Is your SSL certificate correctly applied?
Try doing it with http and whatever port you have for that. It was 84 in my screenshot.
Same thing. I can’t log in with that person’s username and password, but I can with the System user name and password.
I do see something in the resulting file that might not be right. In my System Admin the HTTP Provisioning port is set to 83. Port 84 is set to the RESTful Phone Apps.
I changed the provisioning port to 84 and tried again. No change. I moved the PBX outside of all my firewalls and left only the FreePBX firewall in place. No difference.
I have the phone locally now. It’s sitting beside me on the desk. I still can’t get the account to register. It obviously isn’t a firewall issue at this point but I just don’t have a clue why the registration fails.
You should not be logging in with any user information.
The login information is provided on the EPM screen.
When I put the username and password in the URL you gave me it doesn’t connect, even when I use my own (known) ones. If I connect using the username and password from Provisioning Protocols in the System Admin page it comes up with a log in screen and ask for them again then provides me the page from my earlier message.
Now that the phone is beside me, I see it says “VPN activated” on the front display. However if I look at the network status it says VPN: 0.0.0.0 The PBX is on a different IP than my office network however there is a NIC card in the machine that is on our network. Since this phone usually connects out in the wild it would make sense for it to connect via the VPN, but something is still blocking that VPN connection.
I logged into the phone itself and changed the password in both the User Manager in the PBX and the authentication password in the phone for account 1 just to be sure they both matched. It still fails registration and fails to connect the VPN.
I have no idea what your system is doing. I just turned up a new system today and it works exactly as described earlier.
Thanks for the efforts. These plug-n-play phones have been anything but plug-n-play for me. I guess I’ll have to pay support again to get that phone up again.
VPN is a slightly important bit of information that was left out. That said, locally, not being able to brose the file with the provisioning username and password via https is still a problem.
No this does not make sense. Especially as you had no idea about it. VPN can be useful, mostly to get around crappy home routers and random IP addreses, but it is certainly not required.
You can’t use a usermann username and password to get a phone config. Apache is setup to allow the username and password you have setup in Sysadmin provisioning protocol only. Not sure where you are getting info to use userman username and password. That would never work.
As far as the latest info you gave about using VPN if the phone can’t connect to the VPN and get a IP how can it register. Sounds like your PBX VPN setup is broke or something not right on it. This is not a zero touch or phone issue but something with your firewall or VPN setup on your PBX.
Tony,
I started out by saying I was having some sort of firewall or fail2ban issue that was preventing the phone from registering. Since the phone has been in use for over a year, it’s already provisioned.
The question from the start was “where else might it be getting blocked?” I had been told that if it was a firewall or Fail2ban block that it would automatically expire after 24 hours. So I waited as that was only a few hours away at that point. But it didn’t come back online so the question was still, “what could be blocking the phone from registering”. That lead to the Sangoma portal, which I pointed out wasn’t the issue since the phone was already provisioned.
So I’m still where I was two days ago. The phone never registers. It doesn’t appear to be getting an IP from the VPN server. The last connection showing in the System Admin/VPN Server for the phone was 2018-1-1. The other S500 phones I have connected at similar dates such as 2018-01-04 or even as old as 2017-02-20 and they are still connected. I still don’t know what’s blocking the phone so that it can’t establish the VPN and then register.
I didn’t change any configurations on the server to cause it to stop. What can I do to further troubleshoot the problem? I’ve tried everything I know. I need someone who knows more than I do to give some advice.
"If the incoming connection attempts are invalid, traffic from that machine will be dropped for a short period of time. If attempts to authenticate continue without success, the attacking host will be blocked for 24 hours.
If fail2ban is enabled and configured on this machine, fail2ban will send you email alerts when this happens."
I didn’t get any emails saying that this has happened, and it’s been over 24 hours unless the phone’s attempts since that time have extended the lockout, if the lockout is even happening.
What’s your suggestion for me to try next? I agree, it’s not getting a VPN connection so it can’t register. But I don’t know why it suddenly can’t connect to the VPN. What’s the best way to proceed? I could default the phone, but that’s not going to fix the issue if the VPN can’t be established right?
I would say contact support. It could be a million things but for sure it’s not able to connect to your VPN server hence the 0.0.0.0 IP
Thank. I put a ticket in this morning. I’ll see what they come up with when they reply.
For anyone reading this thread in the future with a similar problem, we found that for some unknown reason the Certificate verify was failing. The OpenVPN certificates were not expired and the system time was set properly, but the phone was reporting an expired certificate.
VERIFY ERROR: depth=0, error=CRL has expired: CN=client30
OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Being unable to determine why it was failing we disabled the VPN server and then re-enabled it again in System Admin. That forced it to generate new config files and it now works.
Credit Lorne Gaetz for all his hard work.
4 Likes
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.