I’m trying, among other things, to setup a background image on Sangoma P330 with Endpoint Manager.
I loaded thje image (png transparent, or png with solid background), I modified the template, but my logo doens’t appear anywhere anytime.
The logo is small and I also tried different images.
Any idea?
Same issue…the Digium/Sangoma D-series phones…you have to play around…
Hi @unlikely ,
Can you check if your P phone config file has image/logo related configuration. You can check using below command
grep -r “logo_file” /etc/asterisk/dpma/phone_configs/{extensionnumber}/IPphone_MAC.cfg
When you copy from config file & paste this logo URL in browser, it should be downloaded/displayed in browser.
If not, then there might be authentication related issues. Please check http/https credentials.
Thanks
I can’t download the image from a browser.
I was thinking to issue with nat/firewall/reverse proxy.
But the phone is in the same L2 domain as the freepbx so nothing of this should be involved.
OK, now I think I fixed and I can download the background image from a browser.
But the image is not showing on P330 phone.
When/Where exactly is supposed to appear?
Behind the clock?
How is your phone connected to the freePBX server? Https? Do you have a valid certificate installed?
Hi @unlikely ,
Have you tried re-provisioning P330 phone after fixing that URL download issue? If not, please try factory reset and re-provision the P330 phone.
Once the background is set, in the place of clock, background image will show and time will display below the image.
Thanks
I just made a factory reset and reprovision but still no image.
Image url is https with embedded credentials and from a browser works with no certs warning.
Tried across firewall, from VPN and from outside.
Hi @unlikely ,
Can you please raise support ticket so we can connect to your system to debug further. Please DM me the ticket number so I can follow up internally.
Thanks
Hi @girishmani
There is a way to check what is happening in the P330 during provisioning?
Some kind of log to check for errors and issues?
Thanks
Yes @unlikely , in EPM > DPMA management, we have an option “Disable DPMA Logging”, make this as “No” and in the path /var/log/asterisk , a file called dpma is created where phone provisioning logs are added.
Also we have logs regarding P phones provisioning in the path /var/log/httpd , you can tail , file called “access_log”
Thanks
I had already checked the dpma log, but I didn’t see anything useful. This is after a factory reset.
[2024-12-19 18:43:35] DPMA[16292] phone_message.c: Pruning old session for 'sip:10.***.30.145' on new handshake from mac '000FD3***.
[2024-12-19 18:43:36] DPMA[16292] phone_users.c: Phone user '****-1' now connected from 'pjsip:10.***.30.145:55917;transport=tcp' mac '000FD3***'
[2024-12-19 18:44:33] DPMA[16292] phone_message.c: Pruning old session for 'sip:10.****.30.145' on new handshake from mac '000FD3******.
[2024-12-19 18:44:33] DPMA[16292] phone_users.c: Phone user '****-1' now connected from 'pjsip:10.***.30.145:5060;transport=udp' mac '000FD3******'
In /var/log/apache2 the file access.log is empty. File other_vhost_access.log, for my P330 IP address, contains a bunch of
GET /rtapi/socket.io/?EIO=4&transport=websocket&t=1734630841 HTTP/1.1" 101 1661 "-" "WebSocket++/0.8.2
error.log contains olders records (before last P330 factory reset and reprovisioning)
[Thu Dec 19 17:27:49.311911 2024] [proxy_http:error] [pid 172745:tid 172745] [client 10.***.***.145:44504] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Dec 19 17:27:57.185541 2024] [proxy_http:error] [pid 172718:tid 172718] [client 10.***.***.145:44506] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Dec 19 17:28:08.815579 2024] [proxy_http:error] [pid 172840:tid 172840] [client 10.***.***.145:44508] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Dec 19 17:28:26.001357 2024] [proxy_http:error] [pid 172716:tid 172716] [client 10.***.***.145:44510] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Dec 19 17:28:51.370390 2024] [proxy_http:error] [pid 172839:tid 172839] [client 10.***.***.145:44512] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Dec 19 17:29:16.632922 2024] [proxy_http:error] [pid 172716:tid 172716] [client 10.***.***.145:44514] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Dec 19 17:29:41.974998 2024] [proxy_http:error] [pid 172839:tid 172839] [client 10.***.***.145:44516] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Dec 19 17:30:07.397321 2024] [proxy_http:error] [pid 172716:tid 172716] [client 10.***.***.145:44518] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Dec 19 17:31:59.192197 2024] [proxy_http:error] [pid 813:tid 813] [client 10.***.***.145:44526] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Dec 19 17:32:24.462531 2024] [proxy_http:error] [pid 4286:tid 4286] [client 10.***.***.145:44532] AH01114: HTTP: failed to make connection to backend: 127.0.0.1```
No access log for REST or provisioning endpoints.
