Hello. I have been trying to get SangomaConnect to work for me. Now I seen something called Sangoma Softphone. I have the two user free license. The most current problem is the CloudAgent says it is running, but disconnected from the server. I would very much like to get this running, and may purchase additional users, but cannot figure it out. Where can I go for help? Alternatively, is the Softphone app something I should be looking into instead? What about Zulu?
Thank you, billsimon! To clarify for me (Iâm still fairly new to the FreeBPX scene): if I have the FreePBX Softphones 2-User 1-Year Free License, SangmoaConnect should work? Does the free license entitle me to support via the support tickets, or should I purchase support? I only ask because it seems like the answer to many of the questions users ask about SangomaConnect are answered with âopen a support ticket.â
@ sorvani It is. I have been through the ports several times. My Fail2Ban is always blocking different ip addresses, so it seems like something is getting through. I use all UniFi equipent elsewhere if that helps. Thank you for looking at this.
Then my guess is you have not forwarded enough things in m to your box for SangomaConnect to work correctly. Just a guess though. I have never set it up on an internal unit behind NAT yet. Only on systems with a direct public IP
@sorvani
Thank you. I worked on it a little last night and this morning and it is working now! My Fail2Ban is going crazy with notifications every 10 minutes or so. Is there anything I can do about that?
No, your firewall needs to filter appropriately all on itâs own, anything you allow through on UDP/5XXX (and there will be lots) will need to be filtered by any downline firewall
You asked about fail2ban, which is part of FreePBX, in context.
There are settings to have everything in the firewall networks tab syncâd with fail2ban and ignored.
@dicko Thank you! Maybe a better term is âexpected.â When you say:
there is good reason to just not open your system up there though.
are you saying, I should actively seek to change those ports (I thought I read I cannotâŚ) or just to make sure intrusion detection is active and robust?
On a side note, after seeing the number of Fail2Ban emails coming through every day, it saddens me that these bandits canât find something more productive to do with their time than harass me. Comes with the territory, I guess.
Personally I avoid the âlow-hanging portsâ, there is no reason that you cannot do the same, some VSPâs refuse to use anything but UDP/5060 , for those, a couple of iptables NAT rules should suffice.
Better to use TCP
Better yet to use TLS
Better yet still, use TLS and check the client cert, (that means installing your certs on the extensions whenever the cert changes, this is either easy or not so easy depending on the phones)
Adding âport floodingâ and and âconnection limitingâ rules to your firewall is a good way to negate the âobfuscationâ argument but these general concepts will reduce that noise by âorders of magnitudeâ.
@dicko
I know I can change the listening port on my end, can I change it on SangomaConnect? Maybe I donât have a good understanding of how this is supposed to work. If I change 5060 to something else, I have to change the port on all of my physical phones, correct?
I have had limited success configuring the Sangoma phones I use.
At this time, I only have one extension Iâm using on Sangoma Connect. Can I just change the port on only the SangomaConnect extensions?