Correct Settings For Hosted FreePBX 13
-
@bigbear here is the index to my guide if that helps.
https://mangolassi.it/topic/11805/freepbx-13-setup-guide -
this is completely wrong. You never want anything trusted except maybe one IP for access. Putting something in trusted defeats the purpose of the firewall.
That second line, you trusted the entire /24 that your office is on (the 70.60.148.0/24)? That is crazy, do you own the entire /24?
Why would you put in the unroutable class subnets as trusted when this is a hosted solution and everything will be connecting over the WAN IP and showing their public IP?
Then you put in your entire IPv6 subnets?
-
@JaredBusch said in Correct Settings For Hosted FreePBX 13:
@bigbear here is the index to my guide if that helps.
https://mangolassi.it/topic/11805/freepbx-13-setup-guide
Im gonna check DHCP but we dont use it typically. Will report back. However its fresh user accounts that arent duplicated from the old install.
-
@JaredBusch said in Correct Settings For Hosted FreePBX 13:
this is completely wrong. You never want anything trusted except maybe one IP for access. Putting something in trusted defeats the purpose of the firewall.
That second line, you trusted the entire /24 that your office is on (the 70.60.148.0/24)? That is crazy, do you own the entire /24?
Why would you put in the unroutable class subnets as trusted when this is a hosted solution and everything will be connecting over the WAN IP and showing their public IP?
Then you put in your entire IPv6 subnets?
LOL - I didnt enter any of those, but none of it looks right to me. I am just trying to do things the "freepbx responsive firewall way". However none of these would be blocking me so I thought I would circle back to it later.
-
extensions use PJSIP by default in FreePBX 13
so in the asterisk command line (
asterisk -rvvvvvv)use
pjsip show endpointscore show help pjsipwill list all the commands. -
@JaredBusch said in Correct Settings For Hosted FreePBX 13:
@bigbear said in Correct Settings For Hosted FreePBX 13:
@JaredBusch said in Correct Settings For Hosted FreePBX 13:
@bigbear said in Correct Settings For Hosted FreePBX 13:
I have configured everything as best as I can figure based on what I think the developers are intending to manipulate ipchains. My remote yealink thinks its registered, but it shows offline in reports - asterisk info - peers.
Start here
https://mangolassi.it/topic/12322/configure-the-freepbx-smart-firewallSince this is not a new install, goto this screen and click the button to rerun the wizard.
Actually this is a new install, but I will definitely re-run the wizard. Hooking up another phone now as I disabled the firewall and realized the phone still doesnt show up under peers, although it says its registered and my line buttons are green...
$5 says your local DHCP server is sending TFTP info and you are registering to your current system.
No special DHCP options or TFTP boot servers, actually the Linksys router is serving up DHCP now. A change someone else here must have made.
The yealink thinks its registered to the freepbx install I just spun up. Also why cant I login to admin GUI from anywhere but my office? I think I see why, but the freepbx instructions say "surely you want to trust the responsive firewall" and not to touch those options.
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
@JaredBusch said in Correct Settings For Hosted FreePBX 13:
@bigbear said in Correct Settings For Hosted FreePBX 13:
@JaredBusch said in Correct Settings For Hosted FreePBX 13:
@bigbear said in Correct Settings For Hosted FreePBX 13:
I have configured everything as best as I can figure based on what I think the developers are intending to manipulate ipchains. My remote yealink thinks its registered, but it shows offline in reports - asterisk info - peers.
Start here
https://mangolassi.it/topic/12322/configure-the-freepbx-smart-firewallSince this is not a new install, goto this screen and click the button to rerun the wizard.
Actually this is a new install, but I will definitely re-run the wizard. Hooking up another phone now as I disabled the firewall and realized the phone still doesnt show up under peers, although it says its registered and my line buttons are green...
$5 says your local DHCP server is sending TFTP info and you are registering to your current system.
No special DHCP options or TFTP boot servers, actually the Linksys router is serving up DHCP now. A change someone else here must have made.
The yealink thinks its registered to the freepbx install I just spun up. Also why cant I login to admin GUI from anywhere but my office? I think I see why, but the freepbx instructions say "surely you want to trust the responsive firewall" and not to touch those options.
You can log in from anywhere if you setup the firewall to allow it. By default it does not over HTTP.
Use HTTPS and it should work from anywhere.
-
@JaredBusch said in Correct Settings For Hosted FreePBX 13:
extensions use PJSIP by default in FreePBX 13
so in the asterisk command line (
asterisk -rvvvvvv)use
pjsip show endpointscore show help pjsipwill list all the commands.I am using freepbx 12 chan_sip for 30+ phones here on freepbx 12 hosted by cyberlynk.
My test freepbx 13 I am registering with pjsip.
BUT, both installs are using port 5060 (12 for chan_sip, 13 for pjsip).
Not sure how NAT coning works on the linksys, maybe an issue?
-
These are not default settings.. just blow it up and follow my guide.
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
@JaredBusch said in Correct Settings For Hosted FreePBX 13:
extensions use PJSIP by default in FreePBX 13
so in the asterisk command line (
asterisk -rvvvvvv)use
pjsip show endpointscore show help pjsipwill list all the commands.I am using freepbx 12 chan_sip for 30+ phones here on freepbx 12 hosted by cyberlynk.
My test freepbx 13 I am registering with pjsip.
