Playing around with getting sangoma D series phones to connect to FreePBX via VPN. Having an issue after the phone gets it’s initial config from the PBX.
The setup:
FreePBX 15 on a cloud server
Endpoint manager using DPMA
Separate digium phones EPM template set up for the VPN clients.
The phone is set for ex 201, chan_sip, vpn IP assigned 10.8.0.3
On the phone’s local router I’m using option DHCP option 66 to give the phone it’s initial info as set in the DMPA management under EPM.
Factory reset the phone, it boots, get’s it’s initial proxy settings
sip:proxy@“PBX External IP”:5060
The phone then reboots and fails on: contacting sip:[email protected]:5061,transport=udp
Not sure where to look log wise for this. I could be my local firewall blocking the vpn connection out but I doubt it. Anyone have any nuggets of wisdom here?
looking under VPN server i see that the phone is connected and has the proper IP address. But it can’t get it’s config from 10.8.0.1. I’m not even sure where I would set that setting if I even can.
ok, got it to work but not sure if this is correct:
EPM > global settings: set “internal address” to the VPN gateway address 10.8.0.1
EPM > Brands > Digium > select vpn template
Change Provisioning Server address from “external” and the PBX external IP address to:
Internal which sets to the VPN gateway address of 10.8.0.1.
I then factor reset my phone and it booted up and received the VPN info, rebooted and then connected via the VPN and go it’s config from 10.8.0.1
The only thing that’s weird is when it first boots from factory default, it grabs all the extensions and asks which one I want to use. The extension wasn’t listed because the system saw it as already assigned. So I filtered the extension list to show assigned extensions and chose it. With EPM and the phone assigned via a mac address, should it be necessary to select the extension?
Just a note, by default port 5060 will be SIP over UDP or TCP , 5061 will be SIP over TLS. But that would be provisioned from the server which apparently changed between your ‘then’ and ‘now’
not arguing that. the question is why was it being sent to the phone. If I look under settings > asterisk sip settings for both PJSip and Sip, both are set for no for TLS.
Further, in the EPM profile for digium “D” series phones the only choice for provisioning server protocol is “HTTP”
I tried setting all the settings I changed yesterday back to their original setting and the behavior did not re-occur… I’m at a loss here as to why it was trying to use 5061