VPNs on Sangoma VoIP Phone - Reboots and disconnects

I’m happy to raise this as a support ticket but wanted to check first to see if this is a known issue. Or maybe even something that has been done by design.

We use a FreePBX server with Sangoma S500 VoIP phones. All of the S500s connect to the PBX via the VPN feature build into Endpoint Manager.

This works great and is very reliable most of the time.

The only time this setup seems to be unreliable is if I want to make changes. Below are a few examples:

1. Adding a new extension
   If I add a new extension every phone that is connected via VPN will become “unavailable” under the “pjsip show contacts” command. At this point all calls drop and the phones can not make any calls. This situation happens as soon as I add the extension - before I click “Apply” in the top right.

2. Phone template changes
   If I make a basic change such as renaming a button in the phone template and then save and update the phones, it will cause all phones using this template to reboot. This only happens when the phones are connected via the VPN. This is a nightmare because some computers are daisy chained to the phones for network access.

3. Firmware Updates
   Not 100% certain this is related yet but the few times I have pushed out phone firmware updates I seem to run into issues such as phones constantly showing a messaging saying they are updating firmware. I did some testing and updates seems to work OK if I did a couple of phones at a time. Seem to run into problems when I did 8+ phones at a time. Not sure if this is related to VPNs or not though!

Can anyone from Sangoma advise if points 1 and 2 are to be expected? I don’t remember seeing anything related to this in the Wiki when I first setup the VPNs.

Server is almost fully up to date. Last ran updates a few weeks ago. Below are the current module versions I have.

