SOLVED - Remote Sangoma Phone - Provisioning VPN tar file

Hi guys,

I registered the mac address of my remote Sangoma S500 @sangoma Portal, at this point the phone pulls its config from its deployment, but it does not pull its VPN tar file. Redirection type being used is HTTPS/FQDN along with the port number (83)

I created a template on the EPM for remote Sangoma phone and set the Provision Server Protocol to HTTP.

If I manually upload the VPN tar file to the phone, after restarting it, it will register to the PBX with its corresponding settings defined on EPM.

The phone is upgraded to the latest firmware available: 2.0.4.21
This FreePBX deployment is up-to-date, including the commercial modules: System Admin and EPM.

Any idea why this remote phone is not pulling its VPN tar file?

Thank you.

have you linked the phone to a VPN user in extension mapping of EPM

It was not linked, I linked it already.

Will test tomorrow, and then will get back to you.

I linked it and factory reset the phone just in case, but it did not pull the VPN config file, even after a reboot.

Check the following screenshot:

subefotos

Hi Tony,

Any input on this?

No clue. I would start with logs to see if the phone it attempting to get the VPN. The phone has to reach the PBX direct to get this info.

Thank you for your prompt response Tony.

What do you mean by direct?
Remember this a remote phone, the only port I have externally opened is 83 for provisioning.

Is there anything else I have to do?

I took a look at the phone logs, but did not see the phone requesting the VPN config.
I can PM you the phone logs for reviewing, you do not mind.

run the command:

tail -f /var/log/httpd/access_log

and re-provision the phone. You will see the http requests in the log, and it should include a line like this:

yy.yy.yy.yy - 166d7d7e [10/Dec/2016:10:05:35 -0400] "GET /xxxxxxxxxxxx-vpn.tar HTTP/1.1" 200 11776 "-" "Sangoma S500 2.0.4.21 xx:xx:xx:xx:xx:xx"

I left the phone in the office, but I quickly took a look at the access_log on the FPBX server, and here is the line you pointed out:

10.252.252.5 - - [15/Dec/2016:17:25:48 -0400] “GET /XXXXXXXXXXXX-vpn.tar HTTP/1.1” 200 11776 “-” “Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX”

I am not quite sure that that means, but for sure the tar file is not being loaded on the phone.

Can this be debugged while the phone provisioning is taking place?

Well the phone is asking for it so something on your PBX is wrong. Either the tar is missing or someting on your firewall is blocking the phone from getting the actual file

We can see the request is 200, which means the tar file is present and the phone downloaded it. Strange.

The tar file with this S500’s mac address is located on the tftpboot directory, I manually grabbed it from there for my initial tests with vpn.

Are these tar files located on a different path for http provisioning?

If the port 83 is already opened, any idea why my firewall would be blocking the transfer of this file?

Thank you.

Good morning guys,

I reproduced the issue from scratch, to revalidate what I am seeing.

Scenario 1 - Remote Sangoma phone provisioning (Clean/Factory Reset S500)
The remote phone will only get its XLM config file (access_log: today’s new file)

REMOTE_PUBLIC_IP - - [19/Dec/2016:09:35:59 -0400] “GET /cfg0500.xml HTTP/1.1” 200 688 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
REMOTE_PUBLIC_IP - - [19/Dec/2016:09:36:07 -0400] “GET /cfgXXXXXXXXXXXX.xml HTTP/1.1” 200 61114 “-” “Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX”


Scenario 2 - Remote Sangoma phone re-provisioned from EPM (VPN connected after manually loaded the VPN tar file from the phone Webif):

10.252.252.5 - - [19/Dec/2016:09:49:11 -0400] “GET //cfg0500.xml HTTP/1.1” 200 688 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:49:13 -0400] “GET //005058505d52.cfg HTTP/1.1” 404 292 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:49:13 -0400] “GET //XXXXXXXXXXXX HTTP/1.1” 404 291 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:49:13 -0400] “GET //XXXXXXXXXXXX.xml HTTP/1.1” 200 61114 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:49:17 -0400] “GET /ringtones/formatted//ring4.bin HTTP/1.1” 404 306 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:49:17 -0400] “GET /ringtones/formatted//ring5.bin HTTP/1.1” 404 306 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:49:18 -0400] “GET /ringtones/formatted//ring6.bin HTTP/1.1” 404 306 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:49:19 -0400] “GET /ringtones/formatted//ring7.bin HTTP/1.1” 404 306 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:49:19 -0400] “GET /ringtones/formatted//ring8.bin HTTP/1.1” 404 306 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:49:20 -0400] “GET /ringtones/formatted//ring9.bin HTTP/1.1” 404 306 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:49:21 -0400] “GET /ringtones/formatted//ring10.bin HTTP/1.1” 404 307 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:49:22 -0400] “GET /005058505d52-vpn.tar HTTP/1.1” 200 11776 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:51:02 -0400] “GET /ringtones/formatted//ring9.bin HTTP/1.1” 404 306 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:51:02 -0400] “GET /ringtones/formatted//ring10.bin HTTP/1.1” 404 307 “-” "Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX"
10.252.252.5 - - [19/Dec/2016:09:51:02 -0400] “GET /005058505d52-vpn.tar HTTP/1.1” 200 11776 “-” “Sangoma S500 2.0.4.21 XX:XX:XX:XX:XX:XX”


As you guys mentioned before “The phone has to reach the PBX direct to get this info” and as you can see from the logs (scenario 2) the VPN tar file is transferred when the phone is directly connected to the FPBX server via VPN.

Thank you once again.

I managed to resolve it by putting the external FQDN on the provisioning address under the EPM template for my Sangoma phones.

End_Point_Manager_Template