This is what happens when the phone is in the same internal VLAN of the FreePBX server. No background, no contacts, no blf items. Apparenttly there is no access attempt to provisioning endpoint. If I try from a computer in the same vlan I can download images, contacts, blf without issues, without https certificates warnings, and the apache logs show access attempt.
tcpdump show some traffic hitting the https provisioning endpoint but no access in apache.
20:14:05.054832 eth0 In IP 10.***.***.145.37082 > freepbx01.lan.mydomain.tld.2096: Flags [S], seq 222711999, win 29200, options [mss 1460,nop,nop,TS val 4294942803 ecr 0,nop,wscale 6], length 0
20:14:05.054880 eth0 Out IP freepbx01.lan.mydomain.tld.2096 > 10.***.***.145.37082: Flags [S.], seq 2576754520, ack 222712000, win 65160, options [mss 1460,nop,nop,TS val 2789776767 ecr 4294942803,nop,wscale 7], length 0
20:14:05.106263 eth0 In IP 10.***.***.145.37082 > freepbx01.lan.mydomain.tld.2096: Flags [.], ack 1, win 457, options [nop,nop,TS val 4294942811 ecr 2789776767], length 0
20:14:05.241365 eth0 In IP 10.***.***.145.37082 > freepbx01.lan.mydomain.tld.2096: Flags [P.], seq 1:518, ack 1, win 457, options [nop,nop,TS val 4294942824 ecr 2789776767], length 517
20:14:05.241415 eth0 Out IP freepbx01.lan.mydomain.tld.2096 > 10.***.***.145.37082: Flags [.], ack 518, win 506, options [nop,nop,TS val 2789776953 ecr 4294942824], length 0
20:14:05.241914 eth0 Out IP freepbx01.lan.mydomain.tld.2096 > 10.***.***.145.37082: Flags [P.], seq 1:1311, ack 518, win 506, options [nop,nop,TS val 2789776954 ecr 4294942824], length 1310
20:14:05.300996 eth0 In IP 10.***.***.145.37082 > freepbx01.lan.mydomain.tld.2096: Flags [.], ack 1311, win 502, options [nop,nop,TS val 4294942830 ecr 2789776954], length 0
20:14:05.301036 eth0 In IP 10.***.***.145.37082 > freepbx01.lan.mydomain.tld.2096: Flags [P.], seq 518:525, ack 1311, win 502, options [nop,nop,TS val 4294942830 ecr 2789776954], length 7
20:14:05.301187 eth0 Out IP freepbx01.lan.mydomain.tld.2096 > 10.***.***.145.37082: Flags [F.], seq 1311, ack 525, win 506, options [nop,nop,TS val 2789777013 ecr 4294942830], length 0
20:14:05.305688 eth0 In IP 10.***.***.145.37082 > freepbx01.lan.mydomain.tld.2096: Flags [R.], seq 525, ack 1311, win 502, options [nop,nop,TS val 4294942831 ecr 2789776954], length 0
20:14:05.346519 eth0 In IP 10.***.***.145.37082 > freepbx01.lan.mydomain.tld.2096: Flags [R], seq 222712524, win 0, length 0
20:14:05.540537 eth0 In IP 10.***.***.145.37088 > freepbx01.lan.mydomain.tld.2096: Flags [S], seq 3240266030, win 29200, options [mss 1460,nop,nop,TS val 4294942853 ecr 0,nop,wscale 6], length 0
20:14:05.540578 eth0 Out IP freepbx01.lan.mydomain.tld.2096 > 10.***.***.145.37088: Flags [S.], seq 4239596826, ack 3240266031, win 65160, options [mss 1460,nop,nop,TS val 2789777253 ecr 4294942853,nop,wscale 7], length 0
20:14:05.604983 eth0 In IP 10.***.***.145.37088 > freepbx01.lan.mydomain.tld.2096: Flags [.], ack 1, win 457, options [nop,nop,TS val 4294942859 ecr 2789777253], length 0
20:14:05.639830 eth0 In IP 10.***.***.145.37088 > freepbx01.lan.mydomain.tld.2096: Flags [P.], seq 1:518, ack 1, win 457, options [nop,nop,TS val 4294942864 ecr 2789777253], length 517
20:14:05.639896 eth0 Out IP freepbx01.lan.mydomain.tld.2096 > 10.***.***.145.37088: Flags [.], ack 518, win 506, options [nop,nop,TS val 2789777352 ecr 4294942864], length 0
20:14:05.640635 eth0 Out IP freepbx01.lan.mydomain.tld.2096 > 10.***.***.145.37088: Flags [P.], seq 1:1311, ack 518, win 506, options [nop,nop,TS val 2789777353 ecr 4294942864], length 1310
20:14:05.715764 eth0 In IP 10.***.***.145.37088 > freepbx01.lan.mydomain.tld.2096: Flags [.], ack 1311, win 502, options [nop,nop,TS val 4294942872 ecr 2789777353], length 0
