Solved

FreePBX - Connect IP Phone over Internet

Posted on 2014-04-19
5
1,875 Views
Last Modified: 2014-04-21
Hi Experts,

I currently have FreePBX setup and looking to connect an IP phone over the internet via VPN, router to router.

I came across this website here  saying I should setup two FreePBX box and connect via IAX trunks instead. Is this really necessary? Wouldn't VPN be suffice?

Any advice is appreciated.

Many thanks,
Ricky
0
Comment
Question by:RiCzN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 20

Expert Comment

by:José Méndez
ID: 40010501
Hi Ricky, I am glad to see you are getting ambitious!

Hey, I once had  a VPN point to point connection between an Asterisk server and a remote Grandstream GXV3140 with builtint OpenVPN client, however a p2p connection between 2 Ast boxes should be pretty much the same.

I know squat about VPNs, however I went with 2 useful books: Beggining OpenVPN 2.0.9, and OpenVPN 2 Cookbook.

If you are not able to get your hands on them, you may want to try signing up for a 15 day trial in safaribooksonline.com, and youll find them for sure.

Now, I am attaching what I documented at the time to be the steps I went through to understand OpenVPN. I can say that a G.711 calls worked like a charm.

Finally, you probably don't want to stay only with the security that OpenVPN provides, and rather secure Asterisk as well to use TLS for sRTP and secure SIP.

Hope that helps a bit.
OpenVPN.pdf
0
 

Author Comment

by:RiCzN
ID: 40010864
Hi willlywilburwonka, thanks for your input. I don't think I need openVPN in this case as the routers are already providing the vpn tunnel. But I'm sure your setup will come in handy very soon.

What I'm not sure is whether the VPN tunnel is secure enough for an IP phone to connect over the internet. So what you're saying is TLS for sRTP and secure SIP are also required in order to provide sufficient security?
0
 
LVL 20

Assisted Solution

by:José Méndez
José Méndez earned 250 total points
ID: 40011004
As far as securing the communications, yes, sRTP and TLS For SIP. We are not even discussing hardening the Asterisk servers themselves, which is a huge topic of its own =)
0
 
LVL 15

Accepted Solution

by:
Phonebuff earned 250 total points
ID: 40013056
Ricky,

   If you "VPN tunnel" is a good implementation,  does key pair exchanges and encrypts everything over the link that's as good as it can possibly be.  

   The reason for the dual boxes is usually that IAX2 is easier on the network connection than SIP, and more importantly if you have a half dozen phones in each location and they call between themselves you keep the traffic off the VPN.   Also by providing a trunk or two at either end you simplify the issue of "emergency 911" calls.

    ==============
0
 

Author Comment

by:RiCzN
ID: 40013682
Hi Phonebuff, that was the reassurance I was after. Thanks very much!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question