Determined to get TLS working with S500


#1

I am determined to get the Sangoma S500’s working securely without having to setup a VPN each time I want to use a phone outside of the office. Jive and almost every other VoIP service provider can do this, I want to be able to as well.

A bit of background info

  • Let’s encrypt is setup and is working

  • I’ve configured Zero Touch provisioning via the Sangoma portal - this is working

  • We are using CHAN SIP.


  • Following ports are opened (from ANY) in our firewall (and point to the PBX)
    TCP 80 - Let’s Encrypt
    TCP 5061 - SIP TLS
    UDP 10000-20000 - Media Ports
    TCP 1443 - HTTPS Provisioning (I’ll close this soon as I understand it’s not safe to leave open)
    TCP 3443 - PhoneApps over HTTPS

  • Following ports are opened from the SIP providers IP address only in our firewall
    TCP/UDP 5060 - SIP

The FreePBX firewall has been configured

Extension Settings

Extension mapping is showing 5060 unreachable however it should be communicating via 5061 over TLS. The extension configuration has been rebuilt, system has been rebooted and the phone was reset to factory settings even.

It simply keeps listing as unreachable.

Does anyone have this working? I am opened to suggestion in getting this working once and for all.

Thanks!


(Lorne Gaetz) #2

Have you seen this page:
https://wiki.freepbx.org/pages/viewpage.action?pageId=64946938


#3

yes, that’s the page that I followed.

The only thing that I did differently was set it to TLSv1 instead of SSLv2 as I am told it’s more secure. I will switch it to SSLv2 now and retry.


(system) closed #4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.