D80 EPM DPMA PhoneApps and Video Tape

Did all the HTTPS / Certs / Ports and enabling in Extensions / User Manager / sangoma_default template (see below), yet no phone apps on the otherwise lovely D80. I managed to get contacts in a local enviro, so it must have to do with ports and firewalling. Can’t packet sniff around the phone or decipher it’s logs (and do not want to bother people that can;)

So, to the other D80-lovers here besides me (i.e. Charles_Darwin and defcomllc), how did you do it?

I have a feeling System Admin / Port Management might be at play, I got 80>443, 81>4443, 84>1443, 83>2443, 82>5443.

Cheers,
K


(just for kicks, here’s what I did on a fresh install)

  • ISO-installer sees two disks and automatically configures them as RAID array, neat!
  • give the box a local address at first to enter admin data via GUI
  • yum update
  • fwconsole ma upgradeall
  • fwconsole chown
  • activate with sangoma for EPM
  • Admin / Certificate Manager / Cert / Let’s Encrypt
  • Admin / System Admin / HTTPS Setup: Use your cert
  • Admin / System Admin / Ports: set to all the recommended ports + Restful Phoneapps to something else (5443)
  • fwconsole ma updateinstall sanogomartapi
  • End Point Manager / General Settings / Use DPMA
  • End Point Manager / Template / [sangoma_default] / General / PhoneApps + Provisioning Protocol: HTTPS
  • End Point Manager / Template / [sangoma_default] / Options: Use DPMA-Apps
  • Connectivity / Firewall / Services / Extra Services: HTTPS Provisioning + Rest Apps HTTPS to “Internet”
  • Settings / Asterisk SIP Settings / PJSIP Settings [chan_pjsip]: In TLS/SSL/SRTP Settings choose your cert and set Transports TLS to “Yes”
  • Applications / Extensions / Advanced: Set Transport to “0.0.0.0-tls” and Media Encryption to “SRTP via in-SDP (Recommended)”
  • Admin / User Management / [user] / Phone Apps: Allow Access to “Yes”
  • Admin / User Management / [user] / Phone Apps / Conferences: Enable Conference Access to “Yes”
  • Admin / User Management / [user] / Phone Apps / Other: Enable Contact Access to “Yes”
  • fwconsole restart restapps
  • On D80, Configuration Server: use hostname, TLS and Port 5061

Does your FQDN on your cert resolve to your freepbx deployment?? Do you have https and tls ports open and pointing to your freepbx deployment? Is your D80 updated to the latest firmware??

My d80 is working great in my office with phoneapps…use it as my main desk phone daily

All of that yes! I suspect firewall trouble. It sounds like you run your D80 in a local network?

Which ports do you use?

Trivially easy to determine. Temporarily stop the firewall service and see what happens. Or even better, whitelist the source IP of the phone in firewall as trusted and it will pretty much behave as if the firewall is not there.

I have a seperate VOIP VLAN that my phones and FreePBX deployment are on and yes everything is local. I run my Untangle NG Firewall with my VOIP VLAN bypassed. I have my TLS and HTTPS Provisioning ports open and forwarded to my FreePBX deployment…

I must admit that I don’t use phone apps or EPM. I prefer the Digium phone config (freePBX 15) method with some adjustments.
The D-series is gone anyway (unfortunately) and the touchscreen-P-phone is not available yet. Currently, I don’t have the time to learn what the new certificate-EPM-new-P-series-phones strategy of Sangoma is. Maybe after the webinar I will understand, why Sangoma trashed the superior D-series. :wink:

defcomllc, can you share with me line 53 of your /etc/asterisk/dpma/phone-config/[extension]/[mac].xml ? The line, that starts with <contacts url="?

was / is there a webinar? Could you point me there?

man, I’m in the exact same boat… really getting frustrated… Might see if I can find a fpbx15 install and go back to that. Really feels like the D80 is the red headed step child here.

There IS light at the end of the tunnel! I got almost everything working (apart from parking and recording).

And to shed some light rather than keeping this a mystery, here’s exactly what I did after several attempts:

  • get ISO-installer

  • install latest, bleeding edge version (asterisk 19 as of now)

  • installer sees two disks and automatically configures them as RAID 1 array, neat!

  • give the box a local address at first to enter admin data via GUI

  • change root pw!!! , useradd [user], tweak and reload sshd.conf (port 2200, PermitRootLogin no, just saying)

  • yum update

  • fwconsole ma upgradeall

  • fwconsole chown

  • System / System Admin / Activation: activate for EPM to work

  • Admin / Certificate Manager / Cert / Let’s Encrypt

  • Admin / System Admin / HTTPS Setup: Use your cert and restart apache

  • Admin / System Admin / Ports: set to all the recommended ports + Restful Phoneapps to something else (5443)

  • fwconsole chown

  • fwconsole ma updateinstall sanogomartapi

  • End Point Manager / Global Settings / External Address: FQDN (not IP!)

  • End Point Manager / Global Settings / Use DPMA

  • End Point Manager / Template / [digium_default] / General / PhoneApps + Provisioning Protocol: HTTPS

  • End Point Manager / Template / [digium_default] / General / Distination Address + Provisioning Server Address: External

  • End Point Manager / Template / [digium_default] / Options: Use DPMA-Apps

  • End Point Manager / Template / [digium_default] / Options: Voicemail Key Type to “Voicemail Application”

  • End Point Manager / Template / [digium_default] / Models / D80: populate line keys with something (for some unfathomable reason, only then contacts appear on the phone)

  • Connectivity / Firewall / Services / Extra Services: HTTPS Provisioning + Rest Apps HTTPS to “Internet”

  • Settings / Asterisk SIP Settings / PJSIP Settings [chan_pjsip]: In TLS/SSL/SRTP Settings choose your cert, set Transports TLS to “Yes”

  • Applications / Extensions [extension] / Advanced : Set Transport to “0.0.0.0-tls” and Media Encryption to “SRTP via in-SDP (Recommended)”

  • Application / Conferences: Add conference

  • Admin / User Management / [user] / Phone Apps: Allow Access to “Yes”

  • Admin / User Management / [user] / Phone Apps / Each Tab: Allow Access to “Yes”

  • Admin / User Management / [user] / Phone Apps / Conferences: choose one from Applications / Conferences

  • fwconsole restart restapps

  • On D80, Configuration Server: Hostname (not IP), TLS, Port 5061

1 Like