Basic question for remote phones

We are a very small company with a few users. I have been using FreePBX for years. Thank you to all devs for such a nice software.

But, I still couldn’t figure out something. I have FreePBX server running on LAN. As there are many warnings against opening FreePBX directly to the internet, I opened it only to my SIP trunk provider using rules on my firewall. I allow SIP trunk using its IP.

We have also one remote phone and two softphones. How do you guys register these remote phones if the server in on LAN. For years, I tried to use OpenVPN, wireguard etc to register to the server. But, unfortunately connections using VPN are not much stable. I also bougth Admin module for FreePBX and tried to use its OpenVPN. But, still, couldn’t register from a remote Yealink phone. Probably it is a Yealink issue. Hence, I cannot use any remote phone. By the way, we have static public IP on LAN.

What is your solution for remote phones?

As secrets are quite long and complicated, is there really a problem opening FreePBX server to the internet?

Thank you.

VPNs are the most secure in my opinion.

That being said it’s not magic. The more you expose the more attack vectors someone has. The reoccurring advice is

Thank you very much for such a structured reply. I will follow your advice religiously. Already implemented some of them.

By the way, how can I block international and “pay” numbers? Is there a pattern/list for pay numbers?

In the outbound route dial patterns, don’t include 800, 888, 877, etc. numbers. For international, just accept “local” phone numbers with 11 or 10 digits, just do not create a pattern that may accept country code+area code+number.

Outbound Routes Module - PBX GUI - Documentation (freepbx.org)