Phone firmware is: 2.0.4.55

+---------------------+-------------+----------------------------------------+------------+
| Module              | Version     | Status                                 | License    |
+---------------------+-------------+----------------------------------------+------------+
| accountcodepreserve | 13.0.2.2    | Enabled                                | GPLv2      |
| amd                 | 13.0.2      | Enabled                                | GPLv3+     |
| announcement        | 13.0.7.3    | Enabled                                | GPLv3+     |
| areminder           | 14.0.4.2    | Enabled                                | Commercial |
| arimanager          | 13.0.4      | Enabled                                | GPLv3+     |
| asterisk-cli        | 14.0.1      | Enabled                                | GPLv3+     |
| asteriskinfo        | 13.0.7.1    | Enabled                                | GPLv3+     |
| backup              | 14.0.10.1   | Enabled                                | GPLv3+     |
| blacklist           | 14.0.1      | Enabled                                | GPLv3+     |
| broadcast           | 14.0.1.9    | Enabled                                | Commercial |
| builtin             |             | Enabled                                |            |
| bulkhandler         | 13.0.14.7   | Enabled                                | GPLv3+     |
| calendar            | 14.0.2.6    | Enabled                                | GPLv3+     |
| callback            | 13.0.5.2    | Enabled                                | GPLv3+     |
| callerid            | 13.0.8.13   | Enabled                                | Commercial |
| callforward         | 14.0.1.3    | Enabled                                | AGPLv3+    |
| calllimit           | 13.0.5.5    | Enabled                                | Commercial |
| callrecording       | 14.0.3      | Enabled                                | AGPLv3+    |
| callwaiting         | 14.0.1.1    | Enabled                                | GPLv3+     |
| campon              | 13.0.4.1    | Enabled                                | GPLv3+     |
| cdr                 | 14.0.5.14   | Enabled                                | GPLv3+     |
| cel                 | 14.0.2.8    | Enabled                                | GPLv3+     |
| certman             | 14.0.3.1    | Enabled                                | AGPLv3+    |
| cidlookup           | 14.0.1.7    | Enabled                                | GPLv3+     |
| conferences         | 13.0.23.12  | Enabled                                | GPLv3+     |
| conferencespro      | 14.0.2.5    | Enabled                                | Commercial |
| configedit          | 13.0.7.1    | Enabled                                | AGPLv3+    |
| contactmanager      | 14.0.4.9    | Enabled                                | GPLv3+     |
| core                | 14.0.18.36  | Enabled                                | GPLv3+     |
| cos                 | 13.0.12.2   | Enabled                                | Commercial |
| customappsreg       | 13.0.5.4    | Enabled                                | GPLv3+     |
| cxpanel             | 14.0.1      | Enabled                                | GPLv3      |
| dahdiconfig         | 14.0.1.2    | Enabled                                | GPLv3+     |
| dashboard           | 14.0.3.3    | Enabled                                | AGPLv3+    |
| daynight            | 14.0.1      | Enabled                                | GPLv3+     |
| dictate             | 13.0.5      | Enabled                                | GPLv3+     |
| digium_phones       | 13.0.7.4    | Enabled                                | GPLv2      |
| directory           | 13.0.19.5   | Enabled                                | GPLv3+     |
| disa                | 13.0.6.6    | Enabled                                | AGPLv3+    |
| donotdisturb        | 14.0.1.1    | Enabled                                | GPLv3+     |
| endpoint            | 14.0.2.145  | Enabled                                | Commercial |
| extensionroutes     | 13.0.10.7   | Enabled                                | Commercial |
| fax                 | 14.0.2.5    | Enabled                                | GPLv3+     |
| faxpro              | 14.0.3      | Enabled                                | Commercial |
| featurecodeadmin    | 13.0.6.4    | Enabled                                | GPLv3+     |
| findmefollow        | 14.0.1.20   | Enabled                                | GPLv3+     |
| firewall            | 13.0.57.1   | Enabled                                | AGPLv3+    |
| framework           | 14.0.3.18   | Enabled                                | GPLv2+     |
| fw_langpacks        | 14.0.1      | Enabled                                | GPLv3+     |
| hotelwakeup         | 14.0.1.4    | Enabled                                | GPLv2      |
| iaxsettings         | 14.0.1.4    | Enabled                                | AGPLv3     |
| infoservices        | 13.0.1.3    | Enabled                                | GPLv2+     |
| irc                 | 2.11.0.7    | Enabled                                | GPLv3+     |
| ivr                 | 14.0.3      | Enabled                                | GPLv3+     |
| languages           | 14.0.1.2    | Enabled                                | GPLv3+     |
| logfiles            | 13.0.10.5   | Enabled                                | GPLv3+     |
| manager             | 13.0.2.5    | Enabled                                | GPLv2+     |
| miscapps            | 13.0.3.1    | Enabled                                | GPLv3+     |
| miscdests           | 13.0.5      | Enabled                                | GPLv3+     |
| music               | 13.0.22.3   | Enabled                                | GPLv3+     |
| outroutemsg         | 13.0.2.1    | Enabled                                | GPLv3+     |
| paging              | 14.0.4      | Enabled                                | GPLv3+     |
| pagingpro           | 14.0.2.12   | Enabled                                | Commercial |
| parking             | 13.0.19.8   | Enabled                                | GPLv3+     |
| parkpro             | 14.0.2      | Enabled                                | Commercial |
| pbdirectory         | 2.11.0.6    | Enabled                                | GPLv3+     |
| phonebook           | 13.0.6.1    | Enabled                                | GPLv3+     |
| phpinfo             | 13.0.2      | Enabled                                | GPLv2+     |
| pinsets             | 13.0.9      | Enabled                                | GPLv3+     |
| pinsetspro          | 13.0.9.12   | Enabled                                | Commercial |
| pm2                 | 13.0.5      | Enabled                                | AGPLv3+    |
| pms                 | 14.0.2.22   | Enabled                                | Commercial |
| presencestate       | 14.0.1.7    | Enabled                                | GPLv3+     |
| printextensions     | 13.0.3.1    | Enabled                                | GPLv3+     |
| queueprio           | 13.0.2      | Enabled                                | GPLv3+     |
| queues              | 14.0.2.22   | Enabled                                | GPLv2+     |
| qxact_reports       | 14.0.6      | Enabled                                | Commercial |
| recording_report    | 14.0.1.15   | Enabled                                | Commercial |
| recordings          | 13.0.30.12  | Enabled                                | GPLv3+     |
| restapi             | 13.0.21.1   | Enabled                                | AGPLv3     |
| restapps            | 13.0.92.19  | Enabled                                | Commercial |
| ringgroups          | 14.0.1.5    | Enabled                                | GPLv3+     |
| sangomacrm          | 13.0.4.32   | Disabled; Pending upgrade to 14.0.1.10 | Commercial |
| setcid              | 13.0.6.2    | Enabled                                | GPLv3+     |
| sipsettings         | 14.0.27.5   | Enabled                                | AGPLv3+    |
| sipstation          | 14.0.1.8    | Enabled                                | Commercial |
| sms                 | 14.0.4.5    | Enabled                                | Commercial |
| soundlang           | 14.0.5      | Enabled                                | GPLv3+     |
| speeddial           | 2.11.0.4    | Enabled                                | GPLv3+     |
| superfecta          | 14.0.7      | Enabled                                | GPLv2+     |
| sysadmin            | 14.0.16     | Enabled                                | Commercial |
| timeconditions      | 14.0.2.15   | Enabled                                | GPLv3+     |
| tts                 | 13.0.10     | Enabled                                | GPLv3+     |
| ttsengines          | 13.0.7.3    | Enabled                                | AGPLv3     |
| ucp                 | 14.0.2.10   | Enabled                                | AGPLv3+    |
| userman             | 14.0.3.43   | Enabled                                | AGPLv3+    |
| vmblast             | 13.0.8      | Enabled                                | GPLv3+     |
| vmnotify            | 14.0.1.1    | Enabled                                | Commercial |
| voicemail           | 14.0.2      | Enabled                                | GPLv3+     |
| voicemail_report    | 13.0.13.3   | Enabled                                | Commercial |
| vqplus              | 14.0.1.9    | Enabled                                | Commercial |
| weakpasswords       | 13.0.2      | Enabled                                | GPLv3+     |
| webcallback         | 13.0.11.2   | Enabled                                | Commercial |
| webrtc              | 14.0.3.7    | Enabled                                | GPLv3+     |
| xmpp                | 14.0.1.15   | Enabled                                | AGPLv3     |
| zulu                | 14.0.3.31.3 | Disabled; Pending upgrade to 14.0.4.6  | Commercial |
+---------------------+-------------+----------------------------------------+------------+

