Solved

FreePBX - Connect IP Phone over Internet

Posted on 2014-04-19
5
1,768 Views
Last Modified: 2014-04-21
Hi Experts,

I currently have FreePBX setup and looking to connect an IP phone over the internet via VPN, router to router.

I came across this website here  saying I should setup two FreePBX box and connect via IAX trunks instead. Is this really necessary? Wouldn't VPN be suffice?

Any advice is appreciated.

Many thanks,
Ricky
0
Comment
Question by:RiCzN
  • 2
  • 2
5 Comments
 
LVL 20

Expert Comment

by:José Méndez
Comment Utility
Hi Ricky, I am glad to see you are getting ambitious!

Hey, I once had  a VPN point to point connection between an Asterisk server and a remote Grandstream GXV3140 with builtint OpenVPN client, however a p2p connection between 2 Ast boxes should be pretty much the same.

I know squat about VPNs, however I went with 2 useful books: Beggining OpenVPN 2.0.9, and OpenVPN 2 Cookbook.

If you are not able to get your hands on them, you may want to try signing up for a 15 day trial in safaribooksonline.com, and youll find them for sure.

Now, I am attaching what I documented at the time to be the steps I went through to understand OpenVPN. I can say that a G.711 calls worked like a charm.

Finally, you probably don't want to stay only with the security that OpenVPN provides, and rather secure Asterisk as well to use TLS for sRTP and secure SIP.

Hope that helps a bit.
OpenVPN.pdf
0
 

Author Comment

by:RiCzN
Comment Utility
Hi willlywilburwonka, thanks for your input. I don't think I need openVPN in this case as the routers are already providing the vpn tunnel. But I'm sure your setup will come in handy very soon.

What I'm not sure is whether the VPN tunnel is secure enough for an IP phone to connect over the internet. So what you're saying is TLS for sRTP and secure SIP are also required in order to provide sufficient security?
0
 
LVL 20

Assisted Solution

by:José Méndez
José Méndez earned 250 total points
Comment Utility
As far as securing the communications, yes, sRTP and TLS For SIP. We are not even discussing hardening the Asterisk servers themselves, which is a huge topic of its own =)
0
 
LVL 15

Accepted Solution

by:
Phonebuff earned 250 total points
Comment Utility
Ricky,

   If you "VPN tunnel" is a good implementation,  does key pair exchanges and encrypts everything over the link that's as good as it can possibly be.  

   The reason for the dual boxes is usually that IAX2 is easier on the network connection than SIP, and more importantly if you have a half dozen phones in each location and they call between themselves you keep the traffic off the VPN.   Also by providing a trunk or two at either end you simplify the issue of "emergency 911" calls.

    ==============
0
 

Author Comment

by:RiCzN
Comment Utility
Hi Phonebuff, that was the reassurance I was after. Thanks very much!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Almost all Internet protocol telephones have built-in switches at the back that allow you to connect your personal computer to one port and use the other port to connect your phone to to a Cisco switch.   Why we need to connect the PC to the pho…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now