Hi Guys, Time for some outside hive mind help please!!
OK so please go steady with me i have limited knowledge.
Firstly I’m using
PBX Version:15.0.29
PBX Distro:12.7.8-2203-2.sng7
Asterisk Version:16.30.0
I have configured the Sangoma area and have it connecting via lan with me on the same network, and also works with me on wifi at a remote site Home or Remote office, but as soon as I go mobile (cellular connection off wifi) I have issues connecting.
I’m not sure what other details to put on here let me know and see if i can share
You’ll need to whitelist the mobile’s public IP address in the FreePBX firewall. It will change frequently so try something like 123.123.0.0/16 and see how you get on. Tighten up fail2ban strictness when doing something like this.
Ive never had to do this on any of the many Sangoma Connect mobile deployments Ive done for my clients. Setup everything correctly on the PBX, send the Sangoma Connect email invite. Have Sangoma Connect installed on the phone then click the link in the Invite Email and boom, it connects.
Sounds like something isnt setup correctly. Your FQDN is setup correctly? Your Cert is setup correctly matching your FQDN? Your FQDN resolves to your PBX???
I have never seen the mobile app work without whitelisting the IP. Perhaps someone else can confirm. Perhaps our firewall is tighter? Either way I would prefer a setup like that, why not?
Ive never had to whitelist a Cellular IP (they change) for Sangoma Connect… Desk phones that are deployed remotely, yes… Sangoma Connect… No, never. I have one right here in front of me working great on cellular I just provisioned… didnt whitelist anything.
We run Arista ETM NGFW security appliances on all of our client sites and are tightened down except for the required firewall/port setup in the Sangoma Connect Wiki…
You can go somehwere like here https://www.whatsmydns.net/ and put in your FQDN and confirm its resolving to the public IP of your PBX deployment… Did you create a FQDN then set the A-record to the public wan IP of your PBX??
I’ll look into it further then, thanks. Anyway, for the OP it might help them register at least and then they can go from there. I think the FQDN stuff is a red herring as that’s all set up correctly here.
When I played with app, I could only register it within one network - cellular or LAN. If I recall, I used FQDN. The only thing I didn’t try was LE cert, I used self-signed.
For those who has dual registration working, did you use LE certificate?
Ok, this makes sense. Is it even possible to do a dual registration with this app/service? The manual vaguely states it but could never make it register for both.
I tested further… No issues when I enable Responsive Firewall for PJSIP. I can connect on Sangoma Talk from anywhere. It can also wake up the app when closed for incoming calls no matter what the IP address.
Well it’s fixed, I enabled RF for my PJ sip channels and now works dual registration between WiFi in office and mobile cellular network so thanks for all the help (I do still need to sort my FQDN and LE certificate) so we can say it’s not that
Thanks to all the supportive comments from all of you such a great COMMUNITY!!!