Just for reference these are the modules that are in need of an update on the PBX:

Upgradable:
+---------------+---------------+----------------+
| Module        | Local Version | Online Version |
+---------------+---------------+----------------+
| callback      | 13.0.5.2      | 13.0.5.3       |
| callrecording | 14.0.3        | 14.0.4         |
| core          | 14.0.18.36    | 14.0.18.37     |
| dahdiconfig   | 14.0.1.2      | 14.0.1.3       |
| endpoint      | 14.0.2.145    | 14.0.2.153     |
| framework     | 14.0.3.18     | 14.0.3.19      |
| paging        | 14.0.4        | 14.0.5         |
| pinsets       | 13.0.9        | 13.0.10        |
| pinsetspro    | 13.0.9.12     | 13.0.9.13      |
| qxact_reports | 14.0.6        | 14.0.7         |
| sangomacrm    | 14.0.1.10     | 14.0.1.12      |
| sysadmin      | 14.0.16       | 14.0.17        |
| userman       | 14.0.3.43     | 14.0.3.44      |
| voicemail     | 14.0.2        | 14.0.3         |
| vqplus        | 14.0.1.9      | 14.0.1.11      |
| zulu          | 14.0.4.6      | 14.0.4.6       |
+---------------+---------------+----------------+

Not sure if upgrading those modules will fix this issue though.

This set of events certainly violated the Rule of Least Astonishment, to say the least.

I’d submit a ticket on this - it’s “all Sangoma/all Commercial” so if there’s something that you need to do, I’d expect them to be the ones to do it.

I second that.

But please remember to update us here with the progress of their findings.

Thanks guys I’ll get a ticket submitted and will keep you updated.

I really hope it can be sorted because the Mix of Sangoma phones, Endpoint Manager and VPNs is really good!!

Quick update.

Sangoma support team have recognised this as a bug and it is has been passed to R&D engineers.

