I just migrate from on premise deb 12 freepbx 17 to cloud (Digital ocean) platform to increase my uptime and run into many troubles getting the deployment to work properly as it should be. On 90% of my fresh install the ovpn status =inactive (dead). 1 got 1 miracle build that is active and running which i can’t replicate. Even try to buy fresh new commercial license too and it doesn’t help.
One big problem i can’t seem to figure it right now is why can’t i open my web admin when I’m on roaming connection over vpn. This means I’m on a connection without having my public ip added to the trusted list. My phone can connect over vpn (after it’s provision over a trusted network and moved to a public connection. I can ping other clients while connected to the vpn. I just can’t get to the web admin via 10.8.0.1.
The only way for me to access this is to open the service port to the internet. But this exposed my server to everything that it doesn’t need to.
To me it feels like the registered vpn ip was not link to the web server allowed address under “other” zone
My second problem is any phone can only be provisioned when its public ip is added to trusted. Won’t the register vpn ip ( the same) be added to the “other zone” for trusted connection?
Anyone have any ideas please point me to the right direction. Thanks
HI, You have to add your vpn subnet in your freepbx firewall zone as trusted, make sure its allow whitelisted in intrusion detection, provisioning is also protected by firewall of pbx force vpn assigned ip to trusted zones so your phones should also provisions too
Hi Rohan. Thanks for the suggestion. I did all that you have suggested and no luck with any of these cloud builds. My local premise freepbx 17 worked as prescribed. Everything is accessible via vpn once you authenticated in. The into thing that i can’t get it to work is reprovision of any phone must have public client ip added to trusted list but that is a small problem.
At the moment with this cloud server I’m stuck on managing only from a trusted public ip. The problem is what happened if i have to travel? I can’t access web admin to add my public ip to manage even if I’m connected over vpn. So I’m out of commission in an emergency
With the on premise system i can vpn in from any floating connection and open 10.8.0.1 and do my thing. No exposing my web admin to anyone else.
Hi Did you try adding your vpn subnet in iptables of freepbx through cli again web admin ports ? Also you can use on pbx firewall allow gui from vpn are you using responsive firewall?
I’m not fully understand your idea in those questions.
But responsive firewall is on. Vpn sub net is in the trusted list. When I’m connected with my public ip address in the trusted network through vpn i can get to 10.8.0.1 and without vpn i can get to my web admin with my server domain without any issues. The problem is when I’m connecting over different network over vpn and can’t get to my 10.8.0.1 web admin. I used to be able to do this with my on premise server without any issues.