FreePBX, VPN & Sangoma

nabberuk · January 31, 2018, 7:02pm

Hi,

I have a FreePBX server hosted in a secure data centre, i already have a fair few extensions that VPN in and are working great.

I’ve now just purchased some Sangoma S300 & S500 handsets and i would like to use Endpoint Manager but i can’t get the VPN working. I’ve ensured there’s a user setup in the user manager, it’s mapped in the endpoint manager which they all are.

I’m using HTTP to get the config, i believe that part is working fine as it configures with the extension. VPN says it’s activated but looking on the VPN connections on the phone server it’s not connected.

I’m guessing it should be able too pull down the VPN config info prior?

EDIT: Looking through the phone log i get this: There isn’t /etc/openvpn transition_rom_file, 6594!

nabberuk · January 31, 2018, 7:29pm

Looking through the log file, i’ve just spotted this;

file:http://:***@128.8.0.1:83/005058505a2b-vpn.tar

Now clearly this isn’t going to work as it hasn’t connected via the VPN yet so can’t talk to the internal ip. Does anyone know where i can set this on FreePBX?

cdsJerryw · January 31, 2018, 9:02pm

The only way I was able to get my remote phones to work was to enter the local IP address into the IP/FQDN address on the online Sangoma portal and then connect the phone onto my local LAN. Only after they had connected that way was I able to take them outside my network and have them work.

I admit I don’t remember the steps we took that finally worked. It took us a few days with tech support before it worked. They had something wrong in the config file which they missed too that had us scratching our head for days. I do remember we followed the WIKI to the letter and it hadn’t worked the first several times. I just can’t remember what finally did make it work.

nabberuk · February 1, 2018, 8:40am

hmmmmmm, so i’m guessing it doesn’t provision the VPN settings through HTTP or HTTPS. Our phone server is already in the data centre so i can’t really get them up and running internally first.

Right now i thinking i have two options.

Point 2 Point VPN link that i can temporarily plug each phone into to be able to talk internally to the phone system
Manually configure the VPN for each phone which would be a real pain as we have to modify the config that is produced via UCP

EDIT: I can’t seem to manually give the phone the VPN config, i’ve tar’d the files but i’m a little unsure on the structure.

nabberuk · February 1, 2018, 10:26am

I’ve since read elsewhere that it is possible for endpoint to give out VPN details that it can then connect with to obtain the rest of the details.

Could someone confirm if this is correct?

EDIT: Looking on the phone config i can see that it has grabbed the URLs for the auto provision. The VPN is as below;
http://3kjhjhgjhgjhghjg:[email protected]:83/005058505a2b-vpn.tar

I’ve changed 128.0.0.1 to the external FQDN and it now downloads the config file and connects. All other auto provision options have 128.0.0.1 too, which option do i use to change this setting to the external FQDN?

nabberuk · February 1, 2018, 11:52am

I’ve now got this working, i had originally configured the provisioning url to be external. I’ve changed this to custom and entered the url in this format;

http://user:pass@domain:83

system · February 1, 2019, 11:52am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.