20:14:05.750350 eth0 In IP 10.***.***.145.37088 > freepbx01.lan.mydomain.tld.2096: Flags [P.], seq 518:525, ack 1311, win 502, options [nop,nop,TS val 4294942872 ecr 2789777353], length 7
20:14:05.750350 eth0 In IP 10.***.***.145.37088 > freepbx01.lan.mydomain.tld.2096: Flags [R.], seq 525, ack 1311, win 502, options [nop,nop,TS val 4294942873 ecr 2789777353], length 0
20:14:05.934771 eth0 In IP 10.***.***.145.37092 > freepbx01.lan.mydomain.tld.2096: Flags [S], seq 3384018081, win 29200, options [mss 1460,nop,nop,TS val 4294942894 ecr 0,nop,wscale 6], length 0
20:14:05.934817 eth0 Out IP freepbx01.lan.mydomain.tld.2096 > 10.***.***.145.37092: Flags [S.], seq 348918403, ack 3384018082, win 65160, options [mss 1460,nop,nop,TS val 2789777647 ecr 4294942894,nop,wscale 7], length 0
20:14:05.979992 eth0 In IP 10.***.***.145.37092 > freepbx01.lan.mydomain.tld.2096: Flags [.], ack 1, win 457, options [nop,nop,TS val 4294942899 ecr 2789777647], length 0
20:14:06.044843 eth0 In IP 10.***.***.145.37092 > freepbx01.lan.mydomain.tld.2096: Flags [P.], seq 1:518, ack 1, win 457, options [nop,nop,TS val 4294942905 ecr 2789777647], length 517
20:14:06.044885 eth0 Out IP freepbx01.lan.mydomain.tld.2096 > 10.***.***.145.37092: Flags [.], ack 518, win 506, options [nop,nop,TS val 2789777757 ecr 4294942905], length 0
20:14:06.045390 eth0 Out IP freepbx01.lan.mydomain.tld.2096 > 10.***.***.145.37092: Flags [P.], seq 1:1311, ack 518, win 506, options [nop,nop,TS val 2789777757 ecr 4294942905], length 1310
20:14:06.104686 eth0 In IP 10.***.***.145.37092 > freepbx01.lan.mydomain.tld.2096: Flags [.], ack 1311, win 502, options [nop,nop,TS val 4294942912 ecr 2789777757], length 0
20:14:06.120009 eth0 In IP 10.***.***.145.37092 > freepbx01.lan.mydomain.tld.2096: Flags [P.], seq 518:525, ack 1311, win 502, options [nop,nop,TS val 4294942912 ecr 2789777757], length 7
20:14:06.120094 eth0 In IP 10.***.***.145.37092 > freepbx01.lan.mydomain.tld.2096: Flags [R.], seq 525, ack 1311, win 502, options [nop,nop,TS val 4294942912 ecr 2789777757], length 0
Also tried to generate a new certificate (by acme.sh).
root@pbx:/var/log/apache2# openssl s_client -connect pbx.mydomain.tld:2096
CONNECTED(00000003)
depth=0 CN = pbx.mydomain.tld
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = pbx.mydomain.tld
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = pbx.mydomain.tld
verify return:1
---
Certificate chain
0 s:CN = pbx.mydomain.tld
i:C = AT, O = ZeroSSL, CN = ZeroSSL ECC Domain Secure Site CA
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384
v:NotBefore: Oct 8 00:00:00 2024 GMT; NotAfter: Jan 6 23:59:59 2025 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEFTCCA5qgAwIBAgIQc6lUHtJJiMA8KvgSxGLlwjAKBggqhkjOPQQDAzBLMQsw...
-----END CERTIFICATE-----
subject=CN = pbx.mydomain.tld
issuer=C = AT, O = ZeroSSL, CN = ZeroSSL ECC Domain Secure Site CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1339 bytes and written 403 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-CHACHA20-POLY1305
Session-ID: 2BFF27...
Session-ID-ctx:
Master-Key: ....
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1734636049
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes
---
closed
If the phone is moved to another internal vlan, so it reach freepbx through a reverse proxy, it can apply at least blf and contacts! Still no good backgorund image.
The issue seems related with certificates, in a way that doesn’t affects browsers and wget, but only sangoma p phones. cert is generated by acme.sh with zerossl and imported by fwconsole but likely in an incomplete/wrong way. What files should I copy on freepbx from acme.sh machine and what commands should I issue?