Sangoma Connect - Mobile Client

Trying to make this work on Android 10.
I got the client installed and provisioned but it’s failing to register.
TCP PJSIP port forwarded on my firewall but I don’t see any registration packets on my firewall trying to get to the server.

Are registration packets proxied through Sangoma servers or should I expect them to be sent from the client on my cell to my external FreePBX server address directly?

Both. The list of cloud resources is here if you need them:
https://wiki.freepbx.org/display/CONNECT/Technical+Details+and+Limitations#TechnicalDetailsandLimitations-FirewallSettings

And all SIP registrations, both from Sangoma and my mobile client will be sent to the external IP address configured in SIP settings as well as to the pjsip bind port for the PJSIP TCP transport?
(I have bind 0.0.0.0:5160 for TCP and 0.0.0.0:5060 for UDP).

correct

If an endpoint is set to transport auto in FreePBX, can it receive simultaneous registrations using both tcp and udp?
So e.g. same extension, but the Sangoma connect client is using tcp port 5160 and a local phone is using udp 5060.
Possible?

Yes, that’s how it works.

1 Like

Shall I submit issues here?

On install and initial setup the user should be prompted to grant the app access to camera, cause currently the called party is prompted at the first video call causing the call to terminate.
(Android).

The video window is very small. Is there a way to increase size or make it full screen?

https://wiki.freepbx.org/display/CONNECT/Sangoma+Connect+Feedback

A post was split to a new topic: Sangoma Connect - can’t register

Hello,

I have Sangoma Connect working but if i lock the iPhone calls wont come in. There is anything else i need to do to keep the extension registered all times?

Thanks!

Hi All,
I have configure my firewall to allow inbound from any to pbx server pjsip port for sangoma connect,
I have enable PBX firewall and i have enable Responsive Firewall for pjsip

Sangoma Connect works my question is that PJSIP port has to be open to the world or is there something im missing.

Thank you All

Some background -
We have been using FreePBX v13 for about 6 years as our enterprise PBX as well as our contact center platform (Noble Systems) audio path. We have about 150 concurrent reps all working from home, currently using the UCP/WebRTC phone via a Chromebox. Each rep connects back to the corporate network via a locally installed Cisco AnyConnect client so the PBX is on-net, so to speak.

We are working to migrate to v15 over the next 15-30 days. Our testing of the v15 UCP/WebRTC phone exposed a bug in the PJSIP device which makes it not usable for production. The bug is that every 600 seconds after initial login, the WebRTC phone refreshes its buttons UI back to just the “Call” button, no matter if a call is in progress or not.

So in turn we have started to test out the Sangoma Connect option. The first test was using a fresh distro install, and that worked without an issue. The next step was to test it on our POC v15 VM that was restored from a v13 backup.

The v15 restored system is working with the Sangoma Connect extension running on the Chromebox, but the Cloud Connect Agent Status is stating something other than just “Running” as the fresh distro did.

The v13-v15 restore VM is showing the CloudConnect Agent Status as “Running (disconnected from server)”

image

We were able to get the Sangoma Connect Android app to register the extension and it can make and accept calls.

The connect-proxy.log entry looks fine as well (below).

Is the status in the Sangoma Connect module/tab just a UI bug?

===================================================
72 {“name”:“socket-io-router”,“hostname”:"[our FQDN hostname]",“pid”:6204,“level”:30,“msg”:“SocketIOClient Connecting to remote wss://proxy.iot.sangoma.tech:443 with sid e1a08742-38a7-42e7-a726-0e5747abc7fc and token CFmO8Vjsvy”,“time”:“2021-03-08T18:49:19.263Z”,“v”:0}
73 {“name”:“socket-io-router”,“hostname”:"[our FQDN hostname",“pid”:6204,“level”:30,“msg”:“SocketIOClient [mN5F8oztcBufNjZbAFYQ] Connected”,“time”:“2021-03-08T18:49:19.609Z”,“v”:0}

Finally seem to have this working after manually installed the required module.

It only work with the PJSIP signaling port open to the internet. But this page (and I agree) says ‘Not recommended to open this up to untrusted networks.’. I’m trying to get my head around how this isn’t a security risk that didn’t exist with the Zulu app, which proxied the connections via 8002, a port not well-known to be associated with SIP.

https://wiki.freepbx.org/display/PPS/Ports+used+on+your+PBX

You will be far happier from an attack standpoint (lower your surface area) to change your PJSIP (All variations - UDP, TCP and TLS) to a very high and obscure port - somewhere in the 50K-64K Range - then it’s not a problem - I am up there on all my boxes and nothing is scanning up there - add the FreePBX firewall on top of it and you are pretty tight on security.

Exactly how I have all mine configured

In addition to changing the signaling port, the Responsive feature of the Firewall module is intended to allow for access from untrusted source IPs.

Zulu is a WebRTC application whereas Connect is SIP.

My opinion is if you are using SIP with TLS then there is no discernable difference. Both are encrypted connections.

If you are using plain SIP (UDP/TCP) then there’s more to be concerned about.

So the recommendation then is to disable UDP and TCP in the PJSIP Settings?

I mean to use Sangoma Connect in TLS mode (https://wiki.freepbx.org/display/CONNECT/Secure+Calling+for+Sangoma+Connect+Mobile). What you do then with PJSIP’s UDP and TCP transports is up to you (firewall them, turn them off, whatever your environment requires).

2 Likes

THANK YOU. Done.

@Lorne, is there a reason that it doesn’t default to TLS if available?