VPN Cert Days value is Changed

I have searched for similar titles for the problem but none seem to offer a solution.

I don’t have an active sub to EPM since we’re using Sangoma S500 phones which don’t need a EPM license.

Since we are seeing these problems:

VPN Cert Expiry Alert
VPN Cert Days value is Changed
Certificates are getting generated, please try again after few minutes

We enabled VPN as per some posts, yet the problem persists.
We also tried running fwconsole ma downloadinstall sysadmin --edge to no avail.
We tried rebooting the PBX and that doesn’t work either.

One thing that we did was we moved ISPs and the IP address changed.

Can someone/anyone help us?

I wanted to tell everyone that the solution is very simple. Seems like Sangoma has reduced the amount of community support. SO I will.

The solutions is to simply turn on the VPN (if it’s already off), leave it over night and it will solve the VPN issues automatically.

A bold statement. your supportive documentation is . . . ?

It’s been months and no one from Sangoma is offering a solution for this. There have been multiple posts from different users about this problem. Does Sangoma not have a solution for this or are they expecting us to create a ticket to let us know the solution?

I am honestly think that Sangoma is feeling the pressure from Zoom. Zoom Phone has been taking a lot of customers from in-premise systems like FreePBX to the Cloud. I wouldn’t blame them for trying to cut community support. Yes, I have been seriously thinking of moving off too…not to Zoom but to Ubiquiti. Their DreamMachine Pro is very enticing right now. Think about it…for $469, you get a phone server, network, protect and VoIP. When I compare against Sangoma’s little blue boxes, it’s an easy decision.

The worst thing about FreePBX is that it needs to be maintained on a very, very frequently basis…look at my VPN cert days post. None of this to deal with with the competition. Isn’t competition great?

Shape up Sangoma and there will be more than just me thinking about leaving FreePBX!

Lol. If you think the Dream Machine Pro is the solution you haven’t used it enough. Been selling UBNT for a long time as a commercial IT company and we don’t use UBNT edge devices for a reason. If your doing residential or small mom and pop shops then I’ll buy it.

I have a stack of brand new Dream Machine Pros sitting here in the shop if you want to buy them at a discount. Thats how much we will not use them. Their security features are lacking, VPN support sucks, and don’t even talk to me about reporting /logs…

1 Like

I would NEVER put my edge device/router, phone server and security NVR into one box…talk about all your eggs in one basket… nice for home users…but that’s where it ends

We run each service in a VM in XCPNG/XenServer. Now, if the VMWARE server goes down, EVERYTHING GOES DOWN. Of course, we implemented High Availability. So, you tell me why the DreamMachine Pro is worse – because there’s no HA?

We’re also concerned about global warming so any wattage we can save, it is our contribution to save OUR planet from burning down.

Your reply makes zero sense. I replied to your comments trying to compare FreePBX to a Dream Machine Pro and how much value it gave you putting an Edge Device, Phone System and CCTV in one box (major fail for any corporate environment) and you reply talking about VM… If youre concerned about the planet use the right low carbon footprint hardware. haha

To clarify, when one runs Unifi Network, FreePBX in an XCP-NG/XenServer environment, that’s the same as “having all eggs in basket”. Imagine if one is running just one Host. When that host goes down, isn’t that the same as when the DreamMachine goes down? That’s all the services are down! Unless, one has a HA implementation. That’s two servers – running 24/7 – that’s bad for the Earth.

I would need to compare the power usage with DreamMachine but I suspect that it is much, much lower. Can someone provide insight?

So I don’t see your argument as a valid one against using DreamMachine in commercial applications.

You dont see my argument because it appears you dont have extensive hands on experience with the DreamMachine Pro and all its problems and shortfalls. If you did, you wouldnt even be making these posts. This isnt just me saying this, do a little research and youll find as much reading as you care to spend time on about all the issues and problems with the DMP outside of a tech savy homeowner or mom/pop shop scenario.

No OpenVPN support (or Wireguard), practically zero reporting, their logs are useless, numerous firmware release fails breaking the box and having to roll back via SSH. This is completely unacceptable for any corporate environment.

