I’m very impressed with VitalPBX. I have years of experience with FreePBX and FreeSwitch(FusionPBX) and it seems that VitalPBX has a completely different and much better approach.
While testing VitalPBX for a potential migration, I came across at least a couple of real concerns:
1- The QR code in VitXi includes SIP credentials and exposed SIP password! This information can be used by hackers easily. The secure alternative is to provide login credentials into an external provisioning server (hosted by providers like us). This way a mobile phone will login to our provisioning server and download SIP credentials securely in the background.
2- The bulk upload has very limited fields. That requires manually updating each and every uploaded extension; which is a tedious and time-consuming process.
3- The QR code for a PJSIP extension with TLS protocol provides the server IP with UDP port rather than TLS port. Currently a user has to manually correct the port number.
I hope VitalPBX team will make necessary updates indue time. Thank you for your great product!