Hi all, new here. FreePBX hosting questions..
-
Follwed link from SW to Jared's FreePBX Guide. Had some questions...
1.) Jared mentioned in another post using config files to manual provision the phone system. Is he hosting them on the client freepbx install or a random FTP/Server?
2.) Is the dynamic firewall safe to use or hosted PBX and remote phones? I assume if you get locked out you can always access the direct console from vultr's and disable the firewall.
3.) Is it best to still use CHAN_SIP or is PJSIP viable for hosted pbx?
4.) Has anyone used the Remote FreePBX RMS module. There is no indication of the monthly cost per install so I am reluctant to waste time setting up a demo.
Thanks!
-
@bigbear said in Hi all, new here. FreePBX hosting questions..:
Follwed link from SW to Jared's FreePBX Guide. Had some questions...
Welcome
1.) Jared mentioned in another post using config files to manual provision the phone system. Is he hosting them on the client freepbx install or a random FTP/Server?
The config files are in the /tftpboot directory of the FreePBX install. The FreePBX firewall and web settings make these available, even hosted. I still need to write up more on this section.
Personally, I have HTTP disabled and use HTTPS. It is port 1443 by default. You can also allow TFPT or FTP.
2.) Is the dynamic firewall safe to use or hosted PBX and remote phones? I assume if you get locked out you can always access the direct console from vultr's and disable the firewall.
Correct on both accounts. It is very safe, it is simply
iptablesandfail2ban. Both are extremely solid well tested solutions.The owner of our company got locked out the other day when his cable modem went out. Kept killing the connection right as the phone was trying to log back in. Caused fail2ban to block him. I simply went into the system and unblocked it.
Also you can whitelist and IP or DNS name in the responsive firewall.
3.) Is it best to still use CHAN_SIP or is PJSIP viable for hosted pbx?
PJSIP only affects the server side of the connection. It is perfectly safe to use and works perfectly for me. It is the default now with FreePBX 13 and Asterisk 13. So all of your extensions should be PJSIP. For your SIP trunks, stick with SIP.
4.) Has anyone used the Remote FreePBX RMS module. There is no indication of the monthly cost per install so I am reluctant to waste time setting up a demo.
Not used it.
-
Looking at your settings, do you just connect OTT of the firewall or do you use OpenVPN on the remote phones?
Using these settings my Yealink 48G shows registered on port 5160, but in the Asterisk Report I run under CHAN_SIP peers it shows unreachable instead of a ping status.
When I switch my Yealink to port 5060 registration fails pretty quickly.
Asterisk error logs shows a lot of this...
"[2017-03-06 19:08:20] NOTICE[16244] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"Andy" sip:[email protected]' failed for '70.60.148.110:5060' (callid: [email protected]) - Failed to authenticate"
-
Of course since the extension is setup CHAN_SIP I guess that would made sense - DERP.
Just wandering if everyone is using openvpn. On FreeBPX I didnt use it, just had to put in some settings for the LAN.
-
When it does register under CHAN_SIP I get this in the event log. Like it registers but is immediately unreachable...
"[2017-03-06 19:10:51] VERBOSE[1903] chan_sip.c: Registered SIP '8001' at 192.168.15.141:5060
[2017-03-06 19:10:55] NOTICE[1903] chan_sip.c: Peer '8001' is now UNREACHABLE! Last qualify: 0" -
@bigbear said in Hi all, new here. FreePBX hosting questions..:
When it does register under CHAN_SIP I get this in the event log. Like it registers but is immediately unreachable...
"[2017-03-06 19:10:51] VERBOSE[1903] chan_sip.c: Registered SIP '8001' at 192.168.15.141:5060
[2017-03-06 19:10:55] NOTICE[1903] chan_sip.c: Peer '8001' is now UNREACHABLE! Last qualify: 0"This is because you are dropping conneciton.
-
@bigbear said in Hi all, new here. FreePBX hosting questions..:
Of course since the extension is setup CHAN_SIP I guess that would made sense - DERP.
Just wandering if everyone is using openvpn. On FreeBPX I didnt use it, just had to put in some settings for the LAN.
I never use OpenVPN on the endpoints. I have in the past and it generally works, but it is normally nothing but a big pain in the ass.
Also, POTS is not encrypted, what is so different about SIP that you want it encrypted? POTS is trivial to tap. SIP much less so, though not hard by any stretch of the imagination.
-
Same here. We do not normally put OpenVPN on endpoints.
