So here is the run down. I have several drivers that need access to the UCP for my business (roadside assistance). They use the UCP to change the FindMe/FollowMe settings. In general I praise and thank the brain child who developed this wonderful tool called “Responsive Firewall” but I have one small issue. It is always locked down and I need a simple way to allow folks to use the UCP for my virtual extensions that manage %90 of my incoming call flow.
Customer Calls Number > FreePBX answers call > Plays messages > Uses FM/FM setting to move the call to the driver on duty at that time. These drivers don’t have any ability above and beyond visit website > login > change phone number. We have no office folks who can change the number it points to and I don’t want to have them VPN in like I do just to access the UCP. If anyone has any thoughts on this let me know!! Keep in mind this is my first VoIP server and I am new so don’t think me retarded for wanting to do this, if there is a better way I am ALL EARS.
If they register a phone through responsive firewall, the IP address they register their phone through is automatically allowed access to UCP.
Are you sure? You can put a VPN client on their smartphone, and that will ‘just work’, too.
So I have been unable to register a soft phone thru responsive I have all my statics white listed thru the firewall and I use my VPN from my Untangle box as my VPN solution because the VPN server on the FreePBX box is in reachable from outside.
Keep in mind my FreePBX box is assigned a static ip directly from the provider gateway. So no firewall inbetween other than the responsive!
We all have iPhones, maybe this is an iPhone mess up but a PPTP to the FreePBX fails every time
While I have been able rest easy knowing my system is safe and my email box no longer fills up with hundreds of emails from fail2ban I have not been able to get any traffic that is not white listed thru the firewall!
My current VPN is not FreePBX’s VPN it is located on my Untangle firewall which that box is white listed. So I do not want to hand out the keys to my computer kingdom by giving out VPN credentials to everyone. Also the only way I can get my soft phone on my iOS device to connect is to establish a link via VPN first.
So if anyone has any thoughts I am all ears!! My PBX is public facing and acquires its IP directly from my provider’s gateway. With all its firewalls disabled!!
I have gone thru all the setup of FreePBX and its firewall and VPN services. They are unreachable from the outside world and I have found no way of correcting that.
That sounds like you’re using NAT. If you’re using NAT, you need to forward ports, or, you need to put the FreePBX Box in a DMZ.
No I am not using NAT the FreePBX is pulling an IP directly from the gateway.
If your IP address starts with 192.168, or 10, or 172, you’re using NAT. Are you sure that’s not what the IP address of your machine is?
Yes I am sure! 96.xx1.xxx.xx1 /248
OK, so let’s start again. You have a public IP address, and you can’t connect to UCP. What zones do you have UCP accessible from, and what zone is default traffic assigned to?
Internal, External and Other
OpenVPN is the same!
Sounds like something is firewalling you, no matter what you think.
I was able to get a glimpse into something last week when I was visiting my sister’s house and I auth’d into her WiFi and bam my softphone registered. Tonight I changed the NAT setting to “YES” in the Extension > Advanced menu and now I can connect no problem from my softphone back to my PBX with bi-directional audio. So something was messing with my softphone most likely from the carrier’s side of things. Since that was my only test method I have a lot more testing more to do.
As far as the VPN link is concerned now that is whole new tiger to deal with but basically I found I have been “attempting” to use VPN using the access credentials of the user (password based). Not a config file, if I can figure out how to use the config file on iOS (iPhone) then I may be able to make that work as well.
I am a noobie to anyone who knows anything about PBX’s, Firewalls and such. I am learning in leaps and bounds about technology I have never used before. I bought my “System 60” unit as a way to learn and force myself to acquire the knowledge to manage and maintain one. The process has been enlightening and I appreciate any patience the community can offer me in this endeavor.