I am sorry that you have been burned by Ubiquiti. But your needs for OpenVPN or Wireguard or have detailed logs aren’t what DreamMachine was aimed towards. As you said, DreamMachine are for SMB and home users. SMB and even mid-sized businesses, don’t really need huge amount of features. The VPN that’s built-in (L2TP) is more than sufficient. And, why would you expect a machine that brings so much value to have every single feature on your wish list? Geez. Stop being so greedy.

The key is that dream machine works and requires the least amount of effort. Again, an SMB cannot afford someone like you. That’s why it is so affordable.

Rather than hammering others for ignorance, I would suggest that you should consider some marketing segmentation courses and product positioning. Ubiquiti didn’t aim DreamMachine at you.

I admit that each firmware update can bring issues. I am dealing with a 100+ UAP-AC-Pro deployment in which some APs go offline overnight and I can’t find out why it’s doing it besides blaming it on the firmware. I know its the AC-Pros because the UAP AC-Mesh run happily without any issues. Since you’re such a high grade sysadmin, may be you can give me some insights.

First you tell me you dont understand my argument against using DMP in “corporate” environment, which is what I said… Then you agree with me that they are for SMB and home users (exactly what Ive said from the start). You made my point

Dont tell me DMP wasnt aimed at this segment, because thats exactly what they marketed it towards. Right on their website, the first sentenace for the DMP says “The Dream Machine Pro (UDM Pro) is an enterprise-grade UniFi OS Console that offers a scalable networking experience and comprehensive platform for multi-application use.”

This is my last post on this subject then Ill let it die… But my position stands, you dont have enough experience with DMP, its obvious by your posts. UBNT DMP and Pro4 use of LT2P VPN is horrible and unreliable! How much have you used it? Have you used it with more than 1 client setup? I have, and I received NOTHING but headaches when more than 1 client tries connecting remotely to the DMP. Failure to connect, trying to connect endlessly. It sucks, there is zero excuse to not have OpenVPN as an option. That is a no brainer and much cheaper routers have it.

You dont think useful logs are a necessity for a $469 edge device? Seriously? We prefer to spend our time quickly being able to diagnose network issues and useful logs are key to that. Time is money. Useful logs and OpenVPN are standard features in todays IT world, far from your claims of wanting 'every singe feature." If that was the case Id be looking for real threat prevention that doesnt limit bandwidth, Application Control, Web Filtering, WAN Balancing, Wireguard… but I digress

We dont use onsite UBNT controllers, especially DMP as a controller, that is also a problematic setup. Especially after firmware and controller upgrades. Hmm, where did half my devices go. I cant tell you how many times we updated device firmware within DMP unifi controller only to have them show disconnected status after upgrades… Or controller updates in DMP only to have all devices show disconnected after reboot… These symptoms were only an issue using Cloud Key’s and DMP.

I run a Vultr VM Multi-Site UNIFI controller that manages 1000’s of client UBNT devices. So simple, we SSH into them at the shop when new, send update command via ssh, send inform url for our controller via ssh, adopt in our controller then send to client site. As long as they have internet they are g2g and we have zero issues with UBNT devices dropping. Only time we had those issues was with Cloud Keys (Gen1 and Gen2) and DMP.

There are definitely reasons to be tempted by UBNT products. They are very competitively priced, good UI, they don’t require a monthly fee for a cloud-based Wi-Fi controller (cloud key). However, anyone trying to run a business off of these devices should be well aware that their support is non-existent, which I imagine is part of the reason why their devices are so cheap. You want help? Hope that someone else has posted something in their forum and that another generous individual has answered the issue for them. I don’t know about you, but I don’t like to run my business on a hope and a prayer.


And we love UBNT devices, we sell TONS of them for all the reasons you mentioned. But we dont use or sell their edge devices/routers, CCTV, Access Control or VOIP hardware. Much better options out there for these systems, like FreePBX!

Loving my Vultr hosted FreePBX setups with TLS/SRTP. Runs great and does not require CONSTANT maintenance as stated above…

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.