Solved

FreePBX - Connect IP Phone over Internet

Posted on 2014-04-19
5
1,840 Views
Last Modified: 2014-04-21
Hi Experts,

I currently have FreePBX setup and looking to connect an IP phone over the internet via VPN, router to router.

I came across this website here  saying I should setup two FreePBX box and connect via IAX trunks instead. Is this really necessary? Wouldn't VPN be suffice?

Any advice is appreciated.

Many thanks,
Ricky
0
Comment
Question by:RiCzN
  • 2
  • 2
5 Comments
 
LVL 20

Expert Comment

by:José Méndez
ID: 40010501
Hi Ricky, I am glad to see you are getting ambitious!

Hey, I once had  a VPN point to point connection between an Asterisk server and a remote Grandstream GXV3140 with builtint OpenVPN client, however a p2p connection between 2 Ast boxes should be pretty much the same.

I know squat about VPNs, however I went with 2 useful books: Beggining OpenVPN 2.0.9, and OpenVPN 2 Cookbook.

If you are not able to get your hands on them, you may want to try signing up for a 15 day trial in safaribooksonline.com, and youll find them for sure.

Now, I am attaching what I documented at the time to be the steps I went through to understand OpenVPN. I can say that a G.711 calls worked like a charm.

Finally, you probably don't want to stay only with the security that OpenVPN provides, and rather secure Asterisk as well to use TLS for sRTP and secure SIP.

Hope that helps a bit.
OpenVPN.pdf
0
 

Author Comment

by:RiCzN
ID: 40010864
Hi willlywilburwonka, thanks for your input. I don't think I need openVPN in this case as the routers are already providing the vpn tunnel. But I'm sure your setup will come in handy very soon.

What I'm not sure is whether the VPN tunnel is secure enough for an IP phone to connect over the internet. So what you're saying is TLS for sRTP and secure SIP are also required in order to provide sufficient security?
0
 
LVL 20

Assisted Solution

by:José Méndez
José Méndez earned 250 total points
ID: 40011004
As far as securing the communications, yes, sRTP and TLS For SIP. We are not even discussing hardening the Asterisk servers themselves, which is a huge topic of its own =)
0
 
LVL 15

Accepted Solution

by:
Phonebuff earned 250 total points
ID: 40013056
Ricky,

   If you "VPN tunnel" is a good implementation,  does key pair exchanges and encrypts everything over the link that's as good as it can possibly be.  

   The reason for the dual boxes is usually that IAX2 is easier on the network connection than SIP, and more importantly if you have a half dozen phones in each location and they call between themselves you keep the traffic off the VPN.   Also by providing a trunk or two at either end you simplify the issue of "emergency 911" calls.

    ==============
0
 

Author Comment

by:RiCzN
ID: 40013682
Hi Phonebuff, that was the reassurance I was after. Thanks very much!
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question