FreePBX 17 After running the installation script, no connection via ssh and web gui

Luca1 · October 19, 2024, 12:09pm

Hello,
After running the installation script there is no connection via ssh and web GUI only via Hetzer web console.
After I stopped freepbx with the command: systemctl stop freepbx.service , everything works again.
I’ve tried deactivating the firewall or listing my IP.
Unbenannt1

My IP is not on fail2ban’s ban list either.
service freepbx staus Doesn’t show anything unusual either.

Stewart1 · October 19, 2024, 12:57pm

I assume that you mean Hetzner. If not, provide details.

Assuming that you are accessing the cloud server over the public internet, you need to use
fwconsole firewall trust 1.2.3.4
Replace 1.2.3.4 with your public IP, e.g., what whatismyip.com shows as My Public IPv4.
Otherwise, please explain.

Luca1 · October 19, 2024, 1:09pm

Was a tip mistake, of course I mean provider Hetzner, I access the machine via a VPN that runs over my pfsense and the local ip of the pfsense is 10.100.0.2

Stewart1 · October 19, 2024, 1:42pm

From your workstation, can you ping 10.100.0.1 (which I assume is the tunnel address of the PBX)?

Have you tried
fwconsole firewall disable
?

Does
netstat -l4
show port 22 listening on all interfaces?

Luca1 · October 19, 2024, 2:19pm

I can ping from my workstation 10.100.0.1
Unbenannt2

10.100.0.1 Hetzner Gateway
10.100.0.2 pfSense
10.100.0.3 FreePBX

The machine can also access the Internet via pfSense
Unbenannt15

If I stop the freepbx service, I can access it again via ssh and if I start it again, the connection is lost, so something from the freepbx application is blocking it
Unfortunately I can’t find the error myself.

Unbenannt14

SamShomi · October 19, 2024, 2:54pm

Deactivate the firewall from the UI without disabling it.

I’ve never been a fan of that firewall. It’s too opinionated for my liking and not very intuitive, so I never use it.

The sysadmin dependency is…not convenient. Therer was no dependency originally but someone somewhere along the line thought that was a good idea.

Luca1 · October 19, 2024, 3:01pm

Unfortunately I can’t access the web UI

Stewart1 · October 19, 2024, 3:06pm

Sorry, I misunderstood your setup. Is the PBX running a VPN client and getting the 10.100.0.3 address from a server that Hetzner runs elsewhere?
Can you ping 10.100.0.3?

Luca1 · October 19, 2024, 3:33pm

Wiregurd runs on the pfsense and gives me access to a private network local to the data center where the freepbx server is running, so freepbx only has access to the Internet via the pfsense.

The ping packets only arrive when the freepbx service has ended.
Unbeneannt

system · November 19, 2024, 3:34pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.