A number of months back there was a webinar for Bria stretto and freepbx. One of the questions asked was how to securely connect the remote bria stretto extensions to the asterisk pbx. The suggestion was to use an SBC. They also suggested this on the counterpath website. Now, I cannot find that suggestion any longer, no can I find the webinar, so I’m guessing that this isn’t actually a viable option (I saw an old post from dicko that suggested that there wasn’t a viable open source solution at that time).
I’ve done my due diligence and I’ve tested many remote extension solutions, most of them requiring user interaction–either dialing first into the pbx, having a dyndns or knockd software on the pc or smart phone, or of course a vpn that requires the end user to figure out how to use the vpn or always ensure that he or she is logged into the vpn. The best solutions I’ve come across has iptables check information in the registry string (http://pbxinaflash.com/community/index.php?threads/howto-secure-your-voip-system-while-still-allowing-external-access.8685/ and Open 5060 UDP to FreePBX - how to make secure?), but after testing those solutions extensively, I’ve found that the registration is actually hit or miss, sometimes taking more than one attempt or lagging for longer than is acceptable (to the point of seeming that it times out).
That said, I’ll actually get to my question. Has there been any headway in using SBCs in this way with asterisk? I’ve tested opensbc (http://pbxinaflash.com/community/index.php?threads/opensbc-a-silver-bullet-for-nat-issues.6567/) and I’ve tested kamailio (http://www.opentelecoms.org/use-a-sip-proxy-instead-of-asterisk), but I’ve found that I cannot use features such as star codes with my extension (for example logging in an agent to a queue using the star code or *97). or fop2.
In a reverse of this scenario, for a cloud based pbx solution, I’ve used edgewater routers to connect by establishing a trunk to the pbx, then extensions register to the edgemarc router. But the extensions’ registrations are forwarded to the pbx using a transparent sip proxy mode. Is there any thing like this, but the reverse? Or would that simply be the same as forwarding 5060 to the pbx wide open? …any takers on this one?