I am determined to get the Sangoma S500’s working securely without having to setup a VPN each time I want to use a phone outside of the office. Jive and almost every other VoIP service provider can do this, I want to be able to as well.
A bit of background info
Let’s encrypt is setup and is working
I’ve configured Zero Touch provisioning via the Sangoma portal - this is working
We are using CHAN SIP.
Following ports are opened (from ANY) in our firewall (and point to the PBX)
TCP 80 - Let’s Encrypt
TCP 5061 - SIP TLS
UDP 10000-20000 - Media Ports
TCP 1443 - HTTPS Provisioning (I’ll close this soon as I understand it’s not safe to leave open)
TCP 3443 - PhoneApps over HTTPS
Following ports are opened from the SIP providers IP address only in our firewall
TCP/UDP 5060 - SIP
The FreePBX firewall has been configured
- I have allowed HTTPS provisioning for the time being
- Endpoint manager settings for the template
- I’ve also changed the extension NAT settings to “Yes” (not shows in screenshot)
Extension mapping is showing 5060 unreachable however it should be communicating via 5061 over TLS. The extension configuration has been rebuilt, system has been rebooted and the phone was reset to factory settings even.
It simply keeps listing as unreachable.
Does anyone have this working? I am opened to suggestion in getting this working once and for all.