VPN Issues and EPM License Question

configuration
Tags: #<Tag:0x00007fafc578fc68>

(Tg) #1

Good Afternoon,

I have been working on migrating a PBX via back up from a VM environment to a FreePBX Appliance 40. All of the phone settings, etc seem to have transferred correctly. My first question is does the EPM license transfer or is there something I need to do to enable the EPM Pro features that were on the VM?

Second, I am now adding remote users due to the Corona Virus. I would prefer to use HTTPS for provisioning and then VPN to the PBX so I can leave my Router’s Firewall Rules as restricting SIP traffic to just my provider rather than getting emails constantly about bots trying to login on 5060.

I am unable to get traffic on port 1443 for the HTTPS. I can provision over HTTP however. I have made sure my certificate was installed (same self-signed cert from the VM), and port forwards etc are set on the router/firewall. I can download the phone firmware when using http but it does not ever find its configuration.

Next, I have followed the VPN setup guide. I have ensured the VPN server is enabled via System Admin. I have checked under User Management for a VPN profile. I have even created additional profiles in VPN to be assigned to the user account in User Management. Everything to this point seems to be as described in the Manual. When I go to EPM - Extension Mapping and edit those settings, there is never an option presented to assign a VPN client to the extension. I have updated every package (yesterday) to its most current, including the YUM packages and EPM (was disabled due to the updates not including the correct version of another module - possibly phone apps).

Can someone shed some light on why I am being presented with the option to assign a VPN client, why the https doesnt work and if the license for EPM is transferable?

Thank you,
Terance


(Tg) #2

Also, when using a browser to access the HTTPS provisioning port, I am prompted for User/Pass and after entering the correct credentials, I get the following:

Forbidden

You don’t have permission to access /.noindex.html on this server.


(Alejandro) #3

I am not familiar with the VPN but I can answer your first question.

Commercial Modules are tied to specific hardware. But, there is a process for moving it new hardware.
https://wiki.freepbx.org/display/FPG/How+to+Move+a+Deployment+ID+to+a+new+PBX


(Tg) #4

Thank you Alejandro. I will get that done.


(Alejandro) #5

Now that I think about it, your HTTPS issue may be related to the fact that the system is not activated.

Moving the activation to the new hardware may fix all or most of your issues.


(Tg) #6

Alejandro,

I have the System Pro activated, as it came with the new hardware. The only other license I have is the EPM I need to get moved/activated. I will see if that changes. Also, the more I look at the templates in EDM, the provision server protocol options are only FTP or HTTP. I assumed that selecting HTTP would include HTTPS but looking at the line for Phone Apps protocol, it clearly shows HTTP as one option and HTTPS as the other. Looks like maybe provisioning over HTTPS may not be an option on this particular phone. I have several of the Digium D60 and D65 phones. I also have a Yealink T46G and a Sangoma S500 Ill test that on.

I am still not seeing any change in my issues around the VPN unless it has something to do with that EPM license.

Thank you,
Terance


(Alejandro) #7

I am quite certain the VPN will not work without the license.

Did you turn on the HTTPS port in the Port Management in System Admin?


(Tg) #8

Alejandro,

I went ahead and just purchased a new EPM module. It was faster and easier to do than trying to move the old license and it looks as if I wouldnt have been eligible for EPM upgrades anyway.

So prior to the EPM purchase, I was able to setup the Sangoma Phone Successfully with VPN and make it work. It does have a HTTPS provision setting,etc. So, it looks like what I was doing was correct. Maybe something either with EPM or Digium phone firmwares not supporting the VPN. \

After purchase of the EPM module, I went to my Yealink phone and started getting its configurations ready. Looks like the VPN is available to the Yealink as well, with a firmware upgrade to the phone. So, again, I am thinking it is strictly an issue with either the Digium phone or how EPM handles the phone. I will keep researching this issue, as I am getting closer on all avenues to reaching the current end goal.

Thank you,
Terance