I have a freepbx 14 setup, which is working relatively well. I have devices connected to it, no problem. Even a remote connection or two. They all use port 5060.
I have 1 location where I can’t use port 5060. it’s a retail location within a city facility, and their firewall is pretty restrictive. I’ve asked if it’s possible to get it opened, but I’m not holding my breath. I’m hoping to use an android device with zoiper at this facility, but if buying a sangoma phone is the only answer, I would cough up the money for that in a second.
First of all, Is there a way to test if this is actually the case? I’ve googled this and can’t seem to make it work.
The location has a dedicated IP address… Is it possible to open another port for this IP address only ?
Or is it possible to use an alternate port in this case for the one and only extension that we know works… Like port 80 (as an extreme example)… But if I found an obscure port that is open, could I map this to worK?
If the firewall is ‘anything that is not specifically permitted is blocked’, then finding an open SIP port won’t help, because the RTP will be blocked.
You can test this with a SIP provider that uses alternate ports. Sign up for a Callcentric account. You don’t need to fund it; you’ll only be calling their test number, 17771234567. Configure your device per their FAQ. Confirm that it works at your location and it’s using port 5080. Then, test at the problematic location.
If successful, you should be able to configure a chan_sip extension (uses port 5160 as default but you can change if needed).
If the test fails, sign up with a commercial VPN service that supports OpenVPN on a variety of ports. See if you can get any of them to work at the problematic location. If you succeed, either use the commercial service or set up a VPN server on your FreePBX (or another machine on your LAN), choose a phone with built-in VPN client and you should be good to go.
If that also fails, you might find UDP ports 123 (NTP) or 53 (DNS) usable for VPN.
If even that doesn’t work, you could try a TCP-based VPN on port 443 (HTTPS), but that’s likely to have voice quality issues.
Otherwise: VoIP over mobile data? Get a separate internet connection installed?
The version of Asterisk and FreePBX are sufficiently modern to set PJ-SIP as the primary SIP channel driver. If you don’t install with PJ-SIP, ChanSIP will be at port 5060.
You haven’t modified the port assignments in the SIP Settings on the system.
For 80% of users, this differentiation isn’t critical to your operations, but it isn’t universally true.