In hindsight, I should have mentioned that telnet is TCP-only so if you don’t have TCP forwarded as well (“Both” in your FW rule on your USG), you’d get a failed connection.
I believe FreePBX actually listens on 5060 UDP and TCP (at least mine seems to), so I’m able to test the forwarding by using telnet from an external source and not getting a connection refused error.
I’ve just looking at the logs from a phone and this is what i found.
[02-07 15:09:46 51:80:3d] SIP: aid 0, cid 0, tid 0, did 0, REQUEST: REGISTER, Event: 2
[02-07 15:09:46 51:80:3d] SipProc:aid 0 enter NoAnswer SIP_REGISTRATION_FAILURE ====
[02-07 15:09:46 51:80:3d] CALL: State=0x60, Event=0x31e, Chn=0
[02-07 15:09:46 51:80:3d] CallCtl: SendEvent2Lcm: aid 0, Line: 0, event 0x8d3
[02-07 15:09:46 51:80:3d] GUI: Receive Call Register Failed!
I’ve just been looking through the logs and can now see:
NOTICE[10876] chan_sip.c: Registration from ‘“1103” <sip:[email protected]:5160>’ failed for ‘85.92..:38882’ - Wrong password
I’ve double checked the password on the phone and it’s correct, could this be a false positive?
There are plenty of posts in the forum about using a firewall in front of your server. In the firewall, you want to
Open UDP port 5060 to your ITSP and any servers/phones “in the wild” through IP address filtering. Redirect this port to port 5060 on your server.
Open UDP port 10000-20000 to the world and redirect these ports to ports 10000-20000 on your server. There are lots of theory discussions on the merits of doing this, so you can trust me or you can look it up.
That will get all of the pertinent information through the firewall into your server.
On the integrated firewall, set up the Trusted networks so that your remote phones and ITSP are all on trusted networks.
With that, you can start troubleshooting the connection issues between you and your ITSP. After that, it’s just setting up NAT configurations at the remote hosts and “away you go”.
If the 85.92.x.x address is yours and one you expect, then no, the password is mis-spelled (or more likely mistyped). If the address isn’t yours, then your firewall isn’t blocking enough address on either the external firewall or the Integrated Firewall.
One important data point - there are two passwords. One is the extension password and one is the UCP user password. Make sure you are using the right password.
Second point - some phones will not accept the 32-character password generated by FreePBX. Try trimming the password down by, say, half and see if that helps.
For example, the Cisco SIP load (depending on version) will only take a 8 to 12-character password, so the long password from the extension manager will obviously not work.
Definitely using the secret and not the User pass and all our phones are Sangoma - i presume they are ok with the longer passwords.
I’ll make sure they are using the correct port.
EDIT: i rebooted the phone and now it says it’s registered. Not sure why that would make a difference? having said that, these phones were a part of an existing install and i’m not sure how to use the auto-provision again… next step