FreePBX - Connect IP Phone over Internet

Hi Experts,

I currently have FreePBX setup and looking to connect an IP phone over the internet via VPN, router to router.

I came across this website here  saying I should setup two FreePBX box and connect via IAX trunks instead. Is this really necessary? Wouldn't VPN be suffice?

Any advice is appreciated.

Many thanks,
Ricky
Ronniel Allan CastanitoIT ManagerAsked:
Who is Participating?
 
PhonebuffConnect With a Mentor Commented:
Ricky,

   If you "VPN tunnel" is a good implementation,  does key pair exchanges and encrypts everything over the link that's as good as it can possibly be.  

   The reason for the dual boxes is usually that IAX2 is easier on the network connection than SIP, and more importantly if you have a half dozen phones in each location and they call between themselves you keep the traffic off the VPN.   Also by providing a trunk or two at either end you simplify the issue of "emergency 911" calls.

    ==============
0
 
José MéndezCommented:
Hi Ricky, I am glad to see you are getting ambitious!

Hey, I once had  a VPN point to point connection between an Asterisk server and a remote Grandstream GXV3140 with builtint OpenVPN client, however a p2p connection between 2 Ast boxes should be pretty much the same.

I know squat about VPNs, however I went with 2 useful books: Beggining OpenVPN 2.0.9, and OpenVPN 2 Cookbook.

If you are not able to get your hands on them, you may want to try signing up for a 15 day trial in safaribooksonline.com, and youll find them for sure.

Now, I am attaching what I documented at the time to be the steps I went through to understand OpenVPN. I can say that a G.711 calls worked like a charm.

Finally, you probably don't want to stay only with the security that OpenVPN provides, and rather secure Asterisk as well to use TLS for sRTP and secure SIP.

Hope that helps a bit.
OpenVPN.pdf
0
 
Ronniel Allan CastanitoIT ManagerAuthor Commented:
Hi willlywilburwonka, thanks for your input. I don't think I need openVPN in this case as the routers are already providing the vpn tunnel. But I'm sure your setup will come in handy very soon.

What I'm not sure is whether the VPN tunnel is secure enough for an IP phone to connect over the internet. So what you're saying is TLS for sRTP and secure SIP are also required in order to provide sufficient security?
0
 
José MéndezConnect With a Mentor Commented:
As far as securing the communications, yes, sRTP and TLS For SIP. We are not even discussing hardening the Asterisk servers themselves, which is a huge topic of its own =)
0
 
Ronniel Allan CastanitoIT ManagerAuthor Commented:
Hi Phonebuff, that was the reassurance I was after. Thanks very much!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.