Just FYI it’s not technically a bug. It’s a feature we punted on originally as it’s really hard one to solve for us with how the VPN was designed on the phones. When the phone has VPN enabled and you tell it to check for updates it has to reboot as things with the VPN may have changed and the only way for it to know is to reload everything.

So what you are saying is that FreePBX is dropping the VPN then when changes are made to templates via the EPM? Because that would be the only thing that makes sense when every device connected to the VPN drops, the VPN server is dropping them all.

I would say that if going into the EPM and adding a BLF button to a template and saving the change makes every phone on the VPN drop without any NOTIFYs being sent to tell the phone to reboot and pull its config. That’s a bug. Making changes in the EPM and not pushing them out right away is a pretty common thing for some people. Or making changes to be pulled once the phone is free and able to reboot itself.

If making a change in the EPM during business hours and not even pushing them causes the VPN to drop for all phones then there is a problem and it’s a bug because now this begs the question

@steve_pbuk What happens to phones that are on active calls and your changes cause the VPN to drop? Do those phones drop their calls and VPN connection as well or is it just “idle” phones this happens to?

Tom

Please stop with the sky is falling. Your post made a ton of assumptions and twisted what the OP reported and well you know what the say about that. The issue is when you make changes to template and push them to the phones, the phones have to reboot for the changes when using VPN. If your not using VPN the phones do not reboot when pushing changes to them.

Hi Tony

Thanks for your insight into this.

Just to confirm there are two parts to this.

Like you say when pushing an update using EPM to a phone on VPN it reboot regardless of how big or small the change is to the template. Although this is annoying when making changes I can work around it now I know this is a known way of it working.

The second issue is the phone that are connected via VPN will “disconnect” (not reboot) when I do something like adding a new extension in FreePBX. The disconnect happens BEFORE I even press the Apply button. This means I can’t prep the changes during the day and then apply outside of business hours.

When this happens the calls drop. Maybe this is the part that has been identified as a bug?

Steve

Your second point of the VPN drops that would not be a phone problem. If its happening it something on your PBX. I just tested and it never happens on any of my boxes. I would start with making sure you have the latest of all PBX 14 modules installed and if it still happens if you can give steps to replicate on more then 1 system open a bug report.

Generally phones have a provisioning rule and “timer”, as in how often to pull the profile to expect changes. When it does that, changes that do not require a reboot are usually accepted without a reboot. The one thing to be aware of, there are some settings (and phones) that cause a reboot regardless of the change for them to apply.

The only way to remotely trigger a phone to pull config(s) is to trigger a resync/reboot which will reboot the phone the majority of the time to accept changes.

Hi Tony

I can recreate the problem on multiple up to date systems.

I’m happy to raise an issue in the bug tracker but before I do can you double check to make sure your R&D team haven’t already created one? My ticket ID is: 840117

In summary here are the steps I use to recreate the issue:

1. SSH onto PBX and issue the following command:
   asterisk -rx 'pjsip show contacts'
   This shows my phones with the status as Available

2. I log onto the FreePBX web gui. Go to Applications > Extensions and click on Quick Create Extension and create a PJSIP extension.

3. As soon as I click Finish on the Quick Create Extension box I go back to the command line and then issue the following command again:
   asterisk -rx 'pjsip show contacts'
   This shows my phones with the status as Available but if I keep checking with the same command, after about 25-30 seconds all the phones connected via VPN then change their status to Unavail

This is happening without me pressing the Apply Config button in the web frontend.

A bug report on the phoen updating config causing reboot was opened but nothing for the VPN dropping when you create a new extension. The issue here is not related to Sangoma Phones but FreePBX and the VPN server. I have gone ahead and opened a bug report on it.

Can you reproduce this by creating an extension without the Quick Create feature?

Will confirm this tomorrow.

Thanks for opening a bug report Tony.

@lgaetz I just managed to quickly test it and I can confirm I see the same issue if I use “add extension” instead of quick add.

@tonyclewis what are the bug IDs please?

They are internal tickets so the ticket IDs won’t help you.

Any update?