SOLVED: Sangoma D phones with FreePBX VPN

Playing around with getting sangoma D series phones to connect to FreePBX via VPN. Having an issue after the phone gets it’s initial config from the PBX.

The setup:
FreePBX 15 on a cloud server
Endpoint manager using DPMA
Separate digium phones EPM template set up for the VPN clients.
The phone is set for ex 201, chan_sip, vpn IP assigned

On the phone’s local router I’m using option DHCP option 66 to give the phone it’s initial info as set in the DMPA management under EPM.

Factory reset the phone, it boots, get’s it’s initial proxy settings
sip:[email protected]“PBX External IP”:5060

The phone then reboots and fails on:
contacting sip:[email protected]:5061,transport=udp

Not sure where to look log wise for this. I could be my local firewall blocking the vpn connection out but I doubt it. Anyone have any nuggets of wisdom here?

looking under VPN server i see that the phone is connected and has the proper IP address. But it can’t get it’s config from I’m not even sure where I would set that setting if I even can.

ok, got it to work but not sure if this is correct:
EPM > global settings: set “internal address” to the VPN gateway address

EPM > Brands > Digium > select vpn template

Change Provisioning Server address from “external” and the PBX external IP address to:
Internal which sets to the VPN gateway address of

I then factor reset my phone and it booted up and received the VPN info, rebooted and then connected via the VPN and go it’s config from

The only thing that’s weird is when it first boots from factory default, it grabs all the extensions and asks which one I want to use. The extension wasn’t listed because the system saw it as already assigned. So I filtered the extension list to show assigned extensions and chose it. With EPM and the phone assigned via a mac address, should it be necessary to select the extension?

another oddity is that when the phone now provisions over the vpn, it looks for port 5060 as opposed to 5061 that it was looking for prior…

Just a note, by default port 5060 will be SIP over UDP or TCP , 5061 will be SIP over TLS. But that would be provisioned from the server which apparently changed between your ‘then’ and ‘now’

Interesting since I never set up anything for TLS nor did I (knowingly) unset it.

Yet 5061 will ONLY ever come up in a TLS context in a basic install.

not arguing that. the question is why was it being sent to the phone. If I look under settings > asterisk sip settings for both PJSip and Sip, both are set for no for TLS.

Further, in the EPM profile for digium “D” series phones the only choice for provisioning server protocol is “HTTP”

I tried setting all the settings I changed yesterday back to their original setting and the behavior did not re-occur… I’m at a loss here as to why it was trying to use 5061

What are your used ports for sip? Both channel drivers?

You say a lot of what things are not, but do not say anything about what is.

The sip ports were the default 5160 and 5060. This was a fresh distro 15 install with nothing major changed.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.