BUT, both installs are using port 5060 (12 for chan_sip, 13 for pjsip).
Not sure how NAT coning works on the linksys, maybe an issue?
Okay and actually now I hooked up another Yealink and it registered up just fine.
On the first extension I had started as chan_sip and moved to pjsip -- maybe that was the whole issue.
Re-enabling firewall. Will see how it works. Hope you add a firewall guide to your guide...
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
Not sure how NAT coning works on the linksys, maybe an issue?
Poorly. Is your current system in house or external also?
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
@bigbear said in Correct Settings For Hosted FreePBX 13:
@JaredBusch said in Correct Settings For Hosted FreePBX 13:
extensions use PJSIP by default in FreePBX 13
so in the asterisk command line (
asterisk -rvvvvvv)use
pjsip show endpointscore show help pjsipwill list all the commands.I am using freepbx 12 chan_sip for 30+ phones here on freepbx 12 hosted by cyberlynk.
My test freepbx 13 I am registering with pjsip.
BUT, both installs are using port 5060 (12 for chan_sip, 13 for pjsip).
Not sure how NAT coning works on the linksys, maybe an issue?
Okay and actually now I hooked up another Yealink and it registered up just fine.
On the first extension I had started as chan_sip and moved to pjsip -- maybe that was the whole issue.
Re-enabling firewall. Will see how it works. Hope you add a firewall guide to your guide...
I linked to the firewall page already. You need more details?
-
@JaredBusch said in Correct Settings For Hosted FreePBX 13:
@bigbear said in Correct Settings For Hosted FreePBX 13:
@bigbear said in Correct Settings For Hosted FreePBX 13:
@JaredBusch said in Correct Settings For Hosted FreePBX 13:
extensions use PJSIP by default in FreePBX 13
so in the asterisk command line (
asterisk -rvvvvvv)use
pjsip show endpointscore show help pjsipwill list all the commands.I am using freepbx 12 chan_sip for 30+ phones here on freepbx 12 hosted by cyberlynk.
My test freepbx 13 I am registering with pjsip.
BUT, both installs are using port 5060 (12 for chan_sip, 13 for pjsip).
Not sure how NAT coning works on the linksys, maybe an issue?
Okay and actually now I hooked up another Yealink and it registered up just fine.
On the first extension I had started as chan_sip and moved to pjsip -- maybe that was the whole issue.
Re-enabling firewall. Will see how it works. Hope you add a firewall guide to your guide...
I linked to the firewall page already. You need more details?
That was the guide I followed while doing this. I will just start over though. I am a hardcore pfsense guy so using this auto-firewall business goes against everything in me!
We use the crappy linksys here because many of our customers have the crappy linksys setup. We are a wireless ISP and transitioning to do more voice. Kind of a long story.
Anyway I have a smart ass developer two doors down who has been giving me crap for two days about not being able to get this up, and who wants to continue with our freeswitch setup we've developed in house. I think its turned into bloatware and I am planning to exit all our customers from that to freepbx hosted, possibly now on vultr.
Ive never been a freepbx person until it was mentioned to me a year ago or so by Scott on SW. And just in the last month I decided I need to learn it inside and out so I can make the transition.
Really appreciate your help. Will let you know the net of following the firewall wizard. I am guess switching from chan_sip to pjsip using the GUI for my first test extension needed some addition changes.
-
I gotta say also, the freepbx gui lead me to believe all the resources provided were maxed on my other hosted freepbx instances. I can't believe you can get by with so little.
Also, is it expected that you should hard code all your wan IP's in where you want to access the admin GUI with the responsive firewall?
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
I gotta say also, the freepbx gui lead me to believe all the resources provided were maxed on my other hosted freepbx instances. I can't believe you can get by with so little.
Standard misreading of Linux RAM data. Use the free command on the CLI and you'll normally see that the RAM is essentially unused. A lightly used FreePBX system could be around 180MB while making calls.
-
@scottalanmiller said in Correct Settings For Hosted FreePBX 13:
@bigbear said in Correct Settings For Hosted FreePBX 13:
I gotta say also, the freepbx gui lead me to believe all the resources provided were maxed on my other hosted freepbx instances. I can't believe you can get by with so little.
Standard misreading of Linux RAM data. Use the free command on the CLI and you'll normally see that the RAM is essentially unused. A lightly used FreePBX system could be around 180MB while making calls.
Just crazy what's possible. I'll be the last guy laughing around this office!
We have incredible low voice network overhead for local origination because we have our own interconnects and later 5 switches in Cinci Bell closets. Part of that was because of the dslams we had around town prior to going wifi. We average .0025 on voice costs. The platform overhead has always destroyed our profits. Seems almost too good to be true.
-
Is it expected that you convert a chan_sip extension in the GUI by clicking to change to pjsip driver? Or would I have to re-provision the phones?
What would be really helpful in the guide is to see how you manually place the config files to provisions phones and if there are any relative firewall changes that need to be made...
-
You can tune the systems down pretty low. And if you are willing to shut off services when not doing configuration, you can get down insanely low.
-
@scottalanmiller without turning off anything what's he lowest vultr you'd use?
-
@bigbear said in Correct Settings For Hosted FreePBX 13:
@scottalanmiller without turning off anything what's he lowest vultr you'd use?
Not sure, we always tune our systems
