventually it will be posted here in detail. but i have not had time.

To provision, you simply need to make config files appropriately.

I use Yealink phones almost exclusively.

When a new phone is ordered i just leave it until a user needs it.

I have them plug it i and give me the IP address (can push the OK button to see).

I jump in it and assign the https provisioning URL and reboot the phone.

JaredBusch

@bigbear i am on site today so not sure if I will have time to post a valid config example. But I can once I have a little time.

bigbear

@JaredBusch said in Correct Settings For Hosted FreePBX 13:

@bigbear i am on site today so not sure if I will have time to post a valid config example. But I can once I have a little time.

Thanks. I was going to install the yealink provisioning configuration tool to generate some files later today. I had also been thinking about getting access to yealink's RPS, but not sure if it only works on new yealink phones you drop ship from vendors (versus existing yealinks in the feild)

If the latter it would be cool to have someone hold OK button down to reset to factory defaults, pickup provisioner URL from Yealink RPS and auto configure everything.

JaredBusch

@bigbear The new firmware versions have a function in the phone settings that you can export a cfg file. that can get you started.

bigbear

@JaredBusch ah sweet. Thanks!

Hate to be a pest, just had a couple more questions...

Was curious and wanted to ask about the extra zone entries in your screen shots above. the dns hosts for outbound1 and 2.letsencryptcom and mirror1.freepbx.org. Im guessing the freepbx.com ones are for software updates? Not sure if letsencrypt is for your SSL cert or a DNS mapping for trunk providers?

And I use IP auth for inbound calling, any need to define my IP for trunking?

JaredBusch

@bigbear said in Correct Settings For Hosted FreePBX 13:

@JaredBusch ah sweet. Thanks!

Hate to be a pest, just had a couple more questions...

Was curious and wanted to ask about the extra zone entries in your screen shots above. the dns hosts for outbound1 and 2.letsencryptcom and mirror1.freepbx.org. Im guessing the freepbx.com ones are for software updates? Not sure if letsencrypt is for your SSL cert or a DNS mapping for trunk providers?

Those entries were auto added when I used the built in SSL module to get a LE cert.

JaredBusch

@bigbear said in Correct Settings For Hosted FreePBX 13:

And I use IP auth for inbound calling, any need to define my IP for trunking?

I have not done IP auth with a PJSIP trunk only SIP, nor since the new firewall stuff was added. so just setup a SIP trunk like normal and if it fails, add the provider's IP in the firewall.

JaredBusch

And I just got asked to setup a new phone for a new hire.. config incoming for you shortly...

JaredBusch

MAC.cfg (ie: 001565b8bac4.cfg)

#!version:1.0.0.1
## the file header "#!version:1.0.0.1" can not be edited or deleted. ##

network.dhcp_host_name = 5117

account.1.display_name = Main Conference Room
account.1.auth_name = 5117
account.1.user_name = 5117
account.1.label = 5117
account.1.password = 123456
account.1.enable = 1
account.1.outbound_host = 
account.1.outbound_port = 
account.1.outbound_proxy_enable = 0
account.1.shared_line = 0
account.1.sip_server.1.address = pbx.domain.com
account.1.sip_server.1.port = 5060
account.1.sip_server.2.address = 
account.1.sip_server.2.port = 

######################################################################
# The 6 buttons on the left and right of the screen are linekey 1-15 #
######################################################################
## Label is what the user sees
#linekey.1.label = 
# Line is the line/ext that is used. This is generally always 1 for a basic setup
#linekey.1.line = 1
## Pickup Value works with BLF type keys. If a user pushes this button while it is ringing, 
## it sends this before the value. Set it to ** for Asterisk to pickup the ringing call.
#linekey.1.pickup_value = 
## Type is 16 for BLF, 15 for a line/ext presence. See documentation for other values.
#linekey.1.type = 
## Value if the value for the type. For BLF this would be the extension being monitored.
#linekey.1.value = 

## Linekey/DSSKey # 1
linekey.1.label = 
linekey.1.line = 1
linekey.1.pickup_value = **
linekey.1.type = 0
linekey.1.value = 
linekey.1.xml_phonebook = %NULL%

## Linekey/DSSKey # 2
linekey.2.label = 
linekey.2.line = 1
linekey.2.pickup_value = **
linekey.2.type = 0
linekey.2.value = 
linekey.2.xml_phonebook = %NULL%

## Linekey/DSSKey # 3
linekey.3.label = 
linekey.3.line = 1
linekey.3.pickup_value = **
linekey.3.type = 0
linekey.3.value = 
linekey.3.xml_phonebook = %NULL%

## Linekey/DSSKey # 4
linekey.4.label = 
linekey.4.line = 1
linekey.4.pickup_value = **
linekey.4.type = 0
linekey.4.value = 
linekey.4.xml_phonebook = %NULL%

## Linekey/DSSKey # 11
linekey.11.label = %NULL%
linekey.11.line = %NULL%
linekey.11.pickup_value = %NULL%
linekey.11.type = 0
linekey.11.value = %NULL%
linekey.11.xml_phonebook = %NULL%

## Linekey/DSSKey # 12
linekey.12.label = %NULL%
linekey.12.line = %NULL%
linekey.12.pickup_value = %NULL%
linekey.12.type = 0
linekey.12.value = %NULL%
linekey.12.xml_phonebook = %NULL%

## Linekey/DSSKey # 13
linekey.13.label = %NULL%
linekey.13.line = %NULL%
linekey.13.pickup_value = %NULL%
linekey.13.type = 0
linekey.13.value = %NULL%
linekey.13.xml_phonebook = %NULL%

programablekey.2.type = 22
programablekey.2.line = %NULL%
programablekey.2.value = %NULL%
programablekey.2.label = Shared #
programablekey.2.extension = %NULL%
programablekey.2.xml_phonebook = 0
programablekey.2.pickup_value = %NULL%

local_time.manual_time_enable = 0
local_time.ntp_server1 = 10.202.1.11
local_time.ntp_server2 = 0.us.pool.ntp.org
local_time.time_zone = -6
local_time.time_zone_name = United States-Central Time

remote_phonebook.data.1.name = St Louis
remote_phonebook.data.1.url = http://10.202.0.22/Phonebooks/stl.xml
remote_phonebook.data.2.name = Quincy
remote_phonebook.data.2.url = http://10.202.0.22/Phonebooks/quincy.xml
remote_phonebook.data.3.name = Cape
remote_phonebook.data.3.url = http://10.202.0.22/Phonebooks/cape.xml
remote_phonebook.data.4.name = Jeff City
remote_phonebook.data.4.url = http://10.202.0.22/Phonebooks/jeffcity.xml

voice.echo_cancellation = 1

voice_mail.number.1 = *97